Confessions of a Spammer


By Samuel Greengard

For the last few weeks, my email inbox has been flooded with a seemingly endless stream of "Returned Mail" messages. In some cases, hundreds arrive each day. The onslaught has been only occasionally interrupted by legitimate business emails.

Apparently, spammers have been spoofing my email address and using it to send out massive amounts of junk mail. The situation was made even worse by the fact that I was on vacation in Portugal and Spain when this started, and all the spam counted against my international data plan limits.

We're talking about a big fat hassle. Worse, on today's robotized Internet, you can bet that anti-spam filters were automatically and diligently monitoring the situation and adding my email address to blacklists. I've had my email address forged in the past. However, the magnitude of the problem has never approached the current situation.

If a couple of hundred messages bounce back from invalid addresses, then you can only wonder how many thousands—or tens of thousands—are getting through. As a precaution against a hack, I changed the password on the account. But it didn't do any good because that wasn't the problem. The bounce-backs continue unabated.

So … I guess I'm officially a spammer now. I'm pitching red-hot lonely foreign women, free airline tickets and sexual performance enhancement drugs, and I’m offering huge sums of money to people to help me with banking problems in developing nations. Whatever you need or want, I'm your man.

All this raises a basic question: Why is there no widespread security or authentication for email? These days, SMTP is about as antiquated as fountain pens and cotton gins. Further complicating things, few ISPs authenticate email or block outgoing spam—despite the fact that fairly effective DNS database registration techniques exist. Forging another person's email address is ridiculously easy.

Even more amazing is the fact that most people couldn't give a hoot about this situation. Nor do they care about the lack of security surrounding credit cards and a spate of electronic systems. It seems that we're more focused on building new devices and systems and adding shiny new features than making anything work correctly … or keeping anything truly secure.

Spam I am.