Since August 1, 2005 I’ve received 18000 spams to my personal e-mail address. There’s some other large number that has hit my business e-mail address.
<p>Here’s why this is important: I use MailScanner and SpamAssassin to scan my mail for me so I don’t have to sort those 18,000 messages myself, just the dozen or so that get through each day. The problem is, for every system with a false-negative error rate there are false-positive errors. So, the math says somewhere in that 18,000 message mailbox there are a few legitimate messages for me that I never saw. And I’m not digging through 18,000 messages to find them.</p> <p>So, e-mail has become a best-effort communications medium, thanks to spam. Just when it was becoming quite reliable and effective the spammers have gone and loused it up. I expect that number will look like 30,000 next year.</p> <p>Back in ‘98 I proposed a hierarchical web-of-trust system based off the .us domain whereby town clerks could sign keys for their citizens. I’m thinking again something like that is becoming more necessary - some trusted third-party system with local-control over fraud. I wouldn’t remove any of my SpamAssassin filters, but I’d score down any mails that came in that were signed by town clerks.</p> <p>CACert may be the right root to kickstart this process. BTW, I haven’t mentioned here before I’m now a notary for CACert as well as Thawte. If I know you get an account (if you don’t already have one) and ask me to attest your identity.</p> <p>There’s no reason such a system cannot scale to be international, and should such a system be put in place, we could up-score mail from any countries that don’t participate.</p> <p>First step - the Ghost of John Postel needs to wrest back the locally-delegated US Domain from Neustar & the FTC.