On Tue, 01 Jun 2004 18:36:37 EDT, Zhenhai Duan
<duan(_at_)cs(_dot_)fsu(_dot_)edu> said:
We propose a new message delivery architecture, called Getmail.
The principal idea behind Getmail is to force the spammer to dedicate
storage for the Emails being sent out. Instead of the entire message
being directly delivered to the receiver (or more precisely
the receiver side Mail Transfer Agent, MTA) from the sender, only the
message header (including the ubject line with a limited length) is
sent to the receiver. The message header is augmented with a field informing
where the receiver can retrieve the complete Email.
Great. Instead of my being able to contact my local mail server *once* in the
morning in order to pull down the 400 mails that have piled up overnight (and
yes, I *do* actually get that many *legitimate* mails a day - just the
Linux-kernel
list alone is 250-300/day), I now get to do an "ET Phone Home" and contact
every single sender to get the mail. So that's possibly 200 or more connections
I have to make. And if the host/network is down, I can't fetch that item (while
they certainly could have sent it instead of the reference to it, back when it
was
on the net)... So I have to wait for a timeout. Probably many timeouts.
addresses to block spam messages. Of course, spammers can still crack
into other users'
machines to send spam, but clearly it is orthogonal to the problem we
are dealing with here and beyond the scope of this paper.
Actually, it's clearly *NOT* orthogonal, when some estimates say that up to 85%
of spam is already being sent via trojaned end-user machines.
So you're proposing a scheme that helps stop the 15% of spam that isn't
*already*
doing the end-run that's beyond your proposal's scope. And a good portion of
that is already the "one line of text and a URL" type that you propose. This of
course means that anybody who does filtering based on "one line plus URL" would
have to stop doing it, because ALL mail would look like that....
And as others have pointed out, it doesn't do any good unless everbody deploys
it.
So why would I want to deploy this?
pgpvlonlamg3l.pgp
Description: PGP signature