But will filters solve the spam problem? As with virus writers and antivirus solutions, it's a continuous game of leapfrog. The latest Bayesian filters work great, but spammers will come up with new tricks to outwit them. Meantime, spamming continues to be a profitable enterprise--some e-mail users are naíve enough to act on the spam offers that manage to get through.
Beyond filters, e-mail providers are fighting back on multiple fronts. Under development are protocol extensions based on transferring and verifying credentials between e-mail senders and receivers. DomainKeys (from Yahoo), Caller ID for E-Mail (from Microsoft) and SPF (Sender Policy Framework, from Me Wong Meng) all use DNS TXT records to store verification information for e-mail senders (see BuzzCut for more on the last two). Their techniques will help limit forged return addresses.
Another front is the courts. In March, Microsoft, AOL and Earthlink collectively filed six lawsuits under the CAN-SPAM Act. Recently, Microsoft filed eight more lawsuits. The CAN-SPAM act pushed aside some stronger laws on state books, so this recent flurry of suits will determine whether the federal law has any teeth. Additionally, several states, including California, Florida and Virginia, are producing statutes that will let individuals sue deceptive e-mailers.
Many hurdles remain. The millions of mail servers now in production must be updated to support SPF or Caller ID. Which one of these techniques will win out? Which one should you implement if you don't want to wait? Will these techniques require an overhaul of the DNS infrastructure?