Information theory says that such things are impossible. One can not
construct a spam-free protocol because this is the same problem as
constructing a system free of covert channels, which information theory
says is impossible. It is not simply hard. It is impossible, like
perpetual motion.
After I first posted this on IETF a while back, someone suggested that
covert channels require cooperation, and that spam therefore isn't a
covert channel. I have recently discussed the issue at length with some
PhD's and other very smart people from one of my old companies, and we
determined after a great deal of discussion that covert channels (and
similar concepts like side channels and information leakage, and other
terms used in information theory literature) don't require cooperation as
a necessary condition. The term "Covert Channel" is mostly used in
liturature analyzing operating systems. However, the general concept is
referred to in non-OS liturature as "Side Channels" or "Information
Leakage", or "Sneaky Channels". The concepts are essentially the same.
Indeed spam can be modeled as a communication channel that is multiplexed
with email, which is itself multiplexed with TCP, which is multiplexed
with IP, which may be multiplexed over a variety of physical media. It
was also realized (towards the end) that spam is in fact a cooperative
covert channel, since the reader cooperates when the receive the spam and
open it for reading. Only _after_ reading the spam message are some
people offended, but this is of no consequence to the application of
information theory because the communication has already taken place. All
they can do, having now detected the abuse, is try to suppress further
abuse that is similar.
But this is a simpler way to think about it: Spammers can continue to
claim they are legitimate emailers, because they _ARE_ legitimate, so far
as we know before they send email. And even so far as we know _before_
someone _READS_ their email. Only after reading their email, and perhaps
only after some investigation, can we know for sure that the sender and
message is conducting abuse or in violation of their AUP.
Some might ask about blocked abuse. Subsequent abuse is blocked because it
is similar to previous abuse (by IP address with blacklist), or by content
with content filters. We can anticipate some likely abusive content, but
cannot identify all abusive content in advance.
However, I looked at your proposal, and it appears that you are trying to
create a "pull" mechanism rather than a "push" mechanism for message
delivery . This paradigm has already been implemented as "Usenet News".
It is not immune to spam, though it distributes spam and other broadcast
messages much more efficiently than typical email systems. However,
bandwidth consumed by spam email (indeed bandwidth consumed by _ALL_ email
combined), is still minor, so we are really not in need of a more
efficient means of distributing spam, or email for that matter.
--Dean
On Sat, 6 Sep 2003, Shelby Moore wrote:
Request for opinions on whether to creating a working group or publish
the following idea as an internet draft?
Spam is big problem that is getting worse. BrightMail.com (which claims
to process 10% of world's email) claims that the percentage of spam out
of all email has grown from 16% in Jan. 2002 to 50% in Aug. 2003.
A fundamental unsolved problem of doing any thing about spam, is there
is currently no unambiguous definition of spam as an enforceable
internet standard. This has been architectually impossible to define
because the receiver is the subjective determinant of which bulk email
is solicited and which is spam (UBE).
ISPs, Hosts, legislators, judiciaries, and even anti-spam software, have
a fundamental problem in that definition of spam as UBE is currently
architectually unenforceble due the fact that subjective determination
of "unsolicited" current happens after the email has been delivered to
the receiver.
My idea is to create an internet draft, RFC, and hopefully internet
standard, that would define a simple architectual paradigm for
legitimate bulk email that unambiguously separates it from spam (UBE).
Simply define that legitimate bulk distribution of email should be done
by mechanism of each bulk distributor providing a public POP3 (and IMAP)
account or server, rather than sending the email directly.
In the case of a public distribution (e.g. most direct email and mailing
lists), a POP3 (and IMAP) account of user "anonymous" with password
"none" would suffice. In the case of private dissemination (private
mailing lists), a POP3 (and IMAP) server with individual accounts could
be provided.
The elegance of this paradigm is that users then control the
opt-in/opt-out database, by configuring their email client to POP email
from only the bulk POP accounts they wish to subscribe to.
The effort to support this paradigm is minimal because it uses existing
email paradigm. Legitimate bulk senders have to change from a broadcast
("push") metaphor (e.g. Majordomo) to a "pull" metaphor simply by
depositing their outgoing email in the public POP account they create.
Receivers simply follow instructions to POP bulk email they want,
instead of the equally complex task of subscribing to bulk email.
This accomplishes several goals:
1. Any bulk email is then spam (receiver has not opted in) and can be
dealt with by ISPs, Hosts, legislators, judiciaries, and anti-spam
software.
2. Receivers now have uniform control over opt-in/opt-out policy
without a global authority
3. Legitimate bulk senders can be insured that they or their email won't
be misclassified as spam
4. Those who send UBE can no longer claim they are legitimate or that
receiver has opted-in (ambiguity removed) and can be dealt with by ISPs,
Hosts, legislators, judiciaries, and anti-spam software.
5. With a "pull" paradigm, the load (resource usage) on the public
internet, sender, and receiver is reduced, because I venture that a
majority of bulk email sent would not be pulled.
I think this paradigm would empower Hosts, ISPs, legislatures, and
judiciaries to do more about spam (incoming) and spammers (outgoing),
because their hands would not longer be bound by ambiquity. I realize
that some vested interests, such as direct emailers or those invested in
push based mailing lists, might resist. However, I think the benefits
outweigh the limited costs to migrate. Some direct emailers might
resist because some may prefer being able to cloak spam under the guise
of "solicited". Legitimate bulk emailers stand to gain a lot by
separating themselves from the noise of UBE.
Shelby Moore
http://AntiViotic.com