If worms are going to be sending out stuff on behalf
of the user (whether that be copies of itself, or spam
as in this case), then no amount of identity information
will be able to prevent it.
In that case, all discussions here of such protocols are moot, since the
very first thing spammers will do is adopt the use of worms to send their
I mean, even with all of the proposals put forth here,
it would still be impossible to filter worms without
disabling all file attachments everywhere, since some
users are always going to open attachments, or are going
to run bad clients.
I agree. It is curious that this impossibility is so readily acknowledged,
whereas the impossibility of stopping spam itself, which arises from exactly
the same foundation (that is, from the fact that it requires human
intervention in order to actually be effective) is being overlooked.
However, having verified identity information (the sender,
the host, the domain) *will* assist in enforcement against
worms: "we know your user is infected, here's the proof."
The spam will already be sent by then, and there will always be other
machines. Additionally, if one spam session uses 4000 machines, the cost of
finding and cleaning 4000 machines is likely to exceed the cost incurred by
processing of the spam by orders of magnitude.