Amazing! How to eliminate spam.
Oct. 8th, 2006 03:19 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
miriam_eI had a nap and woke wanting to go back to sleep, but my mind, operating in that weird twilight zone between full wakefulness and sleep has hit upon an amazingly simple way to eliminate spam.
I don't know why nobody has thought of this before -- it is so incredibly simple.
The big barrier to blocking spam is the fact that headers in email can be so easily forged. This has been the "reason" behind the push to eliminate anonymous communications on the net. In fact anonymity has been largely removed because when any communications travel through the net a record is kept of the machines it has passed thru on its way to you. Most spam comes from only a small number of sources. Weak laws keep them from the clutches of those of us who would gladly strangle their sociopathic necks.
But we don't need a big-brother net devoid of privacy in order to flawlessly block spam. All we need is a simple two-step process of reception and verification. We already do this in most other internet communications. For example when you receive a packet of data from a web server your computer checksums the data to make sure it is uncorrupted. Your computer then sends a signal back to ask for the next one or to resend a damaged packet. A single web page can require several packets. All this happens without you knowing it.
If we extend a variation of this to email then we can get rid of spam. It goes like this:
An email arrives at your email server. Before passing the email on to you, the server looks up the "from" address and posts a verification packet back to that address with some unique identifier of the email (a checksum or some special purpose header). If the sender's computer returns a verified "OK" signal then your email server knows the address wasn't forged.
Using this simple technique spammer's forged "from" addresses will never work ever again. If the spammer uses their real address in an attempt to get beyond this then they can be easily blocked by anti-spam software which can very quickly learn those addresses.
I don't know why nobody has thought of this before -- it is so incredibly simple.
The big barrier to blocking spam is the fact that headers in email can be so easily forged. This has been the "reason" behind the push to eliminate anonymous communications on the net. In fact anonymity has been largely removed because when any communications travel through the net a record is kept of the machines it has passed thru on its way to you. Most spam comes from only a small number of sources. Weak laws keep them from the clutches of those of us who would gladly strangle their sociopathic necks.
But we don't need a big-brother net devoid of privacy in order to flawlessly block spam. All we need is a simple two-step process of reception and verification. We already do this in most other internet communications. For example when you receive a packet of data from a web server your computer checksums the data to make sure it is uncorrupted. Your computer then sends a signal back to ask for the next one or to resend a damaged packet. A single web page can require several packets. All this happens without you knowing it.
If we extend a variation of this to email then we can get rid of spam. It goes like this:
An email arrives at your email server. Before passing the email on to you, the server looks up the "from" address and posts a verification packet back to that address with some unique identifier of the email (a checksum or some special purpose header). If the sender's computer returns a verified "OK" signal then your email server knows the address wasn't forged.
Using this simple technique spammer's forged "from" addresses will never work ever again. If the spammer uses their real address in an attempt to get beyond this then they can be easily blocked by anti-spam software which can very quickly learn those addresses.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2006-10-08 06:49 am (UTC)Many email readers can already detect that the header is probably forged, based on it being poorly formatted or inconsistent. Your approach takes things a bit further and at the cost of a relatively small extra message (though time-outs could be a problem.) It could effectively double the size of some stacks on mail-servers because there'd be the original transmission plus an extra round-trip message to confirm things. I think the biggest obstacle to this scheme is that take-up would be an all-or-nothing thing and it would require some re-engineering of email protocols. It could, however, work initially as an optional "wrapper" for email to and from the same servers/ISPs (eg: spammer@hotmail.com --> joe@hotmail.com). From there, it could be adopted by more and more ISPs.
Also, it won't stop all spam, only spam from forged email addresses. And what's to stop a compromised server from relaying "Yes, that email I just sent was genuine" to every request? :(
Combined with whitelisting (and comparing a log or signature of previous headers from known senders), you could use your approach to cut some cases of phishing and identity-theft. eg: this email claims to have come from damien.wise@blah.com, yet parts of the header are different from the established pattern of other emails from him...so I'll flag it as probably spam.
no subject
Date: 2006-10-08 10:00 am (UTC)Forged "From" address are the biggest problem with spam. If we got rid of that then 90% of email would dry up overnight. A server could only send verifications for email sent from it (which is what it should do). In such cases it takes only a very short time for filtering software to block that spam. This is exactly why most spam forges the "From" address.
It would be a great step toward crushing crooks who swindle people with phishing emails. The only crooked emails to get through would be from sub-morons and would have a valid return address for the police.