On Apr 14, 2014, at 3:58 PM, Rich Kulawiec <rsk@gsp.org> wrote:
As I've said many times, email forgery is not the problem. It's a symptom of the problem, and the problem is "rotten underlying security" coupled with "negligent and incompetent operational practice". But fixing that is hard, and nobody -- not Yahoo and not anybody else either -- wants to tackle it. It's much easier to roll out stuff like this and pretend that it works and write a press release and declare success.
I think you're on the right track, but still suggesting their is a technical solution. I submit there is not. There is no car alarm that prevents all car thefts, no door lock that prevents all burglaries. No trigger lock that prevents all gun deaths, no lane departure system that prevents all car crashes. Spam cannot, and will never be solved by technological measures alone. They can help reduce the levels in some cases, or "squeeze the balloon" and move the spam to some other form. Ultimately the way to reduce spam is to catch spammers, prosecute them, and put them in prison. The way we keep all of those other crimes low is primarily by enforcement; making the punishment not worth the crime. With spam, the chance that a spammer will be punished is infinitesimal. There are hundreds, or thousands, or tens of thousands of spammers for every one that is put into jail. If we'd put even 1% of the effort that's been thrown at technical measures over the years into better laws, tools for law enforcement, and helping them build cases we'd be several orders of magnitude better off than technological solutions that are little more than wack-a-mole. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/