

Canning Spam: Why is it so difficult to prevent junk e-mail? - dpapathanasiou
http://www.economist.com/displaystory.cfm?story_id=9805795

======
chmike
I see at least two problems at the source of junk e-mail. 1X no authentication
of sender. One of the most problematic consequence is that reporting errors to
senders had to be disabled. smtp protocol, in its most common usage form, is
broken. Relying on DNS to authenticate (DKIM) is just moving the problem to
depend on DNS which is also weak from the security perspective.

2X the need for one to be contactable by anybody. This requires to open a door
for incoming info which will be exploited by spammers. This is an old problem
that managers are facing for years. The role of spam filter was hold by the
secretary (human filtering phone calls, visits).

The problem 1 is a technical problem and it is a shame it has not been solved
yet. Problem 2 is the real root of spamming. There are various ways to address
problem 2. This is one of the business model I'm currently investigating.

------
bharath
There are 2 cases to look at: 1) Personal email IDs: Most people used some
form of web-based email. For those of us that use Gmail for example, I dont
know if spam is that big of a problem anymore. Some spam (at least for me)
makes its way through the gmail filters -- but its at a level where I can live
with it. I would imagine that Google's recent Postini acquisition will end up
making the Gmail anti-spam solution better. 2) So that leaves us with
enterprises. The solutions proposed in the article will not work for
enterprises. DKIM for example, will not work in the botnet case. CAPTCHA based
solutions have usability constraints -- they cannot be mandated upon customers
and others who frequently mail people within the organization. So most
enterprises are forced to rely on gateway based antispam solution thats
basically a cat and mouse game.

------
Tichy
Both suggestions fail, because spam is usually sent from hijacked computers.
Nothing to prevent the hijacker from hijacking the "credit card" and the
authentication, too.

Also, I don't think it is true that the "undeliverable" type of spam had it's
origin on the recipients computer. Spammers just put the email address into
the sender field, it doesn't imply a compromised PC.

------
cstejerean
It's difficult to prevent spam because there is plenty of money to be made
from spam and as long as there is lots of money to be made the spammers will
get VERY creative.

