If these exist then why are we still having problems? Why do we let customers who have been infected flood the networks with traffic as they do?

Someone sent me a message on Friday with a Dykstra quote that sums it all up... It is impossible to sharpen a pencil with a blunt axe. It is equally vain to try to do it with ten blunt axes instead -- E.W Dijkstra, 1930-2002 It simply isn't possible to block spam no matter how many axes we use and how cleverly they are designed. If we would put the same amount of effort into a secure Internet email architecture, then the whole SPAM issue would just fade away. Today, there it is not possible to secure the email system by securing a subset of email servers. SPAM can enter the system at any email server and therefore we have to secure all servers in order to block SPAM. But any particular email server also needs to accept legitimate email from a large and unbounded number of sending servers. So it is a very, very hard problem to either separate SPAM sources from legitimate email sources or to separate SPAM messages from legitimate email messages. However, if the world shifted and the only way to send email was to use a secure authenticated submission protocol to pass the message to an ISP with whom you have a business relationship, then the scale of the problem changes. Now you only have to secure the submission servers and any particular organization can more easily distinguish between the small number of customers and the larger number of non-customers. Of course, this also means that all SMTP servers must also be secured to only accept email from known authenticated sources. This is technically possible if we had the will. However, today few people have the will to attempt to fix this problem because of the phantom SPAM problem. We see the symptoms of the email architecture disease and assume that SPAM is the disease itself rather than merely a symptom of the disease. In the meantime, Internet users are discarding the use of email in favor of instant messaging networks, some of which are more secure than email and have less SPAM. You will note that IM services are rarely offered by an ISP to its customers as part of a service bundle. The net effect of this is that one of the value-added services that smaller ISPs can offer is becoming eroded and replaced by a value-added service that is only offered by the largest ISPs. --Michael Dillon