Arnold Kling     Essays | Short Book Reviews | Favorite Links | Under the Radar | Home

Bellowing at Microsoft, Part Three: Mailbox Protection

"Arguing in My Spare Time," No. 4.14

by Arnold Kling

March 29, 2001

Two of the most frustrating problems on the Internet are email viruses and unsolicited commercial email (spam). As an economist, I believe that an important step toward solving these problems is creating a system that compensates engineers who implement anti-spam and anti-virus programs that serve the entire Internet.

While individuals can use filters and virus detectors, these are not nearly as effective as a network-wide solution. In fact, putting filters and anti-virus software on individual computers is anachronistic--it is derived from the era in which computer threats were transmitted by floppy disks passed around. With the Internet the dominant method of data transfer today, it is time to get out of the sneakernet paradigm for computer security.

One challenge with setting up an economic scheme for a network-wide defense against spam and viruses is that there are large "free-rider" effects. That is, if a network-wide defense effectively stops spam and viruses, then I benefit from that defense regardless of whether or not I pay anything for that defense.

A network-wide defense would consist of programs that "search and destroy" spam and viruses. These programs would identify patterns in email that are consistent with spam or viruses, and they would analyze samples of mail that fit those patterns. When the analysis detects virus or spam, then no one who subscribes to the protection service would receive that email.

Although I would be willing to let a robot program take samples of my incoming mail to help fight spam, this potential intrusion on privacy might not be necessary. It might be sufficient to set up dummy email addresses and to make the email addresses accessible to the people who develop lists for spammers. I believe that some companies have done this, and it is successful at identifying spam.

One function that an email protection service could perform would be to allow me to really unsubscribe from a mailing list. Today, when I receive spam, often there is no way to unsubscribe from the list. Even if the email offers a way to unsubscribe, many spammers are so unscrupulous that they ignore your attempt to unsubscribe but instead use it as a way to verify that the email was opened.

If I had an "unsubscribe" option in my email reader, then this could send a message to my email protection service that I want it to try to block any email from this source in the future. This function would deal with situations in which a spammer claims that its email should not be blocked because I "volunteered" to be on its list.

What Microsoft can do is set up the infrastructure so that individuals, corporations, and Internet Service Providers can subscribe to a number of email protection services. Microsoft can develop the programs that make it easy for a customer to subscribe to, implement, and pay for one or more email protection services. Microsoft can set up standard ways for email protection services to provide filters to their customers, while leaving it up to the email protection services to develop their own individual methods for identifying spam and viruses.

Microsoft could implement in its email software a program that automatically copies email protection services on any email that gets sent to a list of people. The email protection service could open such email and confirm that there is no virus before allowing the other parties on the list to receive the email. I am assuming that this would be done automatically and instantly, unless the program run by the email protection service finds something that appears to be a virus but turns out be harmless.

Because Microsoft software is the most popular target for virus-writers, Microsoft customers would benefit considerably from better virus protection. Therefore, Microsoft probably could internalize enough of the "free-rider" benefits from network-based email protection to make it economical. Microsoft could develop an email protection service itself, but it might foster more competition and innovation by encouraging other companies to provide email protection services. Microsoft could pay those other companies and/or help make it easy for other mailbox protection services services to get paid by customers.

In these essays, I talked about three conditions that need to be satisfied to make a product successful from Microsoft's perspective. The table below shows how these conditions would be met by fostering email protections services.

Key to SuccessHow Email Protection Service Would Fit
Focuses on SoftwareMicrosoft's role would be to develop programs, interfaces, and standards. For example, Microsoft would develop specifications for how a customer can subscribe to and implement an email protection service.
Levers Microsoft's installed base and network effectsMicrosoft can ensure that future versions of its email software facilitate interaction with email protection services, including the "unsubscribe button" and other features described in this essay.
Levers the development work of other software vendorsMicrosoft could encourage other companies to develop email protection services. Microsoft could allocate some of its revenue from selling email software to support these email protection services. This would encourage ongoing innovation and diligence on the part of the email protection services.

In conclusion, developing infrastructure to foster email protection services would seem to be a plausible strategy for Microsoft.

Related EssaysClub InfrastructureData Deposit Boxes