Skip to content

Sorry, I missed your E-mail

Since August 1, 2005 I’ve received 18000 spams to my personal e-mail address. There’s some other large number that has hit my business e-mail address.

<p>Here’s why this is important: I use MailScanner and SpamAssassin to scan my mail for me so I don’t have to sort those 18,000 messages myself, just the dozen or so that get through each day.  The problem is, for every system with a false-negative error rate there are false-positive errors.  So, the math says somewhere in that 18,000 message mailbox there are a few legitimate messages for me that I never saw.  And I’m not digging through 18,000 messages to find them.</p>
<p>So, e-mail has become a best-effort communications medium, thanks to spam.  Just when it was becoming quite reliable and effective the spammers have gone and loused it up.  I expect that number will look like 30,000 next year.</p>
<p>Back in ‘98 I proposed a hierarchical web-of-trust system based off the .us domain whereby town clerks could sign keys for their citizens.  I’m thinking again something like that is becoming more necessary - some trusted third-party system with local-control over fraud.  I wouldn’t remove any of my SpamAssassin filters, but I’d score down any mails that came in that were signed by town clerks.</p>
<p>CACert may be the right root to kickstart this process.  BTW, I haven’t mentioned here before I’m now a notary for CACert as well as Thawte.  If I know you get an account (if you don’t already have one) and ask me to attest your identity.</p>
<p>There’s no reason such a system cannot scale to be international, and should such a system be put in place, we could up-score mail from any countries that don’t participate.</p>
<p>First step - the Ghost of John Postel needs to wrest back the locally-delegated US Domain from Neustar & the FTC.