It hardly seems that I've had a discussion about the Internet over the last two years when the topic of spam hasn't come up. Clearly, this is a major problem, and every system administrator I've talked to is hungry for ways to reduce the impact of spam on their systems and the users they support. In Stopping Spam, Schwartz and Garfinkel aggregate a great deal of the widely scattered information on spam that is available on the Internet into one clearly written reference.
The book opens with a chapter on what spam is and why it is bad. The authors then move on to cover the history of spam before launching into an exploration of the typical range of spamming tactics that are employed today. Following this is a brief chapter covering some Internet basics, including information on how DNS works and how Usenet news and email move through the Internet. This is old hat for many folks, but the book wouldn't be complete without it. This chapter is quite well written, covering the essentials in a compact, yet easily understood manner.
Next is a chapter titled, "A User's Guide to Email Spam." Quite naturally, it is a description of how to filter junk mail, how to complain about email spam, and how one can reduce the chance that their email address will fall into the spammers' hands. Naturally enough, it is followed by a user's guide on how to deal with Usenet spam. Similarly, we receive information on how to perform client side filtering and how to respond to spam postings that one runs across.
We then encounter a chapter describing spam prevention techniques as they can be practiced by system administrators, with those that work at Internet Service Providers especially targeted. The last chapter is titled "Community Action" and discusses some of the anti-spam groups that exist, how people band together to fight spam, and the state of current legislative efforts. The book concludes with two appendices, one is a bibliography of resources available on the Internet, the other is a timeline of the history of Cyber Promotions, a notorious spammer that was ultimately driven out of business.
I commend the authors on doing a fine job of making the book easy to read while still explaining their material in an economic fashion. In fact, this combined with the brevity of the book as a whole should make it possible for even the busiest system administrator to be able to find the time to read it. The book is also quite accessible. While the true Internet novice probably won't understand much of it, one doesn't have to have a detailed understanding of the software and protocols that guide the Internet to get something significant out of this book. At the same time, I doubt there are many people who have been so thoroughly immersed in this particular topic that they wouldn't find something in here that they didn't know.
However, I must admit that there are some things about this book that disappointed me. For starters, I don't think the authors make a truly compelling case for why spam is bad. Don't get me wrong, I firmly believe that this case can be made, and I've argued it myself on more than one occasion. I just don't think all the dots are connected as solidly as is necessary to force the reader to come to this conclusion. This is the only book available on the topic at the present time. No doubt it will be referred to by many people, as it is one of the few citable references on the subject. That being the case, I would like to have seen the case against spam made irrefutably.
Also, I believe many of the philosophical issues on the topic of spam can be disagreed on by reasonable people. The authors do a pretty good job of presenting most of these viewpoints, although I believe at least some mention of the spammer's point of view just to increase our understanding would have been appropriate, but they don't take the time to discuss why someone might have decided on each viewpoint. Again, I think this would have been entirely worthwhile, especially if this book ends up being read by folks who aren't already embroiled in the fight. Understanding why each faction believes what they do will lead to a more informed readership, and help foster a better understanding of others' opinions.
Finally, while the book presents some examples of spam messages for the purposes of header tracing, etc., I think there probably aren't enough to bring a novice completely up to speed. The book is quite short. I don't see what the harm would have been to include another five or ten pages worth of these examples, especially if it might help reduce the amount of spam or increase the quality of the reports that go to those who can do something about it.
Frankly, though, these criticisms are a bit harsh. Stopping Spam is a good book, and is worth reading by those who may find the topic interesting. I just don't feel it's good enough to become a definitive reference on the debate. Of course the fact that it's not the be-all bible on the topic is not a major shortcoming.
Stopping Spam delivers on providing a wealth of information on the topic of spam. It is very clearly written, quite accessible, while likely still providing enough information to interest those very familiar with the topic. In my opinion, there are some areas in which the book could have elaborated without adding excessive length. While its still quite good, because of these shortcomings I believe it falls short of being as remarkable a reference as it might have been.
Click here to return to the index of reviews.