Over at Circle ID today is an article that reflects what I was saying recently on how branding is the solution to spam. In essence, someone else needs to assure you that the sender is not a spammer; the sender needs to have placed some sort of collateral at risk if they do spam; the collateral needs to be sufficiently large to make spam uneconomic; and the number of "someone elses" doing the assurance needs to be modest (otherwise we haven't solved the problem if every message requires me to authorize the sender).
My proposal was that your ISP is the natural assurer that the sender is kosher. You (or a delegate) maintain a list of whitelisted ISPs. CircleID's proposal is that the mail server is the source of assurance. Every mail server comes with a unique key; every mail server is paid for; the supplier of the mailserver maintains the whitelist of kosher mailservers.
This alternative system delivers the trust assurance into the hands of Microsoft and IBM. You trust the source of an email to be correct and non-spamming because the Microsoft brand makes you believe in their whitelist. Your ISP isn't adding value over and above operating the system on behalf of Microsoft. Free open source software is neutered, because the very act of not having to pay eliminates any associated economic incentive not to abuse the product -- there's no excommunication event for spammers using Sendmail.
CircleID goes one step further and suggests that only recipients with a mail server from the same vendor will be able to use the filter, delivering a near-instant monopoly to Microsoft because of the network effect.
The problem with making the mailserver supplier the center of trust is that it is a one-size-fits-all solution. What may be spam to you might be perfectly legitimate to me. It is also not an exclusionary business in the same way that operating systems are. Hosting multiple OS's and learning how to use them is a significant barrier to end users, hence the Windows monopoly. Adding multiple trusted sender assertions to an email is not an issue -- the receiving mail server and client deal with it on behalf of the user. So maybe some hybrid approach will emerge.
My suspicion is that telcos have never even thought of decomposing where value comes from in communications, and which parts of the value chain they want to be in. They aren't even aware that third parties are about to nibble at their lunch. They don't know what their brands are supposed to be asserting to the user. Am I promising you clear unsullied personal connectivity at the IP layor or the application layer?
There is no reason your ISP has to be your access provider. My email server and hosted web space can be bought from anyone. (This subtle distinction is often lost -- ISP is often used synonymously with access provider.) Access is slowly becoming cheap, fast and easily substituted. But the trust you place in a third party to filter your communictions to only things of interest is not easily substituted. It's like wanting to marry a second wife on a trial basis before you divorce the first one. The world just doesn't work that way.
Whether it is ISPs or software platform vendors that capture the trusted intermediary role, the telcos lose either way.
Posted by Martin Geddes at 11:53 AMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/61
Listed below are links to weblogs that reference Another can of spam:
»
online poker from online poker
You can also check out the pages dedicated to online poker party poker
[Read more]