Germany identifies secure way to deal with spam

In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking.

In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking.

In practice, that would involve building a secure, parallel e-mail infrastructure linking electronic authentication with real-world identities: a daunting task. Yet that's just what Germany is about to do.

De-mail -- a play on the country-code abbreviation for Deutschland (Germany) and the word e-mail -- is a government-backed service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish.

Eliminating spam is not the primary purpose of De-mail -- in fact, service providers will be legally obliged to deliver every De-mail message, without blocking any, just as the postal service is not supposed to throw away your mail.

But the proportion of spam in De-mail is likely to be much lower than in regular Internet e-mail, of which 77.6 percent was spam in January, according to Kaspersky Labs. That's because De-mail's requirement that senders identify themselves will make it riskier to promote fake pharmaceuticals and illegal pyramid investment schemes, while any charges to send messages will make spamming less profitable.

The identity requirement will also make it easy for recipients to filter and block unwanted De-mail messages -- there is no legal obligation to read them, after all. Filtering is also possible with regular Internet e-mail, but less reliable because of the possibility of address spoofing.

Messages sent through the De-mail service will have the same legal protection and status as paper mail, making it possible to send the equivalent of recorded delivery mail and obtain a legally valid receipt.

On the technical side, De-mail will use existing Internet standards, carrying messages over encrypted connections between dedicated SMTP (Simple Mail Transfer Protocol) servers that only communicate among themselves, isolated from regular Internet mail servers. The law will require De-mail service providers to comply with strict technical specifications and to pass regular security audits.

Telecommunications operator Deutsche Telekom, corporate e-mail provider Mentana Claimsoft and Internet service provider United Internet (owner of the brands GMX and 1&1) are promoting the future service at the Cebit trade show in Hanover, Germany, this week, as is the German Ministry of the Interior, backer of the scheme.

Deutsche Post, the German postal service, has also developed a De-mail service, according to Ministry sources, but Deutsche Post was showing only its ePostBrief secure webmail service, which is already on the market but is not interoperable with De-mail.

None of the De-mail providers exhibiting at Cebit would say exactly how much they planned to charge for the service, although none of them expect the cost to exceed that of a paper letter, currently €0.55 (US$0.75) in Germany. But even at that price, De-mail senders would save by eliminating the cost of paper and printing -- or at least passing it on to recipients wishing to keep a physical copy of a document.

The secure nature of De-mail will allow banks and utilities to push out monthly statements or bills electronically, rather than on paper.

Customers can obtain the same documents from the websites of those organizations today, "but it's a pull process, they have to log in and download all this information," said Jens Mayer, De-mail project leader at Deutsche Telekom.

With De-mail, they'll be able to log in to a single site or service, the same one they use every day, to access bills and statements.

Deutsche Telekom's plan is that De-mail will be just another tab in the webmail interface for customers of its ISP subsidiary, T-Online: "Our philosophy is that De-mail should be as easy as e-mail," Mayer said.

Mentana Claimsoft, meanwhile, wants businesses and government organizations to use their existing Outlook clients and Exchange servers. The company has developed an Outlook plugin to flag authenticated incoming messages with a De-mail icon. Outgoing De-mail messages can go through Exchange too: Mentana Claimsoft will operate secure gateways into the De-mail system, although its customers will remain responsible for the authentication of their users and the security of their internal networks, said Nils Kiehne, an account manager and consultant with Mentana Claimsoft's GovMail division.

For now, De-mail usage will be restricted to German residents and businesses, but other countries could get involved. European Union competition laws require that Germany allow service providers from elsewhere in the E.U. to offer De-mail. And the legal frameworks for similar services elsewhere are starting to appear: only last month, France passed a law defining the technical framework for electronic registered mail.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies