Would digital identity for mail servers cut down on spam?

Tuesday 13 May 2003 at 10:11

The spam thread came up on the COMUG OS X developer's mailing list recently. The thread started with a question about what programmers were doing about their spam. I've been meaning to post this idea for more than a week.

I'm definitely seeing a big increase in spam these days. Yesterday was a new high of 100 or so junk mails in 24 hrs. (I don't want to sound too impressed with myself. This is only half what CmdrTaco was getting last October.) Until recently, I've been happily relying on Mail.app to catch the junk. I've recently started a contract where I'm working in Windows and I'm now having to wade through spam from work.

I generally don't throw away my spam because I want the raw materials in case I ever re-install the OS (or get that new PowerBook I ordered) and need to re-train Mail.app. If I had the time, I'd hook a baysean spam filter to my procmail filters. SpamBayes looks interesting because I like python and Indra's net has python installed. The advantages of server-side spam filter are compelling -- most importantly benefiting from the spam filter regardless of the computer or mail client in use. The disadvantage is that I'll have to pay attention to my disk quotas on the server so I don't start bouncing mail because of my collection of spam. It's easy enough to schedule a script to periodically zip and ship my spam collection home, but writing that script has to compete for time with all my other pet projects.

That's how I'll deal with spam myself when time permits. In the meantime I'm suffering at work.

Let me run an idea past you. What if reputable ISPs electronically signed messages sent from their servers, and only stored or forwarded mail similarly signed? If mail servers have to certify their identity, then spammers would have to expose themselves -- opening them up for slashdot effects or denial of service attacks. What holes do you see in this idea? Would it be worth lobbying the programmers of sendmail and qmail?

Others have suggested digital identity among individuals as a good solution for spam because spammers depend on anonymity. The barier of educating all email users about digital identity is prohibitive, and there are good reasons why some email users want to maintain anonymity. Would you agree that most ISPs and those writing mail servers are technically clueful enough to deal with the complexities of digital identity?