Not Just SPIT but SPOG and SPOM

Looking at David Piscitello’s Blog  the other day, I saw that in addition to all the various SPxxx words we use, he has coined the term SPOG for SPAM on Online Games.  Like all these low-cost ways of getting messages to would-be buyers, SPOG will curse gamers as SPAM now curses all email users.  Perhaps we could also add SPOM to the list (SPAM over Myspace), for a new way to SPAM the teenage market.

In the world of junk-mail a 1% return would be considered exceptionally successful, and the economics of mass-mailing with poor targeting works on this basis of poor returns.  I think it was Bruce Schneier that said that SPAM is basically an economic problem, because the costs of mass-emailing are so low that the low success rate is not a problem, and actually if one person in 100,000 turns into a sales prospect, then SPAM has become a legitimate marketing tool.  So as frustrating as most of us find it, those few who say “yes” will mean that we continue to receive an unending flow of material about drugs and loans.

SPIT is not a really problem in the wild today.  This is partly because VoIP largely exists in islands  today, and not in a fully interconnected network.  It’s also partly because would-be SPITters have not yet come across the technology.  As with SPAM, this will be attractive to some, because it will be possible automate calling, and because the technical barriers are low, and the cost per call negligible, it will be economical to make thousands of calls per day.  And if a small percentage of those calls actually succeed in closing some sales, then once again it has become a legitimate marketing technique.

SPIT was discussed quite a bit at the recent VoIP Security Workshop, and it seems researchers have already created an impressive array and anti-SPIT techniques, although with the caveat that they have no actual real-world SPIT data to test their techniques against.  Some of these techniques are economic and some are technical, but we can well imagine combinations of these techniques giving us very high anti-SPIT coverage in the future.  For the remaining few calls that get through, please let’s all hang up on them, and for goodness sake don’t buy anything.

2 thoughts on “Not Just SPIT but SPOG and SPOM

  1. S.Meinardi

    “SPIT is not a really problem in the wild today. This is partly because VoIP largely exists in islands today, and not in a fully interconnected network. It’s also partly because would-be SPITters have not yet come across the technology.”

    I’m considering two facts:
    1. I have an account on voxalot (www.voxalot.com); it’s a free * pbx on line; it has a hidden rule so that if you call a number beginning with *xxx (where xxx is a prefix of a VSP allowing free connection), you can call a user of that VSP. I was able to call via voxalot my real VOIP italian and foreigner accounts. The list of prefixes (not all working, to be true) is maintained by sipbroker (www.sipbroker.com)

    2. Yesterday I’ve read this news:
    http://www.vonmag.com/webexclusives/2006/06/13_Black_Hat_Tracks_VoIP.asp

    So, I agree with you (and with VOIP Security Workshop experts you talk about in your report) that SPIT is not a real problem TODAY. But I think it will be a big problem tomorrow: and tomorrow it’s really near the corner, some weeks not months.

  2. Dustin D. Trammell

    Or, we could just stop all this rediculous segmentation of terminology and call all of it by what it is, SPAM. SPAM is SPAM is SPAM, whether it’s delivered over communications protocol A or communications protocol B. What I find really amusing is that terms like SPIT have been created for classes of SPAM that currently don’t even exist yet. As the broader IT industry, do we really need to differenticate SPAM over e-mail versus SPAM over VoIP, or even SPAM over IM? Overall, it’s the same basic problem with the same basic symptoms, and inevitabley the same basic solutions (whitelist, blacklist, message-challenge, etc) that only marginally address the symptoms of the problem while everyone ignores the problems themselves which are inherent to the communications protocols that allow SPAM to be sent over them.

    http://en.wikipedia.org/wiki/Spam_%28electronic%29

Comments are closed.