Saturday, March 27, 2010

If You're Really Human, Type "Antlers"

I recently wrote an e-mail to a marginally famous person, and I got back the following response:
Your mail to me (reproduced below) was not delivered because you are not on my "whitelist" of approved senders.
To add yourself to my whitelist, please resend your mail with the word "antlers" anywhere in the subject line.
If you do this once, you will be added permanently to the whitelist and you'll never have to do it again.
I'm sorry for the minor inconvenience, but this is the only effective way to stop spam.
This seems like a reasonable request, but it got me to wondering why we don't see this more often.

All forms of spam I can think of can be described this way: A group of transmitters is trying to send information to a recipient. Many of the transmissions come from legitimate sources, but others are sent automatically by spammers.

The onus to deal with spam doesn't always fall to the same side of the transaction. Transmitters bear the burden for things such as buying concert tickets. Ticket buyers are asked to solve a CAPTCHA, or a garbled word image that is difficult for computers to understand, to ensure that spammers don't buy up all of the tickets. To somewhat offset the pain, many sites use reCAPTCHA, which helps digitize books when users solve CAPTCHAs.

Conversely, the task of dealing with e-mail spam usually falls to the recipient. Many mail clients have spam filters built in, but they aren't perfect. Spam dupes some users into downloading viruses or giving away sensitive personal information, and pretty much everyone is annoyed by spam to some degree.

So why isn't the "send me a message with antlers in the title" approach more common?

E-mail spam filtering has to make a tradeoff between two types of errors: marking spam as legitimate e-mail, and marking legitimate e-mail as spam. For most people, the latter is worse than the former. For instance, I'd happily delete 10 mislabeled spam messages instead of losing one legitimate message.

The "antlers" approach will often fail. Some people won't follow the instructions correctly, so their messages will never get through. Additionally, sometimes users get important e-mail from automated sources, which won't be able to understand and comply with the "antlers" request. For instance, Amazon sends me messages when there's problems with my order. I've also received automated messages from potential employers telling me I need to fill out a form online or I will no longer be considered for the position.

In short, dealing with spam as a recipient is annoying, but it's worth the effort to avoid missing important messages. And the annoyance wouldn't stop if the system were reversed; we'd just to have solve "antlers" problems whenever we sent an e-mail to someone new.


Adam Gurri said...

Your explanation of reCAPTCHA finally made it click in my head. I remember back when Google bought them, and everyone was vaguely talking about how this was to help them with word recognition in their Google Books efforts, but I never really understood how that was supposed to work. It seems obvious now and I feel dumb for not having figured it out at the time.

Greg said...

Glad to help, though I think the link explains reCAPTCHA better than I did!

Adam Gurri said...

It's really very brilliant if you think about it. Google does this stuff all the time; they use their GOOG411 service to help train its voice recognition software, for instance.

Greg said...

Ah, good point! I didn't think of that.