The real problem with C-R systems
Karsten has a pretty good page about the problems of CR systems, but I don't think he pays quite enough attention to the problems of using From addresses as an authenticator.
At the moment there is a certain amount of spoofing of From addresses. This can be done as a social-engineering attack, such as when sending a virus from security@microsoft.com. Or it can be done as a “Joe Job” to incidentally annoy or harm somebody the spammer dislikes. But neither of these is a really strong motivation.
However, if many people started filtering by From address either through TMDA or some other mechanism then you can bet that spammers would start forging them.
As other people have pointed out, to fix spam you need to address the economic problem: spam is cheap to send. Making spam expensive to send by e.g. requiring hashcash will penalize desirable communication such as mailing lists.
A good way to make it expensive is to impose hefty criminal sanctions. It is theft of service and it is unauthorized access to a computer system. In some cases it is merely akin to these existing crimes, but in the more common case where spammers actually break into a zombie machine to send spam it is very clearly illegal. We just need enforcement, and perhaps for the law to be made more clear.
Something on the order of $1000 for a small offense and three years in prison for a repeated offender ought to provide an appropriate deterrent. Some would-be spammers might baulk at the idea of being on the other end of M0NSTER C0CK!!11
In the case of heroin, criminalizing supply has increased the price, but demand still remains high. However, I suspect that people hawking penis-enlargement devices are less addicted to spam than others are to heroin. Hopefully, increasing the cost of would reduce the overall voulume.
On the other hand, making it more clearly criminal might attract a more desparate element. There are already reports of organized crime gangs being involved in say credit-card theft. Increasing the proft margins might encourage them to move into spamming, which might make the whole thing rather more nasty than it currently is.
posted Wed 27 Aug 2003 in /issues/spam | link
Archives 2008: Apr Feb 2007: Jul May Feb Jan 2006: Dec Nov Oct Sep Aug Jul Jun Jan 2005: Sep Aug Jul Jun May Apr Mar Feb Jan 2004: Dec Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan 2003: Dec Nov Oct Sep Aug Jul Jun May
Copyright (C) 1999-2007 Martin Pool.