In the heat of the spam battles a couple of years ago, a number of experts started to work on various ways to authenticate email messages. The idea was that email should be authenticated to insure it’s from a trusted source. In other words, “Joe Love” couldn’t send you an email promising new ways to enlarge various body parts, improve your prowess or buy pills illegally. That’s because Joe Love would be seen to be a false sender through authentication.
The problem has always been that email is sent using a wonderfully flexible but very dated protocol, Simple Mail Transfer Protocol (SMTP).
For example, it’s trivial to spoof an email (meaning, to make it seem like it came from someone else). In our iHateSpam program for Outlook, we have a “Bounce” feature which attempts to bounce a fake message back to the spammer that your email account is no longer active. It’s always been a problematic feature, because actually getting the message back to the original sender is quite difficult, and users have a hard time understanding how this could be. Well, in order to actually follow the email back to the source, you need to find the source. Believe it or not, it’s fairly difficult to do this without using a tool like Sam Spade.
At any rate, the idea of authentication never really went anywhere, and Larry Seltzer at eWeek writes about a new article by John Levine, who pulls no punches in what he believes is the heart of the problem:
…Part of the reason it’s taking so long to agree on a standard is that the process is infested with academic theoreticians who are more interested in arguing about hypotheticals and pushing their pet spam solutions than in doing something useful, but the main reason is that it’s a hard problem. Making changes to the e-mail system is akin to open heart surgery on a beating heart, in that you can’t stop it while you’re working on it, and the consequences of an ill considered change are bad.
Admittedly, this article will appeal to the more technical readers of this blog, but it’s a good overview of an area that deserves continued attention.
But perhaps part of the problem is money. As Allan McDaniel, our lead developer of iHateSpam told me “nobody has figured out how to make any money off of a solution. It’s hard to compete against free, even MS wasn’t able to pull that off.”
Link here through Larry Seltzer.
Alex Eckelberry