Sometimes I hear the joke, or conspiracy theory, that anti-virus companies are at least partly responsible for viruses that plague the Internet. The theory is that they will keep themselves in business by writing a new virus and playing up the threat posed by it. Then, they release an update for this virus such that their filters will now block this newest outbreak. The idea is that people would forget that anti-viruses are necessary if they blocked everything. Similarly, because amateur virus writers are no good at getting anything through virus filters, the professionals have to create their own in order to play up the threat.
A couple of years ago, one of my friends was discussing a similar topic. His position was that our spam filters should never be 100% effective. We should always let through a little bit of spam in order to remind our users that without us, that little bit of annoyance would be an absolutely gargantuan one. We have to stay visible. We can't let customers think that they can get by without us.
But is that the correct view? Do we need to remind our users of our value?
I don't take this approach. Spam costs companies billions of dollars. Botnets clog the Internet infrastructure and distributed botnet attacks can shut down entire corporations (and even governments). It threatens to make email unusable, and everyone I know loves email! It's an absolute scourge and everyone would be better off without spam. Well, maybe not everyone; spammers would be out of a job but I'm willing to make that sacrifice for them.
My position is that if security vendors of all stripes, public blacklists and all the email providers got together and managed to stamp out all spam permanently, it wouldn't bother me. If spam filters became obsolete because every spammer in the world was shut down by using a magic potion, then I think this would be a good thing. Users could reclaim the internet; bandwidth would be freed; financial resources could be spent on things other than security (like cost of living adjustments for employees); IT departments could be freed to do work other than taking out the garbage.
The drawback is that anti-spam companies would be out of business. But would that be a drawback? I think that in reality, we would simply be freed to do other things. We could innovate and create something better -- maybe a faster Internet, a better version of Sharepoint, move into nanotechnology, make airlines more efficient with better software, create better networking software... there's really no shortage of things to do when it comes to advancing technology. Not only that, but at least for us, we do things other than spam filtering including email archiving and encryption. Employees in the anti-spam and security space are talented people and we'd survive. We'd just move into another profession and use our talents there.
So I take the following view because it is in the best interests of everyone - the eradication of all spam should be the end goal.