Tech Web site CircleID.com ran a blog post by Meng Wong, best known as the lead developer of e-mail authentication scheme SPF, in which Wong predicts eliminating phishing will require e-mail box providers to move to a whitelist-only model:
“Just so you know where I’m coming from, the foremost concern in my mind is this: The final solution to the phishing problem requires that people use a whitelist-only, default-deny paradigm for e-mail. Many people already subscribe to default-deny for IM and VoIP, but there is a cultural resistance to whitelist-only email—e-mail is perceived as the medium of least reserve. I believe that we must move to a default-deny model for e-mail to solve phishing; at the same time we must preserve the openness that made e-mail the killer app in the first place. The tension between these poles creates a tremendous opportunity for innovation and social good if we get things right, and for shattering failure if we get things wrong. Can you imagine a Balkanization of messaging, where if you want to talk to someone you have to first join their BBS? I’m an idealist: I care deeply about the future of free communications. I don’t want to screw this one up.”
We don’t want you to screw this one up either, Meng.
Wong’s whole post can be viewed here: www.circleid.com/posts/internet_governance_an_antispam_perspective.