Digital IDs: a tool to reduce Spam
I have been writing and speaking about The Future of the Internet for more than eight years — as many of you have. One of the joys of this is the feedback received from all over the world — emails I have much appreciated and from which I have learned a great deal. Never in all of these years have I received so much feedback on something I have written than my recent weblog posting, a reflection about Spam.
A number of people have told me they don’t really get that much spam — maybe a few a day. And then I got a note from Danny Goodman (dannyg.com) who feels he is as much a victim of each major e-mail outbreak as anyone. Danny isn’t just emotional, he has done some analysis of his e-mail traffic and it is a real eye opener. During a recent 24-hour period he received 410 messages (13,146,928 bytes) of which 67 messages (685,303 bytes) were genuine. That translates to just 16% of the messages and 5% of the bytes!
A number of the emails I received were urging some form of economic penalty for spammers. The concept is that if the spammers had to pay they wouldn’t send so much fraudulent mail. Maybe, but I am not convinced of this approach. To make spammers pay, we would all have to pay. You could argue that it would be pennies, or at nominal, for most of us. However, it is the overhead and complexity of implementing a system to do the charging, keep track of messages, collect the fees, resolve disputes, etc. that I am concerned about. The last thing we need is to make email more complicated. Its great power and ubiquity has come about because it is relatively simple to use. Lets not make email something that requires an MBA to understand.
I continue to argue for an authentication based solution. This area requires care to not become complicated too but I believe that fundamentally it is sound and understandable. I would like to be able to set an option in my email program to accept email from “real people” – and place it in my in-box. All other email could be looked at by filters and if it clearly spam then it would be deleted and I would never see it. If it is questionable then it would go into an archive folder that I could look at later if I am expecting something and haven’t found it. So, what does it mean, “real people”?
It means that the sender is a person who has been authenticated. I don’t mean by the “government” or by any central authority. It means that some organization has said they know this person and have given them a digital ID. It could be their employer, their ISP, their insurance company, their bank, or other third party. My email program would automatically check directly with the “certificate authority” that issued the digital ID to verify that it was in fact issued by them. I could then have further flexibility. For example, I could say that any email from a person who got their digital ID from IBM is OK. From other organizations (or even ISP’s) I could say no. The point is that I don’t want email from nameless/faceless individuals or organizations.
Some people are erring on the side of “if I don’t know them or I haven’t approved them, then I don’t want mail from them”. That is OK for some but for me, I get a lot of email from people that I don’t know. It contains valuable feedback or valid questions. I am willing to sift through it. What I don’t want to sift through is email from people that have no identity.
Just to make life interesting, we are going to need digital IDs for “things” too — software agents, servers, and perhaps virtual entities.