I must respond to Vinton G. Cerf's Viewpoint "Spam, Spim, and Spit" (Apr. 2005) concerning the disadvantages of challenge/response (C/R) email systems. (Disclaimer: My company, DigiPortal Software, Inc., sells C/R anti-spam products for both consumers and enterprise users.) Cerf wrote that C/R systems require unrecognized senders to confirm their identities and that "...some senders find this onerous and even insulting..." In our experience, most senders understand the seriousness of the spam problem and are willing to verify their identities. Many of our sales are to people who learned of our product by receiving a challenge message.
We have found only two categories of users who object to challenge messages: a small group of largely self-appointed (and highly visible) gurus who seem to think they have the right to enter anyone's inbox without restriction; and those who send large amounts of unsolicited email.
People generally accept the social norm that no one will talk to us or let us into their homes without first knowing who we are and what we want. An email inbox is no different. In its infancy, email was implicitly permission-based because the only way someone could get your email address was if you gave it to them. Email matured but without adequate controls. We all thought, incorrectly, that implicit rather than explicit permission would be enoughand is the reason C/R is not universal today.
Cerf wrote that C/R "...introduces indeterminate delay in the delivery of email and consequently may degrade its utility..." A delay occurs only when we receive a message from someone not already on our whitelistan uncommon event. On average, our users challenge legitimate senders about once every two weeks, further debunking the notion that C/R is onerous. Our data suggests that if C/R were universal, the average user would spend perhaps 30 seconds per month responding to challenge messagescloser to imperceptible than to onerous.
Email is asynchronous and open-ended and a lousy way to communicate when we need to reach someone urgently, particularly someone who doesn't know us. The right answerwhat most people do in such circumstancesis to pick up the telephone. Across our user base, this is an issue we never hear about.
Lastly, Cerf wrote that C/R "...does not work well with distribution lists." Presumably, his concern is that everyone on a mailing list will be challenged. We provide virtual email addresses so our users need not hunt for online order confirmations, newsletters, or other items (the other frequent complaint about C/R). These issues are matters of implementation, not fundamental flaws with the C/R concept.
A recent study by the University of Maryland puts the annual cost of spam in the U.S. at $20 billion. C/R, especially when coupled with the Sender Policy Framework or similar solution, is the only methodology that can eliminate spam. It deserves to be considered on the basis of fact, not myth or supposition.
David Jameson
Chappaqua, NY
Author Responds:
David Jameson is a good advocate for challenge/response. The best test of the idea will be to observe its uptake in the community of users and the interest shown by email client and server software developers in incorporating it into their systems. I continue to believe, however, that some users will find it so annoying they'll stop using it, particularly if it involves repeated confirmation requests, perhaps from everyone on a distribution list. Requests for confirmation might themselves feel like a form of spam after a while. The other problem is that "From" addresses are easily spoofed, so a whitelist created with confirmed sources might still allow spam to get through. If no whitelist is created, confirming every email we send would be quite tedious.
Vinton Cerf
Ashburn, VA
I have followed China's technology revolution with great interest, so it was refreshing to see a special section ("Transforming China," Apr. 2005) devoted to the subject. However, I found one part of it unsettlingthe caption describing the map of China in "The E-Transformation of Western China" by Robert M. Davison et al. It began with: "The 23 provinces (including Taiwan)..." While I don't have a strong opinion on the Taiwan independence issue, I know the statement is plain wrong. The status of Taiwan is in dispute. China considers Taiwan a renegade province and hopes to reunite it with the motherland, while a substantial portion of the Taiwan population (and arguably the bulk of its current government) hopes to achieve independence.
Since the article made no mention of Taiwan, the scientific purpose of including it in the map was unclear to me. I hope that inclusion was simply an oversight by people who may be unfamiliar with the political situation in the Taiwan Strait. If deliberately allowed into the section, it represents a potent political statement. It would be unfortunate for an independent professional organization (such as ACM) to use its publications to press a political agenda, detracting from the stature and credibility of the organization as a whole.
I urge that a correction be published stating that the caption was inaccurate. In addition, if the statement was published deliberately, I humbly ask you to consider the negative effects of allowing politically charged statements in Communications.
Eugene Weinstein
Cambridge, MA
Authors Respond:
The article referred to Western China, and the map is indicative of where Western China fits into the broader Chinese picture. No political statement was intended, nor should one be construed in the map, which was purely an illustrative device.
Robert M. Davison
Douglas R. Vogel
Hong Kong
Michael A. Cusumano's Technology Strategy and Management column "Google: What It Is and What It Is Not" (Feb. 2005) began by comparing the "valuation" of Google to Ford Motor Company, General Motors, and Yahoo. Cusumano claimed the market values Google more than it values GM and Ford combined. He is wrong. Firm value includes not just common stock, but the value of its entire capital structure. Bonds outstanding for GM and Ford are worth $291 billion and $165 billion, respectively. GM also has $3.8 billion in preferred stock outstanding. The sum value of the capital structure of both firms is nearly $500 billion. Google by contrast has a market capitalization of less than $60 billion. An understanding of capital structure is Finance 101 and needs to be considered before any judgment is made about the value of any firm.
Matt Wimble
Tucson, AZ
Author Responds:
With reference to Google, by "market value," I was clearly using common shorthand for the stock market valuation of the firmnothing more, nothing less. For this valuation, moreover, investors should factor-in the value, or lack of value, of a firm's total capital structure. This is also Finance 101.
The most interesting questions about Google are: How much is it shifting computing away from the desktop (and Microsoft) to the Internet? and How much can it (and its investors) profit from this shift?
Michael Cusumano
Cambridge, MA
I write this as someone who retired from the computer science department of a college whose president was dismissed for plagiarism. I also write this as someone whose early work was misrepresented, then misappropriated by a more distinguished foreign colleague. Plagiarism is bad, very bad.
I was troubled by the way Christian Collberg and Stephen Kobourov used the term self-plagiarism in their article "Self-Plagiarism in Computer Science" (Apr. 2005). Plagiarism is a form of theft, specifically stealing someone else's words or artistic work and claiming them as one's own. The problem with self-plagiarism is that the concept of stealing from one's self is fraught with difficulties, and has led to some significant abuses. That an editor thought of reporting an incident of self-plagiarism to the offender's department chair, as reported in the article, shows the concept can also result in abuse. At the college I retired from, self-plagiarism by students was foolishly listed as a cause for dismissal, and any faculty member found guilty of doing so would also run a considerable risk of dismissal.
Editors and readers have a right to know whether an author has published similar work elsewhere. Self-plagiarism ought to be renamed something less derogatory; how about "reuse without proper reference"?
Editors should be free to demand proper references and refuse to publish anything too much like other previously published work reaching the same audience.
Those who scorn self-plagiarism bring to mind the celebrated Hungarian mathematician Frigyes Riesz (18801956) who had a system for producing four papers per theorem. First, he would publish a brief note in Hungarian. Then he would publish a longer paper in Hungarian. A year or so later, he would publish a brief note in French in Comptes Rendus, followed by a longer paper in French. The later papers sometimes contained much more than the earlier ones, though sometimes they didn't, and sometimes they were just translations of the Hungarian papers. In any case, the gifted and cultivated scholars of the mathematical community in the 1930s and 1940s welcomed the later papers, even if they had already read the earlier ones.
One could hardly claim these mathematicians had lower standards than today's computer scientists; in fact, our science is founded on their work, our dominant architecture is named after one of them, and our highest scientific award is named after another. But to judge by their report, some of the stiff-necked referees described by Collberg and Kobourov would have rejected many of Riesz's later papers. This should make us all pause and reflect.
Charles W. Neville
West Hartford, CT
I have encountered the problem of self-plagiarism, as explored by Christian Collberg and Stephen Kobourov (Apr. 2005), many times. In every case, the author intended no wrongdoing but produced considerable discomfort for all involved. We need wider education and understanding about acceptable and unacceptable reuse.
To promote such understanding, ACM SIGPLAN publishes a Republication Policy. It is a shame it was not mentioned, since it covers many of the situations described in the article. For instance, overlapping submissions to regional and major conferences may be encouraged, so long as the second submission properly cites the first and the program chair is informed; the second submission is judged on its value added.
Calls for papers to such conferences as Programming Language Design and Implementation and Principles of Programming Languages refer to this policy, but in the rush to submit, it may be overlooked. I encourage you to go to www.acm.org/sigs/sigplan/republicationpolicy.htm.
Philip Wadler
ACM SIGPLAN Executive Committee
©2005 ACM 0001-0782/05/0600 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2005 ACM, Inc.