Stopping Spam

Alan Schwartz + Simson Garfinkel

O'Reilly & Associates 1998
A book review by Danny Yee © 1998
Stopping Spam proceeds fairly straightforwardly. It begins with a description of what spam is and why it is a problem, along with a brief history of spamming and a survey of current activity. This is followed by a general introduction to how email and news actually work, before the central chapters, "A User's Guide to Email Spam" and "A User's Guide to Usenet Spam".

These chapters go into rather more detail than most users will want. The chapter on email, for example, explains how to use traceroute and whois to track down spammers, while that on Usenet goes as far as describing how to issue NoCeM notices — and even includes, for no reason I can think of other than a desire to pad out the book, a three page perl script for automating it! It would have made things easier for ordinary users if the less technical information had been segregated, or at least marked in some way. In this category we find such things as the details of using filters and killfiles in the most common mail and news clients, an explanation of why following purported "opt-out" instructions is a bad idea, and advice on modifying email addresses.

A chapter "Spam Stopping for Administrators and ISPs" contains technical information on dealing with spam at the server (or router) level, along with advice for ISPs on wording Acceptable Use Policies and preventing spamming by their own users. The possible effects of anti-spam efforts on the civil liberties of users are barely touched on. For example, at one point we read

You should notify your users if you engage in any kind of monitoring to actively stop spamming. Most ISP end-user agreements allow the ISP to monitor any user for any purpose whatsoever. However, if you make it clear to your users that spamming will be actively monitored and stopped, the notice may act as a deterrent and stop spammers obtaining accounts with your ISP in the first place.
without the slightest hint of concern for user privacy! Another surprising omission, given that one of the authors is an expert on mailing lists, is any advice for administrators of mailing lists other than turning off "who" requests in order to stop address harvesting. There's no mention of the use of subscription confirmation to help prevent list abuse, for example, or of the option of allowing posting only by subscribers.

A final chapter on "group action" is a useful guide to anti-spam newsgroups and mailing lists, cooperative anti-spam efforts (such as the Usenet Death Penalty), and legal and legislative action against spam. It doesn't touch on general political or ethical issues (spam as a test case for Internet self-governance, for example). But these, along with a more substantial treatment of the history of spamming, could form the basis for a different book entirely.

Stopping Spam contains some excellent material, but I don't know who I could really recommend it to, given the different audiences it tries to address. It would be a much better idea for O'Reilly to incorporate the material in Stopping Spam into its other books. That way information on dealing with Usenet spam at the server level would end up with other material relevant to administrators of news servers, rather than in the same volume as an introduction to email filtering for AOL users.

November 1998

Related reviews:
- Simson Garfinkel - PGP: Pretty Good Privacy
- books about the Internet
- books published by O'Reilly & Associates
%T Stopping Spam
%A Schwartz, Alan
%A Garfinkel, Simson
%I O'Reilly & Associates
%D 1998
%O paperback, index
%G ISBN 156592388X
%P x,191pp