Advertisement

Music

Spam scam

Rating: NNNNN


Bill gates says spam will not be a problem two years from now. He made this declaration while sharing his vision of an e-mail postage system at the World Economic Forum in Davos, Switzerland, earlier this year. His theory is that the rising tsunami of junk e-mail would become a dribble if senders had to pay even a penny for each message they send.

Spammers typically go out hunting with a large shotgun, hoping that a few pieces of shot among the millions fired will hit their target. While the actual consumer response rate for these messages is incredibly low, that’s not a factor in the economics of spam, due to the negligible costs associated with sending torrents of e-mail.

Once a per-message charge is applied, however, non-commercial e-mailers like you and I won’t suffer too badly from paying a cent each time we send an e-mail, but spammers would suddenly have a business model that sucks like a gaping chest wound.

But the Microsoft plan will never see the light of day.

For an e-mail postage system to work, we’d need a system of clearing houses to process transactions and send electronic micro-payments to the appropriate accounts. This system could be centralized or distributed globally and still potentially function properly, but it would need to be integrated into what would serve as a central point of authentication for the planet’s e-mail senders.

To hold people accountable for the e-mail they send, it’s necessary to know who they are. An authentication system would ask for their user name and key (a password, pass phrase or biometric input) to make them prove they are who they claim they are. Once authenticated, all e-mail they send would include a digital signature and, perhaps, an electronic stamp.

Guess who has the largest, most ubiquitous and arguably best authentication system on the Internet? Yep, Microsoft.

Microsoft’s Passport is used by Hotmail, NASDAQ, eBay, McAfee and scores of other Web properties to authenticate their users. A growing number of partners pay for this service, and Microsoft would love to become the default public key identity (PKI) infrastructure provider for Earth.

Terry Sullivan, a member of the Anti-Spam Research Group (http://asrg.sp.am), isn’t impressed with the Microsoft idea.

“E-mail is user-to-user, from e-mail server to e-mail server,” he says. “That’s how e-mail works on a global scale. The idea that we’re going to insert an intermediary layer to charge a fee or ask a question or require a DNA sample for users to have permission to send e-mail is a scheme ultimately doomed to fail.”

Sullivan believes Gates’s plan would cost more to implement than it would save and would ruin e-mail as we know it.

“Microsoft has made no secret of the fact that it wants to take the computer you bought and paid for and turn it into a metered utility.”

Fortunately, there are other potential solutions.

Only one week before Gates was proselytizing at Davos, a gathering of almost 600 developers, lawyers and researchers were meeting at MIT’s Spam Conference (www.spamconference.org). Their primary preoccupation was an anti-spam technology called SPF (once known as sender permitted from, now called sender policy framework), an open-standard SMTP (simple mail transfer protocol) extension that stops spam by rejecting e-mails coming from forged addresses.

SMTP is the protocol used to send all e-mail today. To our collective detriment, it has a weakness that allows spammers to forge the from and return addresses of their e-mails so they appear to come from other people.

SPF uses the unforgeable aspect of SMTP (the IP address of a sender’s mail server) to verify the legitimacy of e-mail from a domain name. When a recipient receives e-mail from an IP and domain that don’t match those in the SPF registry, it gets discarded as spam.

Eric Raymond, outspoken anti-spam activist and president of the Open Source Initiative (www.opensource.org), warns that SPF is not in itself a solution, but rather part of something larger.

“Spam is like a plague. You can’t stop it with any one technique or defence. You need a combination of things like authentication, filtering and blacklisting.”

That said, he still thinks SPF is a much better solution than Gates’s.

“We don’t trust the Microsoft solution,” he says, insisting they will turn it into a market control tactic.

The global rollout of an open-source spam solution like SPF or some other modification (or replacement) of SMTP is far more likely to be the cure for what ails us. It sure beats an e-mail postage system that would require almost unattainable approvals from businesses, academics, governments and standards bodies.

next@nowtoronto.com

Advertisement

Exclusive content and events straight to your inbox

Subscribe to our Newsletter

This field is for validation purposes and should be left unchanged.

By signing up, I agree to receive emails from Now Toronto and to the Privacy Policy and Terms & Conditions.