It’s great to read in Spam Fighters Turn to Identifying Legitimate E-Mail that major web-oriented companies like Microsoft and AOL recognize the lunacy of allowing hackers to run amok in that beautiful little garden called WWW. You may already have seen my recent posts (Spammers Steal E-Mail Addresses and E-Mail Users Unite!) complaining not so much about spammers and their unwanted solicitations (bad enough!), but about the spammers who steal your e mail address, making it appear that the millions of messages they send out containing viruses and worms come from you. That means that every domain that receives these cretinous messages will be sending you failure notices explaining that you sent out an e mail containing viruses. Then you have to sit and delete all this garbage from your Inbox. In this post, I begged for the type of relief mentioned in the Times article. But of course, as this article makes clear, our old friends at Microsoft are proposing a solution which doesn’t sound like much of one.
They want to authenticate e-mail senders via their servers (IP addresses) and allow any mail from a trusted server to get the royal treatment. There are problems with this approach at least as far as this unlearned person sees it: hackers know how to take over servers or PCs almost at will, after which they send millions of pieces of spam all of which might appear to come (and indeed does come) from a legitimate trusted server. In this case, spammers would learn which servers were ‘trusted’ and only send spam from these servers. Then, we’d be back to where we are now with spammers running amok.
The other proposal would be to attach digital certificates to each posted e mail message which would enable the recipient to accept or reject it based on protocols that the recipient chooses. This is a more comprehensive solution, but one that involves a more complex implementation since most people have not installed software that would allow them to use digital IDs. That’s why Microsoft et al. doesn’t like this fix: “too complicated,” they say. Personally, I don’t see why adding digital IDs to e mail needs to be tremendously complicated. You download a new piece of sotware, configure it to work with your e mail. What’s so complicated.
As I said, I’m no expert about this and if I’m off base in any of what I said above, please correct me.