Look, we can’t secure e-mail from spammers and virus attackers by some passive means that enables the sender to control the program. If we let teenagers license themselves to drive, we’d have a bad result, right? Sender ID and SPF leave it to the sender to legitimize their existence -- no one else is really in charge of anything but checking that existence, and that’s passive and voluntary as well.
Sender accreditation aficionados think they have the answer because they somehow vet the track record of the sender and legitimize the messages. But who’s to say that those companies will never be bought off by the spammers? Who doesn’t remember Jeff Skilling, Billie Sol Estes, Bernie Ebbers, Mike Millikin, and other legitimate thieves?
I’m more certain than ever that an active, aggressive program that shuts down the spam-spewing zombie PCs hanging on to ISP servers and enterprise networks is the only answer to spam. I’m also convinced that early virus outbreak detection schemes are the only way to stop viruses. All this chitty-chat about authenticating senders and accrediting them is just so much . . . well, you get my drift.