THE NEW SUCKERS
Graham never claimed that he or anyone else could filter spam perfectly, only that the filters would work well enough to make spamming into an unprofitable business. The various flavors of Bayesian filtering did, in fact, massively curtail the delivery of spam to the world’s inboxes. ISPs have the first layers of filters between the individual mailbox and the rest of the network, and by end of 2006, they saw spam become an estimated 85 percent of all mail traffic on the far side of their filters—a number that holds steady, give or take a few percentage points, to this day. Most people see only a minuscule portion of this total amount. A vast wave is crashing continuously against the filters, with some occasional spillover. This was exactly the plan that Graham outlined. The response rate for spam was always dismal: spammer Davis Hawke reported a decent return at two-tenths of 1 percent in the period prior to the widespread use of Bayesian filters, and those filters hugely cut down on the amount delivered. It worked, then, on its technical terms and only on those terms. Therein lay spam’s vector. The social choices embedded in and enabled by the technology became the points of failure. In retrospect, these critical points were four: two on the side of users and two on the side of spammers.
FILTERS WERE UNEVENLY DEPLOYED AND TRAINED
Some ISPs, organizations, and users will do it better than others; some possess a more distinctive vocabulary; and some are more diligent in man- aging the training of the system. There will be varying estimations of the cost and acceptable chance of false positives. Many users may never be aware of the need to “classify-as-spam” when sorting their incoming mail. Rates will vary, programs will become obsolete, and there will be holes, however small.
THE QUESTION OF THE “15 IDIOTS”
Graham, in the months following “A Plan for Spam,” considered the pos- sibility that the people most susceptible to spam—the people that make it profitable—will overlap with those least likely to install filters or feel comfortable using them. Arguing that spam makes money from the “15 stupidest or most perverted” people in a million, Graham continues: “The great danger is that whatever filter is most widely deployed in the idiot market will require too much effort by the user. . . . [T]he 15 idiots are probably also the 15 users who won't bother.” His solution, such as it is, is an assumption in the “Plan for Spam FAQ”: “I suspect that people stupid enough to respond to spam will often get email through one of the free services like Yahoo Mail or Hotmail, or through big providers like AOL or Earthlink. Once word spreads that it is possible to filter out most spam, they’ll be forced to offer effective filters.”
CHANGE IN THE ECONOMICS OF SPAM PRODUCTION AND DISTRIBUTION “Spammers,” Graham averred, “already operate at capacity.” In fact, as the filters went online, the production of the spam they were trying to stop was changing. The end of the legitimated spammers in a double bind of filtering and changes to the law was one rumble in spam’s tectonic shift toward an almost wholly criminal domain. Abandoning any pretense of legitimacy freed up a great deal of technical ingenuity. The development of systems like botnets, the use of ISPs in foreign jurisdictions (in some cases owned outright by gangsters), and the increasing sophistication of the programming of spam software at once boosted the capacity of spam distribution while lowering operating costs.
LIBERATION OF SPAM INTO PURE EXPERIMENT—AND PURE FRAUD
In changing its business model, the criminalization of spam also changed its arsenal of tools and words. It no longer needed even the pretense of selling products in a way that would appear legally reputable. Strategies such as phishing and identity theft, advance-fee fraud, and virus and malware distribution meant that the profit margin was pushed back up as the cost of distribution dropped, and spam started to sound, linguistically, like many things—some of them never heard before. Free to abandon any trappings of genre, it could seek any textual shape that got past the filters, using Shakespeare the way a bacterium consumes and employs foreign DNA, making spam into a different and a weirder beast than the one Bayesian filters had been designed to stop.
These problems are related. When Graham described the “15 idiots” as “stupid” or “perverted,” he was writing, with hacker hauteur, about people responding to messages that seemed to require enormous gullibility or a great fondness for porn. But the move into full-on criminality increased the pool of potential suckers. Many people who would never respond to an ad for a multilevel marketing scheme would respond to a notice pur- porting to be from their bank or PayPal account. Spam could now more aggressively target the old, the confused, people using the Internet in a second language, and new users in general, putting the sting on the naïfs that naïve Bayes was supposed to protect. You no longer needed to be an idiot to be one of the fifteen idiots, and this meant that each new sucker could be worth a lot more than the old. This money in turn attracted more sophisticated and skilled talent to spam, both on the business and the programming sides—the kind of people who could build more complex litspam engines and spam distribution programs. Graham, and those who preceded and followed him in the search for a probabilistic filter, were building a brilliant hack to solve a complex and embedded problem whose elements were simultaneously technical and social at every step. The social element transformed in response to their technical intervention and altered the technical in turn.
This is only the merest introduction to the army of chattering, crude language machines (“It was so easy to imitate these people,” as Kafka’s ape says: “I could already spit on the first day”) produced by spammers. To take the measure and extent of their population, we have to turn to the world of spam blogs geared to influence search engines—built to beat a whole different order of filters, the avant-garde in the art of misdirection.