PGTips91 Posted December 20, 2005 Share Posted December 20, 2005 In spite of all that has been done to prevent the reception of spam the flood of spam being sent is still on the increase, approaching crisis proportions IMHO. There are a number of approaches to dealing with spam. Some that I am aware of include: -- Blacklists, such as that maintained by SpamCop Bayesian Filtering Domain Keys Identified Mail DKIM [http://mipassoc.org/dkim/] Sender Policy Framework SPF [http://www.openspf.org/] Authenticated Sender, such as Senderbase [http://www.senderbase.org/] IronPort Reputation Filters SURBL - spam URI Realtime Blocklists [http://www.surbl.org/] Software such as SpamAssassin US CanSpam law and other laws Internationally All of these methods are post hoc methods of removing spam. Prevention is better than cure and my question is, what will it take to prevent spam from being sent, in the first place? I suggest two areas that need to be looked at. Protocols Firstly, since the basic protocols used on the Internet were devised without taking security into account, these need to be revised with proper security designed into them. To take what was essentially an internal networking environment and open it up to the world without any checks and balances is a recipe for disaster, as the present situation proves. The redesign of protocols is way beyond my technical knowledge but I believe that it needs to be discussed by the broader Internet community so that the issues can be known and less technical people can be educated to the point where they can participate in the decision-making process. Commercial Framework Secondly, the basis of the Internet currently is, 'trust everyone until they prove untrustworthy'. This needs to be replaced with 'trust nobody until they are deemed to be trustworthy and can be held accountable for breaches of trust'. If the Internet is to be used as the basis of commercial relationships and dealings then it needs to have a secure commercial underpinning in its foundations. Just as we have the Companies Office to prevent abuse of commerce, there needs to be a similar organisation that registers, polices and imposes penalties on those who abuse the Internet. Penalties can range from fines to banning for a time or permanently and apply to providers at all levels, including ISPs, DNS providers, email servers and web hosting servers, etc. Registration fees can be used to fund this organisation and the costs imposed thereby would be a small fraction of the cost of dealing with spam. With proper penalties for spam the economic incentives would be changed so as to eliminate it. Once the penalties began to bite spam would dry up rather quickly. Question What other matters need to be addressed to make the Internet a secure environment in which communications and transactions may be made without the current risks and abuse? Paul Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.