The Hype Over Spim
PERSPECTIVE A number of news reports, helped along by media-savvy prosecutors, are positioning the recent arrest of teenage spammer Tony Greco as a significant milestone in "spim," or instant message spam. Many of the articles suggest IM spam is about to flare out of control.
This pegs my hype-meter. First, to be precise, Greco was sending "private messages" (PMs) from within the MySpace.com system to registered members. He was not using a public IM service like AIM, ICQ, MSN Messenger or Yahoo Messenger. PM spam (pspam?) is one of the least annoying types, since you often don't even know you've received it. Greco's became obvious only because MySpace.com sends a notification email to members whenever they receive a PM.
Second, I doubt the federal government would try to bring criminal charges against anyone for sending PM spam. The reason this case received attention from the feds was because Greco allegedly tried to extort money out of MySpace.
Third, all this hand wringing about the rise of spim seems unwarranted. IM spam has been around for roughly seven years, and all along "experts" have predicted spim is about to rage out of control. It hasn't, and it probably never will.
Compared to e-mail spam, spim is easier to control because instant messages must travel through a limited number of centralized servers. As a result, IM service providers can implement server-based rate limiting, content filtering, and other mitigation techniques to greater effect.
Yahoo, for example, reportedly operates software that watches for IM spam "bots" and disables their Yahoo IDs, rendering them harmless.
SMTP -- the protocol underlying e-mail -- is built on an open architecture that's easily exploitable by spammers. IM systems, on the other hand, are proprietary. Over the years, IM spamware programs -- such as ICQ MultiPager and ICQ Interest Search -- have been repelled by operators of public instant messaging systems through minor protocol tweaks.
The centralized nature of IM systems also makes filing spam complaints easier. Version 9 of America Online's software, for example, includes a "Report IM Spam" button that can notify AOL about the sender.
What's more, IM users can easily configure their software to accept messages only from certain people. Such "white listing" is also available on some e-mail systems, but it's not widely used because most people need to receive email from a broader population than their instant message buddies.
MSN Messenger goes even further with a "reverse list" feature that lets users know when someone puts them on a buddy list and enables users to proactively block messages from the person.
In the past five years, I've received a total of maybe 15 spims. I get that many e-mail spams in an hour most days. That ratio may change in the future, but let's not lose sight of the real spam problem.
Brian McWilliams is a journalist and author of Spam Kings: The real story behind the high-rolling hucksters pushing porn, pills, and @*#?% enlargements.