Light at the end of the spam tunnel?

One of the reasons spam has become so ubiquitous is an intrinsic flaw in Simple Mail Transfer Protocol (SMTP) — the Internet protocol that handles the sending of mail. Basically, SMTP doesn’t concern itself with authenticating the sender of an email message. This is because it was designed by a community of researchers who trusted one another. But this flaw is what is mainly exploited by spammers, who spoof senders’ addresses to fool SMTP. I’ve long wondered why the Internet community hasn’t decided to close the loophole. Now, it appears that things are happening. An eWeek article reports that: “A grass-roots movement to improve the SMTP protocol that governs e-mail traffic is gaining acceptance, and its lead developer hopes to get fast-track approval by the Internet Engineering Task Force to make the emerging framework a standard. The developing framework, known as Sender Policy Framework (SPF), would prevent the spoofing of e-mail addresses and hijacking of SMTP servers, common tactics used by spammers to remain anonymous to the millions of addresses to which they send unsolicited e-mail. The group behind SPF, known as SMTP+SPF, published its Internet draft Wednesday, the first step on the road to IETF approval, according to Meng Weng Wong, who’s spearheading the effort. Wong, the CTO of e-mail forwarding service Pobox.com, plans to attend the 59th IETF Meeting, which starts Feb. 29 in Seoul, South Korea, to make his case for the IETF to form a working group to study SPF. But Wong said he’s hoping for more than that. He wants the IETF to adopt the SPF framework, bypassing the workgroup stage.” Hooray!

Tim Berners-Lee wrote a lovely essay a while back explaining why it is anti-social (and dangerous for the network) to exploit a particular protocol to gain a commercial advantage.