=> seriously, there have been various proposals ([ADV],
etc) to facilitate "legit UCE," but that hasn't slowed the arms race. How would you recommend that we make it easier for legit businesses?
I don't propose that we make it easier for legit UCE. I'm simply pointing out that it's an arms race because we are solving the wrong problem. We are making it hard for people to send spam, therefore we are reaching the point where only criminals do so. I would rather see us focus on securing the email architecture. Secure submission is part of that, but for some reason people are unwilling to imagine an email system in which an ISP will only accept incoming messages from another ISP with which they have an existing agreement, i.e. rather like email peering. I happen to believe that a web of email peering agreements is the best way to get us to the point where it is difficult for anyone to anonymously send email because they *MUST* relay it through an ISP who will not accept the email for relay unless they have authenticated the user. This is solving a different problem. Spam is merely a symptom of an overly simplistic and insecure email architecture. Now that it has drawn our attention to the problem, I think we should ignore spam and focus on making a better email architecture that people can actually use again. --Michael Dillon