Craig Newmark's modest anti-spam proposal

Craig Newmark's modest anti-spam proposal

Summary: Craigslist's Craig Newmark weighs in on the recent anti-spam/phishing debate. The Goodmail/AOL proposal, which Esther Dyson has written about, is built around a pay-to-send email certification scheme.

SHARE:
TOPICS: Collaboration
3

Craigslist's Craig Newmark weighs in on the recent anti-spam/phishing debate. The Goodmail/AOL proposal, which Esther Dyson has written about, is built around a pay-to-send email certification scheme. The DearAOL Coalition rejects it as an "email tax." Here's what Craig proposes on his blog:

Here's what seems to be a great alternative to the Goodmail/AOL approach, though it needs to be fleshed out.

The intent of all this is to fight spam and identity phishing. Key is to provide acountability of email sources, by providing a means to digitally sign emails as from a trusted source.

I'd propose that any emails be passed through spam filters as suggested by Goodmail, if such an email:

is digitally signed, and

the digital certificate is from a recognized digital certificate certifying authority, like a state DMV, the USPS, or others to be named later

Such signed/trusted mail should be given credit in spam filter formulas AND be marked as signed/trusted by AOL et al.

That way, we get the benefits of spam fighting, and we get competition with Goodmail and others. I believe the software to do all of this already exists, and this can be done cheaply.

Well, what am I missing?

Topic: Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Nothing new

    I find Craig's proposal nothing new. Being a thawte WoT notary myself, I've been promoting the use of digital signatures for quite some time now. They are useful in the spam war, but then again there are other ways.

    My alternative proposal would be to use HashCash (http://www.hashcash.org/) as a means of ensuring that the e-mail delivered is not spam. The problem with using HashCash now is, however, lack of Windows-based solutions for adding HashCash signatures. If e-mail clients incorporated this simple proof-of-work technique, this could be the key to ensuring delivery of ham. Treat this as my alternative proposal to the Goodmail/AOL deal, which I, myself, also find disturbing to the idea of electronic mail and the Internet as a whole.

    PS if AOL wants to cut down on spam received at their servers, they should have employed Greylisting (http://www.greylisting.org/) a long time ago. I wonder why they aren't using it?...

    If you can read Polish, more of my comments on spam wars, tests, etc. are posted at irregular intervals at http://spam.jogger.pl/.

    Tomasz Andrzej Nidecki,
    a dedicated Polish spamfighter.
    tonidizer
    • I like both ideas

      I like both as a method to cut down on spam. I would think they could each be used at two different point in the email delivery. Newmarks could be used by the ISPs to weeed out spam while the hascash could be used by the end user to weed out spam.

      the reason I would use them this way is that there are some folks that do letigimate mass emailing, partuculary newletters, like ZDNet's and others. it would really affect thier ability to send out those newsletters if they had to take 1/2 second per recipient to send them.

      The hashcash header lets me as an end user see that the sender actually thought the email was important enough to incur some expense to send, and is therefore probably important that i read it. It can help me prioritize my inbox.
      tima_z
  • Solution

    Solution:

    - Deliver non-commercial, bulk or individual, email at no cost with the same benefits and efficiency as commercial certified email, only after the entity responsible for that server accepts and demonstrates ownership and responsibility.
    - Have an independent uninterested certifying authority audit how responsible bulk commercial senders are.
    - Charge advertisers which can prove that they send only to those which request their information.
    - Provide the solution free of charge to all recipients.

    smtpRM does all of the above, www.mujica.com
    alberto@...