[ih] Why is there (still) spam...?

Jack Haverty jack at 3kitty.org
Mon Jul 28 16:20:05 PDT 2025 

On 7/27/25 12:02, John Levine via Internet-history wrote:
> We certainly found this with spam filtering. Twenty years ago people wanted all
> sorts of ways to tweak the rules to deliver or block their mail. These days it
> works well enough that there's usually only two buttons, one to say that
> something marked as spam isn't, or vice versa, and one to put someone into your
> address book so they're a known correspondent.
The History of the Internet mostly seems to focus on all the things that 
happened over the last half-century.  But there's another aspect of 
History.   Things that did not happen are also a part of the historical 
record.

Personally, I've been involved with email since the early 1970s.   I 
wrote one of the first email servers on the ARPANET.  Email, and 
annoyances such as "spam", are just facts of life today.  People have, 
IMHO, largely given up and just accept spam, "phishing", and other 
aspects of email today as just the way it is.

I even receive email allegedly sent by me, but that I never wrote. Or 
email from what looks like a legitimate person or company, but isn't 
actually from them.  The "known correspondent" technique isn't helpful 
for such things.

But it wasn't always this way.

Back in the ARPANET era, in order to use the 'net you had to be 
authorized.   Computers and long-distance circuits were very expensive, 
and the people who paid for them understandably wanted assurance that 
their computers, and the 'net, were being used appropriately.

Computers were attended by armies of administrators and operators, who 
protected their expensive resources with the technology of the day, such 
as passwords and quotas.  To "log in" to a computer you needed to have 
an account, and an associated password.

The computer knew who you were, and was required to enforce rules for 
use of the 'net.

When people started to use terminals to access their computer accounts 
using the network, things changed.  Computers still required passwords, 
but the network was now unprotected.  The obvious fix was to add 
passwords to the 'net itself.  A program called "TIP Login" first did 
that on the ARPANET.  As the 'net evolved into the Defense Data Network 
(DDN) and The Internet, a similar program called TACACS (Terminal Access 
Concentrator Access Control System) was similarly developed.

In order to use a terminal from a remote site, you could dial up a local 
number, type in your user name and password, and then use the 'net to 
connect to a remote computer.  I still have my "DDN TACACS Card" with 
the username and password I used 40 years ago to get on the 'net.

The 'net knew who you were, and could make sure you were a legitimate 
user.  It could even tell a remote computer who you were, so you didn't 
have to login there again.

As a User, you could be pretty confident that email you sent would get 
to its destination.   You could believe that an email you received 
actually came from the User in the From: field.

Over decades, computing changed.   Computers became personal, then 
handheld, then pervasive.  They became much much more powerful, and much 
much less expensive.  They were no longer attended by hordes of 
administrative staff.

Technology also developed.  Mechanisms such as "digital signatures" were 
invented, which seemed promising as replacements for the old name and 
password schemes.  Protocols, algorithms, and procedures were invented, 
and even implemented in many popular user programs.

Yet today I rarely receive any email that uses such technologies. It's 
allegedly available "on the shelf", but few people seem to use it.

Other aspects of the 'net seem to have successfully evolved to use such 
modern tech.  For example, websites now often use https rather than the 
original http, with "certificates" providing some guarantee of 
authenticity and privacy.

But email is different for some reason.  All sorts of newer technology 
seems to exist, but hardly anyone uses it.

Why not?  Is the technology somehow fatally flawed?  Is it just too 
complicated for end users to deal with?  Was it fatally delayed by legal 
issues such as patents?   Is it too hard to understand?

Perhaps it's a failure of government?  In the non-electronic world, 
legal concepts such as "fraud" are well established.   Forging a 
document can lead to fines or jail time.  Forging an email seems somehow 
treated very differently.

Personally, I think email has been degenerating over the last 
half-century.  We've become accustomed to spam, and have even created a 
new vocabulary, containing words such as "phishing." Sometimes mail just 
disappears, especially if it traverses a "mailing list" - like this 
one.  I'd like an email service where you can have some confidence that 
an email was actually sent by who it appears to have sent it.

So, Internet Historians, perhaps you know what's happened, or hasn't 
happened, over the last half-century:

Why is there (still) spam?

/Jack Haverty


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20250728/c5ff49ca/attachment.asc>

More information about the Internet-history mailing list