The death of spam?

My friend Paul English has written an interesting bit about spam and ways that we need to combat it:

"The keys to ending spam are (1) to eliminate the ability for spammers to falsely identify themselves and (2) to then determine which Email Service Providers (ESPs) actually prevent their correctly identified users from sending spam." (From Sender Identification Rollout)"

Paul makes a very interesting analogy with Identity Theft - he calls it "Email Identity Theft." In the following piece, Bruce Schneier writes some novel thoughts about identity theft, basically making the argument that scaring consumers about identity theft is exactly the wrong thing:

"Identity theft solutions focus much too much on authenticating the person. Whether it's two-factor authentication, ID cards, biometrics, or whatever, there's a widespread myth that authenticating the person is the way to prevent these crimes. But once you understand that the problem is fraudulent transactions, you quickly realize that authenticating the person isn't the way to proceed." (from Mitigating Identity Theft)

Bruce makes a point analogous to what Paul is saying - which is to put the onus on the service providers to not only prevent but importantly to shoulder the risk and liability:

"We need to make the entity that is in the best position to mitigate the risk to be responsible for that risk. And that means making the financial institutions liable for fraudulent transactions."(from Mitigating Identity Theft)

Technorati Tags: security