At ZDNet AnchorDesk, David Coursey writes, “The only way to stop unsolicited commercial e-mail and the viruses, worms, Trojan horses, and other scourges of the Internet will be to get a new one. A new Internet, that is. Oh, and while we’re at it, we’ll need new computers and operating systems, too.”
Coursey’s argument is technically flawed. Each email comes with the IP address of its source (or relay point, which is sort of the same thing for this discussion) embedded in the headers. It’s trivial to turn that IP address into contact information for the ISP involved, and with the right motivation, it’s easy for that ISP to turn the IP address into billing and contact information for the spammer. Email or web access is no more anonymous than telephone numbers are.
The solutions fall into three levels: technical, operational, and legal.
At the technical level for spam, there are flaws in the email transmission protocols such that it’s not quite practical to refuse email from senders you don’t know while at the same time telling them a way to get to know you if they’re legitimate, so you’ll accept their email next time. The technical changes involved to fix this aren’t that big, but they require tweaking all the mail clients and servers together, so it’s a collective action problem.
At the technical level for worms, if you’re running a client that will run any old code someone sends it, hello, you’re going to get infected by something sooner or later. Fix the clients, the problem goes away. (My ISP did a smart thing and just set up something that bounces any email with directly executable content. “Zip it,” they say, if you need to send an executable. This is a hack necessitated only because people run lousy clients, but OTOH, their customers didn’t get any worm emails through them, either.)
At the operational level: what spam problem?
You get spam because the default contract with the world for email is that you’ll accept email from anyone on the Internet. This default dates back to the days when the entire Internet population was a few thousand computer science aficionados sitting at terminals, who would gladly accept messages from any of the other geeks on the net.
But now with a few hundred million people on the net representing a wide cross-section of humanity, of course you’re going to get junk mail from a few of the choicest specimens at the bottom of the barrel. Deal with it.
It’s easy to configure your mail client to accept mail only from people you know, and let the rest figure out on their own how to get a message to you. You’re listed in the phone book, right?
Or conversely, it’s just as easy to install an automated filter that will segregate the junk mail into a folder you can glance at once in a while, to make sure the filter didn’t zap someone you really wanted to have a conversation with.
At the legal level, once legislation and law enforcement come up with a reasonable definition of spamming and the desire to stop it, that will provide the motivation necessary for ISPs to identify spammers and turn them over to the legal system. This is not just a local problem, but a global one — for instance, I get English-language spam which has been sent from China, where it’s currently difficult for me to complain. For a legal solution to help, all the countries connected to the net will have to cooperate.
We don’t need secure hardware to fix these problems — it’s easy to identify network endpoints. We just need the way the net works in society to grow up a little more.