Spam Meeting Wrap-up
wendigo2002 writes "Get used to that daily flood of e-mail come-ons, Viagra offers and lucrative enticements to invest in Nigerian pyramid schemes. Internet gurus, software designers and lawyers today ended a three-day Federal Trade Commission discussion on combating spam by concluding neither technology nor laws are yet capable of completely dealing with the plague."
I wish all those who convene to discuss law-enforcement and/or regulatory initiatives were so honest about their future prospects for success. Can you imagine what the DEA would be like if someone back in the 50s or 60s had actually gotten together and said "you know, guys, we'll never stop the flow of drugs into the country, and it's only going to get worse". On the other hand, that might have made the problem worse.
I still couldn't fault them for being honest, though.
Back when the Internet was a nicer place, it made sense to allow anyone to send anyone mail through any system. Now that Internet access is much more common and the propensity of abuse on open systems, it's time to either bury RFC-821 or make it significantly more modern.
No, the deluge of unsolicited garbage will continue regardless of what is done legislatively and with technology. I'm glad to see that people are finally waking-up to the fact that more laws won't fix the spam problem. But technology can be used to make it harder for spammers to hide in their anonymous cloak.
The processing of sending email needs an overhaul that gives system administrators the ability to determine the source of incoming mail and impart a "trust" level of the message. Messages coming from systems that have a high trust are tagged in the headers while those coming from systems that seem dubious or lack any sort of real credentials are tagged accordingly.
No, it won't stop spam, but it'll allow people to simply deny access to systems and users that are a continued problem, forge credentials or email addresses.
That's one approach. Another is sender-risks-paying.
It seems to me that the problem with accountability/traceability is that it would probably require people to have a digital identity that pervades the whole internet. Well, how is this going to be implemented? The bearded-hacker community tried to implement a public key infrastructure, but it's been a huge failure, since it's never reached the critical mass where it would become useful to most people. (It's also way too hard to use.) The other well-known proposal is .NET. Do you really want a future where you have to have a .NET identity in order to send e-mail?
And what about those times when you really do need to send anonymous e-mail? What about corporate whistleblowers? Political dissidents?
I prefer the sender-risks-paying idea. There have been a lot of these proposals floating around, and yes, they've been discussed a lot on Slashdot before. No, they will not require your ISP to bill you for e-mail. No, they will not require non-spammers to pay any money at all. No, they need not involve any actual money to change hands (the currency could be based on CPU cycles, for example). There's nothing technically wrong with these proposals. The bearded-hacker community just needs to go ahead and implement one and start using it. Otherwise MS will implement it in a proprietary way (their Pennyblack project), and it will be another brick in the prison that keeps people locked into Windows/Office/Outlook.
Find free books.