I think the whole issue needs to be resolved at ISP level. Just like we have certificates for websites ISPs should issue certificates for users and websites and email should only allow certified users to use the service. The ISP has to know who you are and where you are to bill you so when you sign up for an account your details could be fixed by the certificate issuing authority. It would also save having to fill in name and address details all the time.
Websites could then refuse access to someone who doesn't come with a verified certificate. Could potentially reduce the amount of spam if mail servers only accepted mail from genuine certificated users.
Would also stop fake accounts because the certified user would have to be registered at an address with credit card or bank details to get the certificate.
-Carol Haynes
Sounds very, very dangerous. It basically eliminates privacy entirely. Besides, it wouldn't stop spammers. e.g. http://pwnieexpress....oducts/wireless-plug
-Renegade
Don't really understand the last comment - if ISPs only actually accept email from certified users then spam would be seriously reduced and prosecutions more effective. If you want to use your own domain name you already have to register it and are legally required to provide accurate contact details - if certificates could be attached to your account and/or hosting server it would make it far harder for spammers to spoof your email address - and you wouldn't have to divulge any information that isn't already required.
As for privacy on the internet - in this day and age privacy is a total myth - on the internet doubly so.
I don't see why certification, per se, should impact on privacy - I am not suggesting that they should collect all user activity as part of that (beyond what they do now) and they wouldn't have to collect any more personal data - but they would be required to verify that the data provided is accurate before issuing a certificate. Given that ISPs have to know who you are, where you live, and a payment method it shouldn't take much more for them to issue a secure certificate which you can then use to verofy your genuine user status when you register at a webshop (which again needs the same information). It would also stop fraud because they shop would know your real name and address for shipping goods and so no one else could hijack the account to send stuff to alternative addresses.
The UK government are already (and repeatedly) pushing for legislation to force ISPs to log website visits, internet traffic and even email content for all users (of course if we don't want it we are all terrorists). The US already does this sort of thing as a matter of course.
Don't know about other countries but I am pretty sure the last UK Labour government made it illegal to use encrypted content email because they want to be able to read it. God knows how they plan to enforce that but then it is illegal in the UK to own software or hardware that even has the potential to commit illegal acts (and especially DVD/BD ripping) - presumably everybody with a computer is a potential prosecution target!
