At 1:25 AM +0200 10/1/03, Dag Kihlman wrote:
Today the Internet and computers are fast enough for a pull system.
In short my proposal is the introduction of a new kind of mail
program and mail system based on pull technology. Of course this is
a drastic step but I think a
Please search the archives. This has been discussed before.
1. It greatly increases the traffic on the internet.
2. It greatly increases the ISP disk storage requirements.
3. It removes the store-and-forward advantage of current email.
4. It assumes that point B can always reach point A.
5. It is less reliable.
I think there were other problems, but those are the ones I recall
off the top of my head.
When A sends a mail it goes to the mailserver owned by A's Internet
Service Provider where the mail is stored. A's mail client interacts
with the ISP's mailserver and A can see any mail that has not
reached the recipient. If the mail was sent by a virus or by a
hacker A will be able to discover the intrusion and remove the mail.
This means that viruses and hackers will not be
There's absolutely nothing preventing ISPs from scanning outgoing
email right now. You don't need a pull system to do that. It can be
done currently without an architectural change, either by filtering
outbound port 25 connections, or by forcing ISP users to use the
ISPs outbound mail server. But this has nothing to do with spam.
As soon as A's ISP's mailserver (mailserver A) receives the mail a
notification is sent to B's ISP's mailserver (mailserver B).
Mailserver B replies with a random encryption key and Mailserver A
encryptes the mail, stores it and delets the encryption key.
And when A is CNN and sends and CNN news alert to 100,000 people, A's
mail server will encrypt 100,000 copies of the message, and store
them all on the server for how long?
The notofication message from Mailserver A contains Mailserver A's
IP-address, a mail identification number, a password, A's name and
email address and the
I certainly hope they won't use a password in that message. If
you're going to propose this, please use public key encryption.
Otherwise you've just introduced a huge security hole.
mail subject. Each piece of information is too short to be used for
profitable spamming and it will be sent in UTF-8 format making it
easy to scan and validate.
Sending it UTF-8 is irrelevant to the scanning. And a single subject
and an email address is most certainly sufficient for some spam.
I've gotten spam that had nothing more than that.
When B connects to Mailserver B the mailserver will pass the
notification to B's mail client together with the encryption key. B
can filter the
Ummm. Pass it to my client? Would that be the client on my cell
phone, my blackberry, my pager, or the UUCP connection to a place in
the boonies. Mail clients connect to the internet periodically.
You'll have to queue the notification somewhere.
notification. When the mail is opened B's mail client connects to
Mailserver A using the IP-address, the mail id and the password in
the notification.
This is where we hit the unreliable part I mentioned before.
From a programmer's point of view my proposal is no difficult task.
The problem is that it is a huge revolution in the way mails are
treated. However it can co-exist with SMTP for a while since a
mailserver which supports the new system will be able to store a
SMTP mail and create a notification on the fly. It is also possible
for a mailserver to detect what kind of mail client the receiver
has. If the mailclient does not support the new system the
mailserver can pass the message the old way.
I remembered one of the other things I'd forgotten. Pull systems
don't change the spam equation at all. Logically you've created a
need for a remote server in order to get the spam. Most spam
currently needs a remote server for delivery. It's called a web
site. If spammers think they can keep the web site running long
enough to get the point of the spam across, there's no particular
reason they won't be able to keep the new mail server running just as
long.
Additionally, you've provided a wonderful tool to the spammers.
They'll know exactly which addresses their spam got delivered to.
Because your system gives them a direct mapping between email
addresses and IP addresses, and a way of knowing exactly when you
fetched the email.
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg