PCWorld.com - Microsoft Merges Antispam Plan

http://www.pcworld.com/news/article/0,aid,116271,pg,1,RSS,RSS,00.asp

Microsoft agreed to merge its recently announced Caller ID antispam proposal with another, called Sender Policy Framework, or SPF.

The company reached an agreement with SPF's author, Meng Weng Wong, to roll the two proposals into one specification. The finished specification will be published in June and submitted to the Internet Engineering Task Force (IETF) standards group for evaluation. If adopted, the specification will provide a way to close loopholes in the current system for sending and receiving e-mail that allow e-mail senders to fake, or 'spoof,' the origin of their message, Microsoft says in a statement.

Neither the originals nor the merged version of these will work. As Bruce Scheier points out in his interview by Doug Kaye, most spam these days comes from zombified end user systems.

Bruce Schneier: You know, spam is a tough problem, and it’s really an economic problem. Authentication doesn't do any good because a lot of spam these days is being sent from stolen accounts. We already have blacklists that block spamming accounts, so spammers have learned they have to hack into the computers of regular people and send spam from there. So an authentication system will only authenticate who the victim is, the victim who has been hacked.