Fighting spam: My theory

Thanks for all the feedback over the last two weeks about fighting spam by charging postage for e-mail. It seems that a number of you fervently believe in the idea as a cure and are willing to ignore what seem to me to be blindingly obvious procedural and legal problems with the idea.

On the other hand one reader commented: “OK, pay-per-send is wrong. But how do you change the economics of e-mail to discourage spam? The solution has to be economic because a) technology can only try to keep up with spammers (never get ahead), and b) laws only work when people abide by them. . . . So how do we change the economics of e-mail so spammers can’t take advantage of a system that places all the charges and burdens on the recipients and not the senders?”

While a workable solution must have an economic basis, it seems to me (and others) that the heart of the problem is being able to send e-mail anonymously. Without much effort, a message originator can pretend to be whomever he pleases by forging message headers.

So when I get a message from “A. Reader” I have no way to validate the sender’s identity except heuristically (for example, if he refers to a dialog we had been conducting) unless he provides some kind of identity certification.

Now if I can verify his identity and he spams me, I can add his identity to a black list. Should he change his IP address, e-mail platform, whatever, his identity still would be visible and therefore I can ignore him if I wish – something that is not possible with a simple domain-based black list.

If I can’t verify his identity then either he is my great uncle in Peoria who just doesn’t get the whole identity verification thing and who I would add to my white list anyway, or some other newbie who isn’t serious about his e-mail. I make the choice as to whether I want to deal with these people.

Weak verification is mostly what we currently have. To validate your message I have to make what you might think of as an “out-of-band” verification. For example, if you have included your telephone number or I know it from other exchanges we’ve had then I can call you to confirm that you sent the message. But this is obviously not a good method when I have to conduct thousands of verifications and the majority of them have no in-band (verifiable origination domain address) or out-of-band reference at all.

Strong verification is what you get when you sign a message using a digital certificate that I can validate with a trusted third-party certificate authority. The existing X.509 infrastructure works fine.

In the brave new whirl I’m suggesting, businesses would issue certificates for each employee who has a mailbox. You could have a corporate mail server sign messages on behalf of valid senders instead of letting staff actually “have” their own certificate.

Consumers could buy a certificate or get a certificate from an institution or business they have a relationship with, such as a bank or telephone company. Or the issuer might prefer to have consumers send messages via the organization’s servers. In reality, the certificate issuer wouldn’t be the actual certificate authority or mail service provider unless it had a compelling business reason to do so – it would outsource either or both functions.

These institutions should go to the trouble of underwriting these services because in the long run if they are to be competitive they must be able to conduct business online reliably and efficiently. It would be in their interest to have an intimate trust relationship with their customers.

Although the infrastructure is complex, it has the advantage of being well-proven. This solution is starting to look complex, neat and right. But I’ve run out of space so we’ll wrap up next week.

Interim thoughts to backspin@gibbs.com.