Pity those few doctors and patients who have perfectly legitimate reasons to mention Viagra in the subject fields of their e-mails. Pity, also, the businesspeople who must speak of funds and the computer scientists who must attach executable files. All their messages are likely to be intercepted by software filters, identified as spam, and shunted into a trash folder.
This is the problem of false positives, and it fosters doubts about the reliability of e-mail. Further doubt comes from the threat of "phishing," in which con artists send e-mails purporting to be from legitimate organizations, such as banks, in order to inveigle recipients into revealing personal information.
In all its many guises, spam as an inescapable burden of modern life has waned slightly of late, or so the numbers suggest. According to the e-mail security firm MessageLabs Inc., in New York City, spam's share of all e-mail traffic fell from a spike of 94.5 percent in July 2004 to a mere 65.2 percent in July 2005, and it seems to have been treading water ever since. Still, that's nowhere near good enough for the IT industry.
So the industry's best and brightest keep looking for countermeasures. Two are now on offer, one from Microsoft, the other from Cisco and Yahoo. Each has its peculiar advantages, and they might well be complementary. Still, if you had to choose just one of them, you'd go with the Cisco/Yahoo idea. For our purposes, that makes Microsoft Corp. the loser. Which is not to say that the gnomes of Redmond, Wash., won't improve their method and make it the standard in our galaxy. They've done it before.
The Microsoft proposal, called Sender ID, tries to verify e-mail by comparing where it comes from with where it says it comes from. Say your system ran Sender ID and got an e-mail from someone at this magazine. First off, it would note the domain, "ieee.org"; then it would look up the message's Internet Protocol address on a vetted list maintained online by what is known as a reputation service. If it found that the IP address really belonged to ieee.org, Sender ID would validate the mail and lob it into your mailbox.
The competing proposal, called DomainKeys Identified Mail (DKIM) and put together by Cisco Systems Inc., in San Jose, Calif., and Yahoo Inc., in nearby Sunnyvale, checks an e-mail's bona fides differently. Say, again, that someone in the ieee.org domain sends you an e-mail. By the time the sender's Internet service provider hands it off, the DKIM system will have tacked on an encrypted digital signature to the e-mail's header. The header includes, along with the encryption, instructions on where to find the algorithm that calculated the signature and the public key that breaks the code. Your e-mail server would follow the instructions, discover that the message indeed came from ieee.org, and send it through to you.