I was quoted in yesterday’s The Times Argus editorial article titled Spam is no longer staying in the can by Rachel Feldman. The Times Argus is a small Vermont daily newspaper covering the Barre and Montpelier (the state capital) area.

Unfortunately, the quotes of mine are not ones I’d necessarily have picked from our conversation — I’m sure that’s how everyone feels — and the article itself isn’t very good. Sorry Rachel, I just have to provide a little constructive criticism.

I have to commend her for seeking out Vermont businesses who deal with an excessive amount of spam and getting some good numbers from them, but there was quite a bit that was left out or should have been clarified more. The pieces just weren’t put together quite well enough to satisfy me (I probably read too much Gruber, but it’s now a bar I expect others to reach).

The title of her piece, “Spam is no longer staying in the can”, was supposed to be punny stab at the CAN-SPAM Act which has been very ineffectual, however, the closest she comes to mentioning it is in her comment, “Spam is illegal in England, but not illegal in the U.S., though Congress has made half-hearted attempts to rein it in. “

She brings up the Spam Haus blacklisting services — which saves me from approximately 1/3 of the spam coming into Small Dog Electronics’ mail server¹ — but does not mention the recent court-order againt Spam Haus and how that’s actually a blow against spam prevention (fortunately Spam Haus doesn’t have to comply as their outside the jurisdiction of the U.S. courts).

She also discusses bot-nets, the exploits (viruses, worms, trojans, etc.) that turn people’s PC’s into zombies, and some of the tactics the spammers are using against us, but concludes (and quoting me):

Though avoiding it is difficult, there are a few ways that one can sidestep the spam tsunami. First off, “read the privacy policies for any online publication or product you sign up for,” says Aldridge. “Anyone who shares their mailing lists means that you’ll be getting spam.” Also, try to avoid publishing names and e-mail addresses on the Internet. “If you have to,” Aldridge says, “then you’re out of luck; botnets scan the Internet and just harvest all the published e-mail addresses that they find.”

While I feel that what I stated are basic things that people should consider for other reasons than just reducing spam (i.e. security, preventing identity theft, etc.), they in no-way help one “sidestep the spam tsunami.” They may help you get to slightly higher ground — to continue with the tsunami metaphor — but you’re still going to be pretty wet when the wave hits. Currently, without some powerful legal action that can be used against the biggest known spammers, there’s little we can do against it. Our current spam filtering technology can only get us so far.

There’s lots of content about preventing spam out there and lots of controversy to go with it. I’m not about to go over it here, but I do wish that her article had been a little more informative than just filled with numbers, quotes, and poorly presented advice. It is just a small Vermont newspaper and we tend to be a little behind the times up here — and maybe a bit too used to suffering through such things as spam and Winter — but spam is something that should truly be understood so that people can push their representatives in State and Federal government to really help put a stop to it. Spam is costing everybody a lot of time, effort, and in the long run, money. Unfortunately, the big spammers are making bank off all of us.

Update: I missed eWeek’s recent article detailing one of the biggest and most sophisticated bot-nets currently being used, titled ‘Pump-and-Dump’ Spam Surge Linked to Russian Bot Herders (via Slashdot). An excellent read. Well written, and quite informative to a fairly wide audience (although still on the more technical side)… if only Rachel’s article had been more like this.

¹ A number which would be much higher if we were in an industry that could handle the delay inherent in graylisting and so actually used greylisting in conjunction with Spam Haus’s RBL (Real-time Black List) and XBL (eXploit Black List).