Interesting article Kelly, a similar situation of course exists with snail mail, 90% of which can be junk mail (isn't snail mail where the term came from?).

In this case however, there are some deterrents to the spammers: in the UK we have the Mail Preference Service (http://www.mpsonline.org.uk) who operate a legally enforceable system to opt out of 'Direct Marketing', which generally works very well. Other counties have similar schemes (I believe). Spammers who choose to avoid such systems now have to post from overseas, which massively increases their costs, so limiting junk snail mail to 5-10% in my experience.

Many countries are now introducing laws to protect their citizens from onshore sourced junk email, but unfortunately the cost barrier is not there to discourage 'offshore' senders. I suspect charging for email transmission would not be well received, and would in any case be difficault to enforce: perhaps there are other deterrents that could be used across borders?

I agree with earlier comments that getting users to adopt more secure technologies (eg: s-mail) may be an uphill struggle, it was bad enough getting tech savvy online stores to use SSL... however the inertia of the masses could also be used to introduce secure email, provided the big email client developers can be persueded to enable such technology by default, and ISPs can be persueded to generate client certificates when customers sign up with them (after all, they already have a trusted SSL cert for their payment server, it can be used to sign client IDs). Silly idea?

Phil

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/404/33661#33661