I recently made a proposal over at slashdot which seemed to garner a fair
amount of support.
It is this:
When the mail client sends a message, it only goes as far as their local
mail server. The local mail server stores the body of the message and then
sends the header on to the recipient with a ID through which the body may
be picked up.
When the header arrives at the destination, the client on the other side
downloads the body of the message from the specified host.
There are a variety of advantages to a system such as this including:
1) There is a server which is responsible for the message that may be
tracked down. Forging headers (as spammers now do) will not hide the
origins of the message.
2) The system administrator on the other end will have time to "cancel" the
message before it arrives at most of the recipients mailboxes. (i.e., the
sysadmin looks and George has 20,000,000 messages in the outbox waiting to
be picked up. The sysadmin looks at the messages, sees they are spam, then
he nukes them.)
3) If the messages are nuked before they are picked up, the message header
is simply thrown away by the mail client or written to a log or put in a
special mailbox or ... in either case, it is totally transparent to the end
user and the end user never even knows they have been spammed.
Given this: It would also be possible to develop a self moderation capability.
For example, the sending server has a specific port or reporting mechanism
and given a: 1) Server ID, 2) User ID, 3) Message ID that is sent to it in
a "Spam Report" it could verify that the message had actually been sent by
the user specified and if so could flag it to the sysadmin. Furthermore,
if N spam complaints came in for verified messages for a specified user in
a given period, the account could be automatically put on hold until
cleared by the sysadmin.
Also, since there is a server which is directly responsible for the
message, it would be easy to automatically add the server or server/user to
a blacklist. Messages from servers that are blacklisted would simply be
thrown away -- again transparently to the user.
I personally don't believe that any one scheme is going to win the battle
against spam. What we need to do is create a framework each node of which
reinforces all the other nodes in the framework and makes it progressively
more difficult for spammers to conduct their business.
-Art
--
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg