Re: fighting spam, the protocol route2003-05-29 06:09:21
On woensdag, mei 28, 2003, at 19:56 Europe/Amsterdam, Christian Huitema wrote:
It surprises me that so many people are so eager to declare defeat before even trying the protocol route. (With current protocols defeat is pretty much inevitable.)
There is an obvious issue with the protocol route: from a protocol pointof view, it is quite hard to distinguish unsolicited commercial e-mail, which we would label spam, and unsolicited acceptable e-mail, which could be more than welcome.
Detecting spam is hard, as spamminess is in the eye/mailbox of the beholder. However, I see no reason why we can't detect unsollicited bulk email for reasonable definitions of "sollicited" and "bulk".
To see whether a messsage would be welcome (sollicited) we can simply see if we know the source. This can be done end-to-end cryptographically or by trusting that a known MTA has checked the previous MTA and so on until we reach the MTA that verified the source. In order to detect bulk email we simply count the number of messages received from each MTA we're in contact with.
Then it's simply a question of rate limiting the number of messages accepted from unknown MTAs and/or redirecting unknown MTAs to a trusted MTA or an MTA that's in the position to do better anti-spam filtering.
So if I'm an AOL user with my own dial-up MTA and I want to send you a message, the Microsoft MTA doesn't know me so it either takes a chance and accepts messages at a low rate, it tells me "why don't you deliver this message to your ISP's MTA and have them forward it", "deliver this message to mx13.spamwashers.com" or "we can't accept your message, submit your remarks using our web form" or "submit a public key signed by at least two organizations listed on trustedmailers.microsoft.com".
So will this be enough? It won't get rid of all unsollicited email, commercial or otherwise. But the improved accountability should make life much harder for every type of spammer.