Why spam can only be managed, not ended

Years ago when I was still a bit more naive, I thought we could end the spam dilemma if we would simply implement domain-level sender authentication using digital signatures. In fact when David Berlind wrote “Why spam could destroy the Internet” in November 2002, Berlind quoted me saying that every domain’s official SMTP server should digitally sign each message to prove the email came from that domain. SenderID and Yahoo’s DomainKeys came out around 2004 gave me the satisfaction of knowing that I wasn’t alone in calling for domain-level authentication and DomainKeys is very similar to what I was proposing in 2002. The difference is that I proposed using standard commercial digital certificates from commercial Certificate Authorities to distribute public keys whereas DomainKeys used DNS to publish its public key information.

I was so sure at the time that if we could only get people to use this system we would surely stop spam. Microsoft’s Bill Gates gave me some company in 2004 when he proclaimed that “spam will be a thing of the past in two years’ time”. As it turns out, we were both wrong and naive to say that we can stop spam because it’s like saying you can stop crime and the most we can ever hope for is to manage it to tolerable levels when there are determined adversaries who will do anything to get around any barrier you can put up. I am coming clean on this now because there are still so people who believe that stopping spam is simple and that if it isn’t stopped, it’s must be the fault of the major ISPs and corporations for dragging their feet. » Why spam can only be managed, not ended | George Ou | ZDNet.com

Linked by shanmuga Saturday, 27th October 2007 12:00AM