Naked Security Naked Security

Unhappy 39th birthday, spam, and many unhappy returns

As computing reaches middle age, expect to see more of these kinds of anniversaries

In October 2011, email turned 40. Last week it was the turn of its troublesome twin, spam, to make it to within a year of the same hoary milestone.

Inevitably in an industry ageing fast, personal computing’s calendar is filling up with significant anniversaries. So, does spam’s – or email’s – really matter that much?

The sender of the first spam email was Gary Thuerk, a marketing person working for the Digital Equipment Corporation, who in May 1978 got over-excited at the news that the company had added ARPANET support to its DECSYSTEM-2020 mainframes.

He didn’t call it spam, or course – that came later – he called it “electronic marketing”, ironically an attempt to drum up interest in the 2020 itself. That was the clever bit – sending an email to people as an advert for the fact it could be sent at all.

But Thuerk’s dark epiphany was to realise that, like any other form of marketing (postal, cold calls, TV, people ringing doorbells), emails could be sent without asking recipients for permission first.

The first e-mailshot sounds like a fun moment, but by all accounts it was a technical and political disaster.  The mail program used, SNDMSG, would only accept 320 addresses (without the mail list function being enabled), which meant that any above that threshold flowed into the message body.

Either way, ARPANET’s users weren’t chuffed, prompting the system’s chief admin to issue a grumpy apology:

THIS WAS A FLAGRANT VIOLATION OF THE USE OF ARPANET AS THE NETWORK IS TO BE USED FOR OFFICIAL U.S. GOVERNMENT BUSINESS ONLY. APPROPRIATE ACTION IS BEING TAKEN TO PRECLUDE ITS OCCURRENCE AGAIN.

Spam was hated on day one just as it has been hated on quadrillions of occasions since then. What had Thuerk invented? A new way to annoy people.

Or perhaps he’d simply stumbled on the deeper truth that spamming people is worth the risk because even supposedly useful email communication is, ultimately, doomed to the same fate.

The turning point was the commercialisation of the internet in the 1990s, after which email – and spam – became ubiquitous.  Advertising spam surged, becoming a massive nuisance that had to be filtered like crazy. Phishing attacks and email spoofing became common.

But legitimate email was overloading people too. Employees sent personal emails to the entire company by accident, or found themselves on group mailing lists they’d never heard of. Smartphones made it harder not to reply to emails after hours.

Providers such as Gmail are now so efficient at filtering classic spam, it’s almost extinct, leaving people to stare glumly at the almost-as-overwhelming legitimate stuff they probably don’t want either.

Thuerk’s fateful spam pre-dates almost every other computer nasty, including malware, denial-of-service, web hate, illegal sexual content – you name it.

On May 3 1978, people started to face the fact that, like it or not, wondrous computer communication was going to have its downsides. We should thank Gary Thuerk for this revelation.