SPAM or UCE (unsolicited commercial e-mail) is a growing problem that has been plaguing the internet since the U.S. goverment turned over control to the private sector. I was reading one of my favorite hardware sites, [H]ardOCP when I came across this thread on their forum. What struck me was how misunderstood this problem is. SMTP, the protocol that defines how mail is sent and recieved is entirely open. This is both good and bad. It’s good for a free society to be able to communicate freely and openly without the threat of censorship or other outside controls. However, this freedom can be abused by a small minority affecting the community as a whole. This is the situation we find ourselves in today. Various methods have been proposed, but only a few make real sense. The best solution today is to implement a dedicated spam filter. Contrary to popular belief, spam filters are not as cumbersome or inaccurate as they used to be. Products like MailFrontier have drastically reduced the number of false positives while still trapping almost 100% of the junk mail. As good as they are, I still see this type of product as a stop-gap on the way to a better solution. That better solution will probably involve extensions to SMTP. Digital signatures may be one part of the solution. (similar to how commercial websites register with a trusted certificate authority like VeriSign) While setting up a trust framework will help weed out the known good, from the known bad, there will always be a small subset that remains unknown. There are also issues like virus-infected computers that are used by spammers as a proxy to send their junk mail. These problems can be solved today, but the largest barriers are complexity and the ammount of work required. However, those barriers are getting smaller every day as security products become more tightly integrated and easy to deploy and maintain.