Some people think email obfuscation is a good way to fight spam, that it's somehow more difficult for spammers to understand "account at domain dot com" or "account&64;domain.com" than "account@domain.com". These people are wrong. They will often readily admit that they don’t think email obfuscation will stop all spam, but it still makes them feel like they’re doing something in the war on drugs terrorism spam. Here's what they're doing: in addition to making email more difficult for legitimate uses, they're actually making it easier for spammers.

Google returns 27 million results for "* at * dot com". That's 27 million email addresses waiting to be spammed. Google doesn’t allow you to search for the "@" sign, so that’s 27 million email addresses that wouldn’t be available on Google if they were not obfuscated. Email obfuscation not only doesn’t hurt spammers — it actually helps them. Where it doesn’t make it easier, it acts as a placebo, making people feel more comfortable and complacent living in a world of spam. Like everything else, if you don’t want your email address publicly-available, don’t put it on the public web. But if we want to be able to publish email addresses on the web, we can’t continue this half-hearted war on spam, hiding under our beds of obfuscation and hoping they won’t find us.

 

I have an idea for a service that I think would be neat, but I don't have the resources to make it. So I submit this into the ether for someone else to make. The idea is anonymous ad-hoc email groups, sort of like wikis for email groups.

It would be sort of like mailinator, where email addresses are created on the fly. Only instead of those emails just sitting on the server, they would go out to anyone subscribed to the group, which could be done as simply as sending an email to the group's address or typing the name of the group into a simple text box.

Such a service could be used to facilitate ad-hoc discussion groups around any topic. In this post, for example, I could encourage readers to send an email to anonymous.public.ad-hoc.email.groups@wiki4email.com (available) if they'd like to talk about this idea. If they already had an account under the email address they sent from, they would be automatically added to that group. If not, they'd get a response with a password they could use to login to a website, where they could type any number of email addresses into a list and subscribe to any group they wanted.

I'm currently working on dynamic email addresses at work (e.g. department or location-based email groups that auto-update based on our employee database), so that's what got me thinking about it. I only have a few vague ideas for use cases, but that's part of why I like the idea so much. It's such an open-ended platform that it would encourage others to experiment and find innovative new ways to use ad-hoc email groups.

Like any communications system, the big worry would be spam. But I think a simple registration process and no one really knowing how many people are subscribed nor what the groups even are, would cut that down significantly. The service would require a custom-built email server, though, and one that could process a lot of email very quickly. So I think one of the bigwig web players should do it. Or at least quickly buy up someone else who does it. In any case, I'd like to play with it, so I hope someone will make it.

 

I just sent the following to an email list that has recently been discussing various anti-spam technologies:

Spam is fundamentally a social problem, not a technological problem. No amount of clever technology can end spam as long as there are still significant numbers of people out there who indicate through their purchases that they want to receive spam. The BBC reports: According to a survey conducted by security firm Mirapoint and market research company the Radicati Group, nearly a third of e-mail users have clicked on links in spam messages.

Imagine it costs $100 to send a million spam messages (though it doesn't cost nearly that much), and each message is selling a product with a $20 markup. Only six of those million messages need to get through to a willing consumer to keep spam profitable. And those six people will never be using Bayesian filters or whatever other nifty tools we can come up with, because they don't even recognize a problem with spam. And those six people will also never self-identify, because they are embarrassed about their purchases.

So spammers can only reach them through mass emailing, and the rest of us suffer the consequences. I don't know of any current anti-spam technology that does anything to deal with those six people.

I'd like to see more economists and sociologists look at changing the factors that make spam the most desirable way to purchase certain products. Why do people buy propecia via spam rather than at their local pharmacy, and what could be done to change that? I think that's a more useful question to answer than how to quickly recognize "v14gr4" as a variant of "viagra."