Eric writes: > If worms are going to be sending out stuff on behalf > of the user (whether that be copies of itself, or spam > as in this case), then no amount of identity information > will be able to prevent it. In that case, all discussions here of such protocols are moot, since the very first thing spammers will do is adopt the use of worms to send their e-mails. > I mean, even with all of the proposals put forth here, > it would still be impossible to filter worms without > disabling all file attachments everywhere, since some > users are always going to open attachments, or are going > to run bad clients. I agree. It is curious that this impossibility is so readily acknowledged, whereas the impossibility of stopping spam itself, which arises from exactly the same foundation (that is, from the fact that it requires human intervention in order to actually be effective) is being overlooked. > However, having verified identity information (the sender, > the host, the domain) *will* assist in enforcement against > worms: "we know your user is infected, here's the proof." The spam will already be sent by then, and there will always be other machines. Additionally, if one spam session uses 4000 machines, the cost of finding and cleaning 4000 machines is likely to exceed the cost incurred by processing of the spam by orders of magnitude.