I've been following discussions on this mailing list for months now and I've
discussed similar issues in face-to-face meetings with the heads of major abuse
departments (AOL, Yahoo, MSN, etc.). I've testified in state senate hearings
on several state anti-spam measures on behalf of the Internet Alliance. I've
also met with anti-spam solution providers, including Brightmail and others.
Recently, I took elements from these discussions and joined up with several of
us anti-spammer types to draft a Master Solution to the epidemic. I would
like to contribute our work to the public good in hopes that the industry will
adopt at least some of these concepts. It is my hope that these ideas can be
further developed in public forums, such as this one, and kept in a nonprofit,
public good context.
The solution holds mailers accountable by offering a transparent authentication
scheme that allows ISPs to block spam while delivering legitimate
permission-based email on the senders' dime. At its core, the system
essentially blocks all "bulk" email unless the bulk sender has the system's
x-header authentication scheme contained within the email header. The system
has several layers of anti-spoofing steps it runs through before accepting the
email message (done in a way that will not jam servers and cause deliver
delays). The system then counts the legitimate bulk email and thereafter
charges the bulk emailer on a cost-per-thousand basis, with the proceeds
covering enforcement with the remainder distributed to participating ISPs as
cost of receipt reimbursement.
To earn the trust of participating ISPs and a license to use the x-header
authentication scheme, the sender must register with the system: (1) the
sender's permission status, (2) legal entity name, (3) sender domain(s), and
(4) sender IP address(es). The sender must also agree to have all email
blocked by participating ISPs that do not carry the authentication scheme. The
sender must also agree to permission compliance and unsubscribe process
monitoring and agree to pay the tolling system.
The system also offers transparency on a per-send level. Elements within the
x-headers will allow for system admin that question the legitimacy of the
deliver to verify the opt-in permission status using a web-based look-up with
the following sample output:
Entity: JavaScript Magazine
Status: Legitimate Sender
Permission Status: Double Opt-in
Registered Send Domain(s): JavaScriptMag.com
Registered IP Address(es): 64.123.243.0/24
-----------------------------------------
Recipient: John Doe
Opt-in Website: JavaScriptMag.com
Opt-in Date: March 13, 2002
Opt-in Confirmation: March 13, 2002 (18:32:56)
Status: Active (no unsubscribe action taken)
Anyway, that's a taste. Send me an email if you'd like to learn more about the
project.
Toby