The parlous state of email is an ongoing internet tragedy. Yes, email mostly works, but despite Bill Gates’ 2004 promise to solve spam within two years, my inbox is still clogged with rubbish.

Security firm Commtouch estimates that spam accounts for 67 percent of global email traffic. Furthermore, many users disable HTML rendering and image download, to defend against viruses and to avoid signalling to spammers that messages have been read. This is the context into which AOL and Yahoo have announced that they will introduce paid-for emails – re-igniting the old debate about whether internet postage stamps are the best way to defeat spam.

In reality, the Goodmail Systems service being adopted by AOL and Yahoo is aimed at mass emailers rather than regular business-to-business correspondence. Email marketers tend to get hit by spam prevention techniques even if they really are following the rules and are only contacting opt-in customers. They need a way to distinguish their emails from spam and are willing to pay for it.

There are three main techniques for authenticating emails. The first is through filtering. This is an imperfect science that mitigates the problem but risks the loss of some good emails.

The second method is to check that the source IP address matches the claimed email domain. Microsoft’s Sender ID and the rival SPF (Sender Policy Framework) work on this basis. Some systems, such as Return Path’s Bonded Sender, supplement this with a whitelist of approved domains, with a bond put up by the sending organisation to be forfeited in the event of abuse.

A third approach is to sign emails with a digital certificate. This is relatively inexpensive and easy to implement, using the services of a certificate provider such as VeriSign or Thawte.

Individuals can obtain a personal X.509 digital certificate from Thawte for free. Goodmail’s service also uses certificates, guaranteeing that the sender is on the Goodmail whitelist. An advantage of certificates is that they can also guarantee that the message has not been tampered with en route, though it is worth noting that any certificate is only as good as its issuing authority.

There are too many problems with paid-for emails for widespread adoption to occur. Systems like Goodmail may have a place, but for many important uses of email, such as mailing lists or forum notifications, the per-email model does not work. Goodmail is also tackling what for most people is the wrong problem. Few of us want to prioritise commercial emails, whether or not they are officially not spam.

Digital certificates on the other hand are sadly underused. If someone wants me to read their email, I do not see why they would not authenticate its source. The email problem is too complex for a single solution, but if internet culture shifts so signing becomes the norm, it will do a great deal to reduce spam, viruses and phishing.