The most workable definition of spam in this thread so far was that it
is bulk and unsolicited email. This definition is useful on a social
level (with humans interpreting both bulk and unsolicited) but becomes
less useful when formal definition is needed. (One can introduce
variations in messages in ways much more subtle than adding random
garbage at the end of the subject line and the body and other minor
variations, therefore automatic detection of `bulk' mail is hard.)
If we cannot formally define spam (and I do not think we can), we will
have trouble devising technical ways of dealing with it.
The solution to the spam problem will involve new laws. These need to
be supplemented by technical measures. I see two technical measures
that would be useful in tackling spam:
* Strong mail authentication -- this will allow to deal with mail not
coming from strangers;
* Ways to require the sender to do a complex computation before the
message is accepted -- to deal with mail from strangers.
Authentication per se is only useful for building good whitelists.
Both individual sender and site-wide authentication would be useful.
The second proposal I do not remember seeing in this thread (I am not
sure where it comes from). It could work as follows: an SMTP receiver
determines whether a message is whitelisted (based on authentication
information); if it is not, it uses a heuristic algorithm that
determines the probability that it is spam. Further, it assigns a
problem for the sender to solve before the message is delivered. The
problem must have predictable complexity that the sender must be able
to estimate before solving the problem. The sender can then spend the
resources to solve the problem to have the message delivered or simply
abandon the attempt.
A reasonable problem could be, perhaps, to find a string that has MD5
sum that has first n bits equal to a given string.
Let me stress that I do not think that the combination of these two
technical measures would `solve' the spam problem. But in combination
with a legal prohibition of spam in a few countries, it might help.
P.S. If people complained more to the ISPs it would help.
http://www.internet2.edu/~shalunov/uce/reporting-spam.html
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
Most people can do nothing at all well. -- G. H. Hardy