A Possible Solution to SPAM

Rewrite SMTP and POP

It's not like it hasn't been done before.  POP (the fetch mail) and SMTP (the send mail) protocols have been written and rewritten several times.  It seems we need just one more rewrite, and here's what I propose...

Our Current Technology

Currently, we (the email receiving world) use version 3 of the Post Office Protocol, or as it's known in the geek world, POP3.  The short and skinny of POP3 is that it's how we get our email.  When one runs up an email client like Thunderbird or Outlook Express, it connects to an email server and retrieves the email.

Likewise, we (the email sending world) use version 4.1 (I think) of the Simple Mail Transfer Protocol, or SMTP to all of your geek friends.  SMTP is how we send our email.  Once we hit the "send" button, our email client forwards our message to an email server where it sits, waiting for someone else to retrieve it.

A New POP (POP4)

POP4 would only receive short text messages and a single link to fetch mail from a server.  It's ultimate use wouldn't be a lot different from clicking on an email to review it as we do now, except that the client would have to fetch it from a server.  A client would see nothing but a simple text message like the three examples below (the example links DON'T work):

"Subject: Porn/Gambling/Drugs -- From: Ima Unknown -- Retrieve at http://www.SpamGarbage.com/spam.eml
"Subject: Pics from Grandma -- From: Grandma Johnson -- Retrieve at http://www.grandmas.com/pics.eml
"Subject: Request info about your product -- From: Fred Johnson -- Retrieve email at http://www.abcProducts.com/products.eml

POP4 would have following characteristics/benefits:

  1. Initial contact (from unconfirmed senders) message cannot:
    1. accept any graphics.
    2. accept any streaming audio or video.
    3. accept more than one link (back to server to fetch mail).
    4. have size greater than a few bytes (say.. 100 bytes for subject/message, Sender's name, and link).
  2. "Suspect" initial messages could be retrieved directly or through a public clearing house like those listed below.
  3. Initial message would have private key to insure authenticity.
  4. Email client has highly configurable "Whitelist" options for incomming email address, name, or IP address.
  5. Email client has highly configurable "Blacklist" options for incomming email address, name, or IP address.
  6. No good email ever gets dropped; no bad email ever gets back in.
  7. Client can instantly whitelist a sender by "click to fetch."
  8. Client can instantly blacklist a sender by "click to kill."
  9. Whitelist can be revised by client at any time.
  10. No garbage "opt-out" links to worry about.  Remember, just one link!
  11. Parental Control - Little Johnny can only click through on whitelisted senders.
  12. Client side Blacklists could automatically be forwarded to Anti-Spam Home, CAUCE, spamhaus.org, spamcop.net, spam.abuse.net, et. al, where simple statistics can validate it.
  13. No more hijacked boxes.
  14. No more viruses from attachments.

A New Sendmail (SMTP 5.0)

SMTP would keep a single copy for all recipients on the sending side of a subnet (e.g.. company president sending out words of wisdom to a distribution list), but anything that goes "out" past the subnet would explode into a copy for each recipient. 

SMTP would have following characteristics/benefits:

  1. Email to be fetched would have matching private key to insure each email is unique, thus exploding storage requirements on spammer's server.
  2. Distribution list ONLY by confirmed "opt-in" or corporate clients.
  3. No "opt-out" lists to maintain. 
  4. Email could only be deleted from server in three ways:
    1. Mail is fetched by client.
    2. Mail is deleted by spammer on server side with SMTP informing client...
      "Subject: Porn/Gambling/Drugs -- From: Ima Unknown -- Email Deleted at http://www.SpamGarbage.com/spam.eml
    3. Slick the disk on the server!!!

The Beauty Of It All

What would be great about an implementation like this is that now, the sender has to pay the storage and bandwidth costs.  Legitimate business wouldn't mind, or at least be willing to absorb the costs and could configure the servers to delete the mail after a few days.  But spammers would clog their own servers so quickly as to make the new mail and deleted mail messages seem simultaneous, and they would have to pay exorbitant bandwidth bills.  Also, the server couldn't be spoofed or the client could never retrieve the spam.  Finally, client side blacklists could be developed from the IP address on the fly.

Additional, or overall, benefits would include the following:

  1. Storage costs are borne by spammer.
  2. Server maintenance costs are borne by spammer.
  3. Bandwidth costs are borne by spammer.
  4. Spammers clog their own servers quickly (almost immediately).
  5. Server addresses can't be spoofed.
  6. Email addresses can't be spoofed.  Remember, there's only one link.
  7. Client side blacklists can be built on:
    1. offending name.
    2. offending incomming email address.
    3. IP address node level  (111.222.333.444).
    4. IP address network level  (111.222.333.*).
    5. IP address network level  (111.222.*.*).
    6. IP address network/offending country level  (111.*.*.*).
  8. No NON-WORKING Government CAN-SPAM regulations required.
  9. And most important, we get our email boxes back!!!!!

Back to Computing      Home

Last Updated:   Jun. 03, 2008
Visitor:    000266