Germany identifies a secure way to deal with spam

By demanding real-world identification from senders, a new German mail system may stop spam

By , IDG News Service |  Software

In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking.

In practice, that would involve building a secure, parallel e-mail infrastructure linking electronic authentication with real-world identities: a daunting task. Yet that's just what Germany is about to do.

De-mail -- a play on the country-code abbreviation for Deutschland (Germany) and the word e-mail -- is a government-backed service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish.

Eliminating spam is not the primary purpose of De-mail -- in fact, service providers will be legally obliged to deliver every De-mail message, without blocking any, just as the postal service is not supposed to throw away your mail.

But the proportion of spam in De-mail is likely to be much lower than in regular Internet e-mail, of which 77.6 percent was spam in January, according to Kaspersky Labs. That's because De-mail's requirement that senders identify themselves will make it riskier to promote fake pharmaceuticals and illegal pyramid investment schemes, while any charges to send messages will make spamming less profitable.

The identity requirement will also make it easy for recipients to filter and block unwanted De-mail messages -- there is no legal obligation to read them, after all. Filtering is also possible with regular Internet e-mail, but less reliable because of the possibility of address spoofing.

Messages sent through the De-mail service will have the same legal protection and status as paper mail, making it possible to send the equivalent of recorded delivery mail and obtain a legally valid receipt.

On the technical side, De-mail will use existing Internet standards, carrying messages over encrypted connections between dedicated SMTP (Simple Mail Transfer Protocol) servers that only communicate among themselves, isolated from regular Internet mail servers. The law will require De-mail service providers to comply with strict technical specifications and to pass regular security audits.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness