Michael G. Kaplan writes: A presentation delivered at the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS2011) details how every personal computer and server used to send an email or interact with a website can be authenticated, allowing for the control of email and web spam and the elimination of CAPTCHA. Universal adoption of the system would be inevitable as it does not rely on the participation of personal computer owners or system administrators.
Michael G. Kaplan writes: "Distinguishing between spam and legitimate email is difficult because it is frequently not possible to identify the computers from which an email originated. Email forwarding and the use of dynamic IP addresses can make it impossible to verify an originating mail server, while the personal computer that first sent the email is effectively never identified. A novel method offers a practical solution to this problem by authenticating nearly every email server and personal computer in the world. An introductory explanation of this method is the best place for non-experts in the field of email authentication to start. The core process of this method will also finally make it possible to do away with CAPTCHA."
Michael G. Kaplan writes: Spam emails often falsify their origin by listing spoofed servers in the email header since only the final server can typically be verified, and even the identity of this server is obscured if a dynamic IP address is used. A novel application of digital signatures will allow for the authentication of every mail server listed in an email header even if a dynamic IP is used. Near universal mail server authentication can be achieved without the participation of a single domain administrator and without the problems associated with the establishment of a public key distribution infrastructure that have plagued other digital signature schemes.
Spam is further enabled by the fact that the personal computer used to send an email is essentially never authenticated. A different digital signature process operating at the level of the email client will allow for near universal authentication of the personal computers used to send email; this method is designed to counter botnets and its implementation requires no participation on the part of the personal computer owner. A variation of this authentication process applied via web browsers will surpass the security of CAPTCHA and allow for their elimination.