I said: > > Realistically, as the unwashed masses get net access, it's only going to > > to get worse. Stopping it now is essential, while the problem is relatively > > small. In a year, it's not going to be a small problem any more. > David, may I ask you - you say stopping it now is essential; how is > that? Is there a way to stop it? On reflection, there probably is no way to completely stop a determined bozo from doing something he shouldn't; escalating measures and countermeasures soon leads to doing nothing but devising better mousetraps instead of improving things for the legitimates. The main reason I think it's important to address hardening the infrastructure against this sort of thing ASAP is simply the sheer numbers of people it will have to serve in the coming months and years. Historically, the net population has been a tiny fragment of society, generally well-educated, technologically literate, and essentially rational. With the commercial online services like AOL and Compuserve adding literally dozens of users each day -- and a population connecting that is generally not part of the historical demographics -- the infrastructure has to take on the role of protecting itself against misuse. Gentleman's agreements are no longer sufficient -- software must be designed to offer significant resistance to misuse. Eric's "spam detector" is a very good beginning. Usenet news is probably the next likely candidate to have some significant defensive programming applied to it -- probably a similar method to what Eric has employed with nontrivial checksums applied to articles, along with a complete redesign of how moderated newsgroups are handled. > I was thinking that if there were some (virtually) unbreakable encryption > scheme to map each email address uniquely into a password number, then > this number could be stored on the users account - non-readable by > others. A nice idea, but not deployable. Neither you or I control the end user's machines, and it would require significant changes in the network infrastructure, again, which we don't -- and can't -- control. It also doesn't address the massive diversity of systems connected to the global Internet -- and remember, it's got to work everywhere. The solution has to be in the network services, or, better yet, in the network protocol suite itself. IPng has a strong security/authentication service as part of the design, however widespread deployment of IPng is still fairly distant, and still doesn't address the peripheral connecting networks such as the UUCP and NJE worlds, which will need to be addressed by gateway software. LISTSERV is a major network service, and now can protect itself fairly well, given appropriate network bandwidth to allow propagation of the control information. Now, if we can only convince the authors of C-News and get something like this installed as widespread as possible...8-(.