Spam Solutions

Like any problem, the problem of spam inspired 3 kinds of solutions: social, political, and purely technical.

I don't see how any technical measure could solve the spam problem without affecting the appropriate usage of mail too much. If the legislation cannot help us, we have to protect ourselves. Spamming has to be a risky business. Sending 1 billion of spam mails might be cheap, but if one's life/property is at risk, they should reconsider.

Spam Solutions Summary


Close SMTP:

Spam is possible because SMTP is wide open (at least as commonly implemented).

What would it take to close it? Would it be possible to make SMTP as it exists less spammer-friendly, would it take changes to the protocol, or should SMTP be abandoned entirely? Given its level of inertia, how long would it take to get improvements in place?

The main problem is validation - anybody can claim to be anyone. If SMTP had halfway decent validation, then even if spam got through, it would be possible to verify where it came from, and maybe do something about it, even if it's just to blacklist the origin.

What kills me is seeing things like "may be forged" in headers. It "may be forged" - what the hell are you accepting if for, then?

Start with something simple like, not accepting messages without a HELO, and validating that the hostname in the HELO maps back to the caller's IP.

Another validation would be to call back the host and ask them if the sender's email address is a valid user on that machine.

Yet another approach would be to have pull instead of push - if a server wants to deliver mail, it would give the target machine its host name, and the target machine would call back and pull the mail - that way it would "fer sure" know where the bloody mail came from.

Maybe stuff like this is already in sendmail, but nobody configures it? Is there anybody who knows how to set up a decent email server?

Being able to confirm exactly where the email came from (at least the physical machine) seems like it would be useful first step most other social, political, and technical solutions.


legislation: Tighter Laws:

The US Senate has just approved new Spam legislation (2003.10.22) Unfortunately, it's opt-out legislation. not opt-in legislation - it's legal for a spammer to spam until you opt-out, vs. illegal to spam until you opt-in.

Is it just me, or does it seem like a bad idea to fix technical problems with legislation?

Unenforceable: because it's difficult to find who sent the spam. Perhaps the spam includes a return address - but did that person send the spam, or was it forged to create a JoeJob??

If it works, it must be possible:


Make sending email a little bit more difficult:

see EmailHurdles


Local Filtering:

Spam filters, which are really too little too late - Spam is a bandwidth and cpu killer, filters are after the fact.

I agree with you, but until there's a better solution, filtering at least cuts down on the spam that I have to deal with directly.


Require Certification: (see http://www.thawte.com/certs/personal/contents.html) (EditHint: Should this be moved to EmailHurdle?)


Require Small Fee On Emails:

(EditHint: move to PayForEmail?)

This small fee is reminiscent of the "stamps" we put on physical mail (see http://fare.tunes.org/articles/stamps_vs_spam.html ).

who pays whom, for what?

who pays ... for what? It seem obvious to me who pays - to make spam unprofitable, spammers must pay through the nose. To avoid loopholes, this means that every one who sends an email must pay per email.

Who gets paid? Here's some possibilities:

The person who receives

In my opinion, "the person who receives the email" is clearly the simplest and probably the best choice. This keeps email very close to the current system - free to people who use email normally as a back-and-forth exchange.

The simplest versions have some fixed small value - say half a penny ($0.005) per email. Other versions allow the recipient to set his price - college students may charge half a penny per email so their friends can communicate easily, while people who only have time to read extremely urgent critical email may charge $10.

Some people may claim this is Untestable at a small scale. Why?

Someone has claimed this is Unimplementable. Why? It seems that a single ISP could unilaterally start by telling all new users that it will cost $0.005 for each email sent.

What about paying for the right to be on another persons white-list? Assume all parties have a white-list. If I want to get on your white list and i have no other way to ask you to put me on your white list, i pay a small fee. There could be broker services for this. If the broker server is down, it only stops initial contact. Ongoing contact will continue to work as it does today, even if proposed broker servers are down.

Sender

The problem with billing the receiver is that they don't know what it is until they open and read it. Thus, perhaps we should follow the post-office approach and charge the sender. If a spammer has to pay say 5-cents per message, then mass mailings would not be effective. Plus, they'd have to register with an e-post-office (for bulk rights), making them easier to track.

Another advantage of sender-based is that it resembles the current paper-based mail system, making it easier to relate to and/or barrow the infrastructure.

All of the above

In my opinion the fee proceeds should be spread roughly equally among the regulating agency, ISPs/backbones, the sender, and the receiver. If they all get a cut, then they have a financial incentive to prevent fraud, at least fraud caused by deadbeat senders. In the case where it passes through multiple internet pipe vendors, then the ISP's portion of the fees will be pooled.

Yes, that's one of the options above. Not the *simplest* option, but certainly far better than what we have now.

Re: Makes non-profit mail-list difficult.

Yes, some people *claim* that "it will muzzle citizen activism ... it ultimately amounts to extortion." (-- http://www.grassfire.org/68/petition.asp ).

Option 1:

Option 2: I see that America Online and Yahoo announced plans to implement "Certified email" http://en.wikipedia.org/wiki/Certified_e-mail at 1/4 cent per message. Who gets that 1/4 cent? -- DavidCary

I see that Boxbe https://www.boxbe.com/ seems to be implementing a "sender pays" system. They let the receiver name his price. -- DavidCary


Could we convert this into a "strategyproof game"? (http://en.wikipedia.org/wiki/Strategyproof).


Get rid of SMTP:

SMTP won't exist for much longer. Use something else entirely.


SPAM won't exist for much longer. Bill Gates has publicly announced that it will be eradicated within two years.

According to http://www.google.com/search?q=cache:y_MupLYl9gMJ:www.thedistributionchannel.eu.com/multimedia/week11-1.htm and http://news.bbc.co.uk/2/hi/business/4023667.stm , Bill Gates said this at a World Economic Forum meeting in January 2004, but a verbatim quote is not given.


... does it seem like a bad idea to fix technical problems with legislation?

Yes, but:

It's a bad idea to try to fix social problems with technical solutions.

[Heh. I like ParkingLotTherapy for spammers - if you can catch 'em.]


Do not email list

Some people have suggested a "do not email list", similar to current "do not call" telephone lists.

To prevent spammers from mailing everyone on the list, the distributed list would *not* contain the actual email addresses, but a one-way hash of each address.

Legitimate senders would presumably carefully hash each address that they already have, and if the result matches one of the hashes on the do-not-email list, remove that address from their list.

With hashing, at least this doesn't *help* spammers. But how exactly would this stop or slow down spammers?


Spam is an instance of a more general problem, TimeAndAttentionBrokenEconomy.


Other SpamSolutions

Hit back spam sites automatically?


An interesting article in theregister (http://www.theregister.co.uk/2005/01/21/unintended_consequences/) references several possible spam solutions - (and their definitions, according to WikiPedia):


EditHint: Rename this topic to EmailSpamSolutions??


"How I Filter Spam" by TomVanVleck http://multicians.org/thvv/spamfilt.html


See: SpamDefenseRoadmap, WikiSpamSolutions


CategorySpam


EditText of this page (last edited August 21, 2012) or FindPage with title or text search