[Top] [All Lists]

Re: Getmail: A New Email Delivery Architecture to Control Spam

2004-06-02 13:31:16
On Tue, 01 Jun 2004 18:36:37 EDT, Zhenhai Duan 
<duan(_at_)cs(_dot_)fsu(_dot_)edu>  said:

We propose a new message delivery architecture, called Getmail.
The principal idea behind Getmail is to force the spammer to dedicate
storage for the Emails being sent out. Instead of the entire message
being directly delivered to the receiver (or more precisely
the receiver  side Mail Transfer Agent,  MTA) from the  sender, only the
message header (including the ubject line with a limited length) is
sent to the receiver. The message  header is augmented with a field informing
where the  receiver can retrieve  the complete Email.

Great.  Instead of my being able to contact my local mail server *once* in the
morning in order to pull down the 400 mails that have piled up overnight (and
yes, I *do* actually get that many *legitimate* mails a day - just the 
list alone is 250-300/day), I now get to do an "ET Phone Home" and contact
every single sender to get the mail.  So that's possibly 200 or more connections
I have to make.  And if the host/network is down, I can't fetch that item (while
they certainly could have sent it instead of the reference to it, back when it 
on the net)... So I have to wait for a timeout.  Probably many timeouts.

addresses to block  spam messages.  Of course, spammers  can still crack
into other users'
machines to send spam, but clearly  it is orthogonal to the problem we
are dealing  with here and beyond the scope  of this paper. 

Actually, it's clearly *NOT* orthogonal, when some estimates say that up to 85%
of spam is already being sent via trojaned end-user machines.

So you're proposing a scheme that helps stop the 15% of spam that isn't 
doing the end-run that's beyond your proposal's scope.  And a good portion of
that is already the "one line of text and a URL" type that you propose.  This of
course means that anybody who does filtering based on "one line plus URL" would
have to stop doing it, because ALL mail would look like that....

And as others have pointed out, it doesn't do any good unless everbody deploys 

So why would I want to deploy this?

Attachment: pgpvlonlamg3l.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>