Fighting spam: My theory (Part 2)

Last week I started to outline what I see as the only way to cure the spam problem for consumers and businesses. My plan requires a mechanism for the e-mail recipient to be able to verify the sender, to some level.

You could set the minimum level of verification for people who aren’t on your whitelist as requiring proof that the sender exists or, if you are a little more picky, that you must know the sender’s identity before you will accept his messages.

Or you might require that the sender be vouched for by an institution. Banks and credit card companies, for example, could issue certificates to customers that present credentials (such as drivers license, major credit card and Social Security number). The issuer then would provide the certificate details to install in an e-mail client or, if the issuer is going to sign messages on behalf of its customers, provide details of the proxy server.

Certificates also could be portable – get a bank account and the bank will accept the certificate from your insurance company. The bank would test the certificate’s validity and then be added to the list of certificate references. If we can verify the sender’s identity and his sponsors then we can get a good idea if he should be trusted.

If you think a sender is a spammer, you should be able to send the message to the abuse desk at the certificate authority, which would route the complaint to the certificate issuer. The issuer would act according to its published policy, perhaps by removing itself as a reference or, if its policy lets it actually control the certificate, revoking or suspending it.

On the other hand, that wouldn’t be necessary because you would just add the sender to your blacklist. If you got spam from lots of senders who were sponsored by, say, FlyByNight Enterprises, then you could refuse messages from anyone with a certificate issued or referenced by that company.

Could this system be hacked? Probably. Would such a hack be effective for long? No, because the system would be flexible and could accommodate and overcome faults. It wouldn’t be centralized or owned by a single entity, and if there were enough certificate authorities and enough sponsors, there would be no single point of failure.

So how to bootstrap this proposition. If a consortium of interested parties (e-mail product developers, businesses, government, consumer groups – all interested because spam is causing them real financial problems) were to back such a scheme, it probably would be easy to get an open source development program going and effect a changeover to authenticated e-mail in perhaps a year. And remember, not everyone needs to use it. Aunt May can still send you messages; you just have to be willing to accept them.

Now there are lots of issues here about the way certificates could be used and revoked, but the point is that we’re using existing infrastructure and well-tested technologies, and not relying on ISPs to build and manage infrastructure they have no real need for and can’t afford to build and manage anyway. Moreover, we’re giving all the interested parties – consumers, businesses and institutions – a business reason to support the system.

But hold hard! You might have noticed a few news items discussing Bill Gates’ proposal for an e-mail caller ID system, which has the backing of Amazon.com, Brightmail and Sendmail. At the RSA 2004 Conference, Gates talked about what Microsoft calls “rich safe-listing.” Gates said in his speech: “Having e-mail come in, and not really being able to identify where it comes from, this is a huge security hole.”

Right on! But let’s not get over-excited, folks – this is just a mechanism to prevent domain spoofing (see details), not a real sender-authentication system. On the other hand, at least there’s a chance we’ll get on the right track.

Valid messages to backspin@gibbs.com.