Monday, July 31, 2006

Retrieve from Sender

Columnist Bill Thompson contemplates the problems caused by spammers forging his address, and he comes up with his own solution. And I just don't like it.

The problem, here, is that it's very easy to forge addresses. If I want to send a mail from pm@pm.gc.ca and claim to be the prime minister (the prime minister of Canada has a crummy email address, but that's irrelevant...), then all I have to do is say I'm sending from there, and the Internet will not tell me that I can't.

Mr. Thompson suggests that the solution to this is to send only the headers, and then when someone goes to pick up their mail, they should then go back to pm.gc.ca to get the rest of the message... if the mail wasn't really at pm.gc.ca, then it'd be quite clear at that point that the message was forged. It's simple enough.

So, what happens if someone trips on a cable and my link to pm.gc.ca is down when I happen to check my mail? Well, I guess I have to keep trying. Not so bad with one mail, but I get over a hundred mails per day. I read news while it downloads right now, but I'd be able to read a whole paper some days if I had to wait for all those server connections.

It makes so much more sense for the computers to do the waiting, and figure out all that authorization stuff while I'm still otherwise occupied. And indeed, the 'net was designed with the idea of nuclear war in mind, so sure enough, we've made it so that if someone blows up the province of Saskatchewan, I can still get my mail from there because I have a local copy... Or if malicious terrorists cut all the cables around the prime minister's office, anything he's already sent will have made it to the recipients, and he won't have to pray that people checked their mail that morning.

What really gets ignored here, though, is that this, like all the other make-sure-the-sender-is-authorized scemes, requires that everyone does the same. Even right now, I could log in, check my mail from teh local copies, and send out little probes to the servers to say "is this what you sent?" -- but unless they know how to respond, it's not going to make my life any easier.

Thompson notes this himself when he points out that his problem lies in getting his ISP to change their infrastructure. So he obviously understands the underlying issues. But why propose a new solution that doesn't address that more pertinent part of the problem? I agree with him that changing the underlying infrastructure would likely do a lot to curb spam, but it's like telling someone with a broken car to buy a new one rather than get it fixed, when it turns out that the real problem is that they don't have enough money to afford repairs.