So, what's the deal with spam?
It's getting pretty sophisticated and exasperating for many, many people (anybody who uses email which is close to 1 billion people).
I know from my own experience, that email spam seems to focus on a few techniques:
- Social engineering – 'hi, I'd like you to tell me your bank account details so I can send you millions…'
- Phishing – 'hi, I'm your bank. Please email me your account numbers. Did you tell me your PIN too?'
- 'Click here to get great prices or something for nothing.'
The goal for spammers has always been to get personal details, but they're happy with validation that the email address in question is a working account (so they can go after you at another time, or sell your address to some other spammer). So clicking on the US CAN-SPAM required unsubscribe link for emails that you don't know (really, really know) can end up confirming for the spammer that it is a working address.
As I analyze the problem and educate myself on the fundamentals and reading the writings of others – Gigaom.com, the Wall Street Journal and others – it becomes clear that there are still many, many good things about email – frankly, more than bad things. The trick has got to be to use these good features of email service against the spammers; so in this way industry can make email and security a perfectly consistent expression.
To answer the question, yes it seems that email security is an oxymoron, or a pipedream for most people, but I don't think it has to be that way. Over the next while I plan to review the tactics, techniques and responses to email spam (and maybe a few others).