Furthermore, individual subsolutions should be evaluated in the
context of a complete solution strategy.
I believe that this is the alpha and omega of this problem.
I don't think that any authentication based approach is practical unless
filters are first deployed on a widespread basis. The early adopter
value of authentication based approaches is to ensure that bona fide
messages can get past filters that support authentication.
Contrawise filters are only going to get so far. I have sen people spend
a considerable amount of time and effort on Bayesian approaches to
events data. Those results suggest that it is highly unlikely that Bayes
is a magic bullet that eliminates 99.5% of spam with no false positives
in the general case.
If the spam continues to increase at an exponential rate no filter that
is less than 100% accurate is going to provide an acceptable solution
for very long.
Combine filtering with authentication and you have the elements of a
robust short and long term solution.
Another aspect of the complete solution approach is the legal and policy
side. I do not believe that we should simply abandon that aspect on
ideological grounds. I know that many members of the group have little
faith in their governments, I do not share that view (although I may
share it in the case of particular governments).
At the very least we should recognize that even if legislation may not
make the spam problem better bad legislation could make it worse.
The possibility should not be excluded that a technological proposal
might make a the difference between a particular legislative proposal
being feasible or not. For example in the US the crux of the policy
issue is the problem of OPT-IN/OPT-OUT. If you read the Nixon decision
you will see that any blanket ban on spam risks being stuck down on
first ammendment grounds. But an onp-out list can be abused by spamers.
I believe that the proposal I made some time ago while I was at MIT for
one way encrypted opt-out lists finnesses the difficulties identified in
this respect. I will circulate a paper on that topic shortly.
Phill
smime.p7s
Description: S/MIME cryptographic signature