Monday, October 06, 2003

Fighting Spam -- yes, it's doable.

Spam Fighters Turn to Identifying Legitimate E-Mail: "People have been spending all their time creating filters to find the bad guys,' said Nico Popp, vice president for research and advanced products of VeriSign, the largest registrar of Internet sites and a seller of online identification systems. 'We want to turn that on its head and find ways to identify the good guys and let them in.'

Put simply, these efforts are trying to develop the Internet equivalent of caller ID, a technology that will let the receiver of an e-mail message verify the identity of the sender. As with caller ID for telephones, senders will be able to choose whether to remain anonymous. But also like caller ID, recipients may presume that those who do not identify themselves are sending junk.

I've been clamoring for sending service authentication (the NYT has it wrong, this is about authenticating the sending service, not the sender -- the latter is the obvious solution but it's overkill) for years. I emailed influential folks, posted in newsgroups, posted on my web page.

It seemed self-evidently the right balance of intervention, enough to do the job but not overkill.

No-one seemed very impressed by my persistent presentations. Happily, it looks like the idea is catching on. (I'm pretty sure someone thought of this about 20 years ago, but what I found surprising was how hard it was to interest any expert in this approach. I never claimed it was my original idea.)

No comments: