Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Don't answer the door... we know it's our neighbors

Don't answer the door... we know it's our neighbors

  • Comments 1

A couple of years ago, I can remember Microsoft Chairman Bill Gates saying that the problem of spam would be solved by using a reputation-based anti-spam system.  Mail would be allowed on the basis of the reputation of the sender. 

This would work extremely well if we only wanted to talk to people who we knew, but of course, the weakness is that we also want the possibility of talking to new people.  We could conceivably get 98% of all our mail from people we know, and the other 2% would be out of luck.  It would certainly cut down on spam because spammers are certainly people who we don't know.

I think the flaw in this plan is that we don't actually want to exclude all mail from people we don't know, we want to exclude junk mail from people we don't know.  People sign up for new email services all the time.  Besides which, it could get exhaustive maintaining a list of known good guys and not accepting mail from somebody is excluding them because they aren't on our approved list.  Furthermore, new companies spring up all the time, we can't exclude mail from them just because they are new.  Would that stifle entrepreneurship?  Rather, we'd have to refine this by saying we don't not accept mail from people we don't know, but we will be suspicious until you prove yourself trustworthy.

The next step is rejecting all mail from people we know are spammers, but this technique is already in existence.  It's called blacklisting.

Leave a Comment
  • Please add 1 and 5 and type the answer here:
  • Post