This whole spam issue is so silly. In fact it could be a non-issue within 1yr.
Think about the root of the problem. What allows spam to be sent, and why can't spam be stopped?
The inherent flaw to internet mail, SMTP, is that there are no controls over who can setup a server and send mail. No authentication, no limits, and certainly no accountability for what is sent. Your SMTP passport is a simple IP address.
Current proposed solutions:
1- Spam Filters?
- false positives are a major issue
2- Is legislation the answer?
- Only on paper to the non-technically inclined law makers who don't understand the root cause of the problem
3- Bill Gate's 'Charge the Sender' plan?
- Too complex to implement and enforce
4- Random logic puzzles that you have to solve per message sent
- Too complex to implement, and too time consuming for the sender
5- Black listing domains?
- Too many IPs to blacklist as new ones pop up every few seconds. Actually, the solution is exact opposite of a black list
Solution: There should be 1 master SMTP white list run by a central body (ex ICANN). This list would contain both DNS and IP information of legitimate mail servers.
Similar to the current process of buying and registering a new domain, any organization wishing to send SMTP mail would need to pay an annual fee ($5, $10, whatever) to be placed on the SMTP white list. In addition to the fee, each domain/IP admin would be required to digitally sign a document indicating their compliance the unsolicited email policy. This would earn them a place on the SMTP white list.
Any organization wanting to avoid spam would subscribe to this list. Similar to the current simple process of subscribing to domain/IP blacklists (ORDB, SORBS, etc) mail server admins would add the white list to their mail server gateways. Subscribing mail servers would reject all SMTP traffic originating from domains and/or IP address not listed in the SMTP white list.
A domain/IP suspected of sending unsolicited emails would be given a warning and eventually removed from the master SMTP white list.
Domains such as Hotmail, Yahoo, and AOL would be treated differently than say HOCP.com. The free webmail providers already have good measures in place to limit dummy accounts created to send spam, (ie. anti-bot account creation filters, outbound SMTP limitations, enter the word shown in a graphic, etc. Spam originating from Hotmail, GMail etc would be treated on a per account basis).
This SMTP white list solution address many issues plaguing SMTP, and the internet in general
- cheap fly by night servers in China and Russia would be eliminated as a spam source because of the costs and accountability associated with getting your IP on the white list
- the issue of hijacked zombie PCs sending out 60% of all spam would become be a non-issue because the IP would not be on the white list
- open relay servers would easily be addressed
- the inability to authenticate email, ie phishing, would be all but eliminated
- virus infected mail would be drastically reduced, with onboard SMTP engines having being neutered
I left out some details. But if you stop and think about what inherently is wrong with SMTP email, you realize that this solution, although far from perfect, is the only feasible option. It offers the fewest impediments to implementation and the least amount of administration required to keep it viable.
- P Delshad
Think about the root of the problem. What allows spam to be sent, and why can't spam be stopped?
The inherent flaw to internet mail, SMTP, is that there are no controls over who can setup a server and send mail. No authentication, no limits, and certainly no accountability for what is sent. Your SMTP passport is a simple IP address.
Current proposed solutions:
1- Spam Filters?
- false positives are a major issue
2- Is legislation the answer?
- Only on paper to the non-technically inclined law makers who don't understand the root cause of the problem
3- Bill Gate's 'Charge the Sender' plan?
- Too complex to implement and enforce
4- Random logic puzzles that you have to solve per message sent
- Too complex to implement, and too time consuming for the sender
5- Black listing domains?
- Too many IPs to blacklist as new ones pop up every few seconds. Actually, the solution is exact opposite of a black list
Solution: There should be 1 master SMTP white list run by a central body (ex ICANN). This list would contain both DNS and IP information of legitimate mail servers.
Similar to the current process of buying and registering a new domain, any organization wishing to send SMTP mail would need to pay an annual fee ($5, $10, whatever) to be placed on the SMTP white list. In addition to the fee, each domain/IP admin would be required to digitally sign a document indicating their compliance the unsolicited email policy. This would earn them a place on the SMTP white list.
Any organization wanting to avoid spam would subscribe to this list. Similar to the current simple process of subscribing to domain/IP blacklists (ORDB, SORBS, etc) mail server admins would add the white list to their mail server gateways. Subscribing mail servers would reject all SMTP traffic originating from domains and/or IP address not listed in the SMTP white list.
A domain/IP suspected of sending unsolicited emails would be given a warning and eventually removed from the master SMTP white list.
Domains such as Hotmail, Yahoo, and AOL would be treated differently than say HOCP.com. The free webmail providers already have good measures in place to limit dummy accounts created to send spam, (ie. anti-bot account creation filters, outbound SMTP limitations, enter the word shown in a graphic, etc. Spam originating from Hotmail, GMail etc would be treated on a per account basis).
This SMTP white list solution address many issues plaguing SMTP, and the internet in general
- cheap fly by night servers in China and Russia would be eliminated as a spam source because of the costs and accountability associated with getting your IP on the white list
- the issue of hijacked zombie PCs sending out 60% of all spam would become be a non-issue because the IP would not be on the white list
- open relay servers would easily be addressed
- the inability to authenticate email, ie phishing, would be all but eliminated
- virus infected mail would be drastically reduced, with onboard SMTP engines having being neutered
I left out some details. But if you stop and think about what inherently is wrong with SMTP email, you realize that this solution, although far from perfect, is the only feasible option. It offers the fewest impediments to implementation and the least amount of administration required to keep it viable.
- P Delshad