Proposal to end Spam for good!

[NetTuner]

If you are sick of spam, and want to help put an end to it, please read this!!!

We are in the process of submitting the proposal below to some local and national legislators, and I would like to seek any criticism or suggestions. Here it is:

1) Pass legislation that requires that all email is sent through a
government sanctioned (an organization like ICANN or possibly ICANN itself)
clearinghouse which will relay all mail to its destination after verifying
the sender's identity.

2) Establish a quasi government organization or appoint an existing one like
ICANN (the administrator of the DNS system) to oversee a central email relay
system (CERS).

3) The agency in charge of CERS will solicit bids from the private sector
for the creation and administration of CERS.

4) a) The winning bidder will create and maintain a database of e-mail
addresses which will contain each owner's contact information and the IP
address(es) associated with the server(s) responsible for sending e-mail on
behalf of each registered e-mail address. Each registrant's information
would be verified in a financially reasonable manner (such as credit card
info, telephone number, etc..)

b) The designated CERS contract holder will also establish and manage a
highly redundant network of SMTP mail servers worldwide to relay all e-mail
on behalf of CERS (similar to the root servers in DNS infrastructure).

c) The designated CERS contract holder will accept registrations of e-mail
addresses from the general public, charging a nominal annual fee to cover
its operating costs. Just like with the domain name system, each e-mail
address registrant will have the ability to modify their contact info and
the IP addresses used to send mail.

d) The designated CERS contract holder will establish a pricing structure
subject to the approval of the overseeing administrative agency for e-mail
address registration. The pricing structure should accommodate large ISP's
by charging less per registered address when an entity registers 1000 or
more addresses. The target price for these registrations should be about $1
per year per address for high volume registrants, and $3 per year per
address for others. Since there should be more e-mail addresses registered
than domain names, there should be plenty of revenue to run the system,
while the costs for registrants will be very affordable.

5) All ISP's and organizations running mail servers will configure their
incoming mail servers to reject all incoming mail which is not sent by one
of the CERS central relay servers, so if someone tries to send a message
directly from their mail server to someone else's, the receiving server will
not even accept their connection, and return an error immediately (this will
minimize server load for the recipient). If the message is determined to
come from a CERS relay server, the receiving mail server will then query
CERS's database (whois) to match the sender's address with their registered
IP address (which is registered with CERS). If the IP does not match the
return address, the message will be rejected with no bounce to reduce
Internet traffic.

6) All servers set up to send e-mail will send their messages through the
official CERS relay servers, as sending mail directly will be rejected by
the recipient.

7) CERS will match the IP's of all messages being relayed through its
servers with the senders' e-mail addresses, and messages with the address
not matching the IP or an unregistered address being rejected by the CERS
server.

8) As an added level of security, e-mail servers could also be registered with CERS, just like name servers are. Unless the name server is registered, and the IP matches its hostname, no mail would be accepted from it.

9) Last but not least, enforcement. If anyone sends unsolicited e-mail, the
recipient can now find out who it was by use of the CERS online whois query
tool, which will return e-mail address owner's information in real time
(similar to the WHOIS system for domain names). All complaints and legal
action can now be directed towards a real individual or organization. Those
found to be in violation of the anti Spam laws could have their e-mail
address registration privileges suspended or revoked, or be faced with
fines.

I honestly think the above system will work effectively for the Internet as
a whole, as it will eliminate the alarmingly growing trend in Spam, reduce
Internet traffic, plus make e-mail communication more secure, as everyone
would now become accountable for what they send. As for privacy concerns, I feel that e-mail addresses should be treated like post office boxes, as each
holder of a post office box must show valid ID to open a box with the Post
Office. This would accomplish the same goal.

Passing a law requiring the above parameters to be followed by ISP's would be imperative for getting this accomplished, as without such a law, it would be very difficult to get voluntary compliance from ISP's and other infrastructure providers involved.

What do you think of this idea?

[NameTower]

check your pm's.

[trader]

Sound great but the chances of it being adopted and govt approved would seem very small.

P.S. The Govt recently rejected implementing a much less far ranging and les complex so called Do Not Spam List.

[Nodnarb]

I'm rather delete SPAM every day than have more governmental, bureaucratic organizations trying to control various aspects of my life and personal freedoms.

[NetTuner]

Well, we run an ISP, and I've got news for you. At the current rate, each domain will receive in excess of 10,000 spam messages per day by year 2009. How would you feel about deleting even 10% of those messages daily? Also, Internet traffic will get so clogged with e-mail that most of its resources will be spent on processing it. A solution for Spam is not an option, it's a necessity without which the web does not have a very promising future.

As for the Do Not Spam List, that idea would never have worked, and it would have encouraged more Spam by making all e-mail addresses public. The problem with the current system is that anyone can send e-mail as anyone else with absolute anonimity, which makes prosecution very difficult. I am not a big fan of government either, but sometimes they are the only ones that can get everyone to do something at the same time.

[jquail]

Sounds good.

I believe Bill Gates was also talking about a scheme of buying virtual stamps for emails. This way it would no longer be profitable for spammers.

Another twist on the stamp idea I was thinking of would be to give the chance for the recipient to 'refund' the charge of stamps for legitimate emails. This way, there would be no charge for legitimate emails, but a charge for the spammers.

[NetTuner]

Quote:

Originally Posted by jquail

Sounds good.

I believe Bill Gates was also talking about a scheme of buying virtual stamps for emails. This way it would no longer be profitable for spammers.

Another twist on the stamp idea I was thinking of would be to give the chance for the recipient to 'refund' the charge of stamps for legitimate emails. This way, there would be no charge for legitimate emails, but a charge for the spammers.

The stamp idea was a start, but can you imagine the burden of tracking and collecting fees for each message sent, and keeping a tab of all sent messages, and by which user they were sent? This system would also be open to abuse, as spammers would sooner or later figure out a way to have counterfeit stamps. Our idea is much simpler to manage and ipmlement, and it would be very difficult to crack. To beat this system, Spammers would have to somehow make their connection appear to be from the central relay server, which should be impossible to do. I have never heard of a case of someone faking the IP address they are connecting from unless they actually hack into the host server (and then they wouldn't be faking).

[theparrot]

I think the idea is insane, on many levels. It is better to have a new email protocol that can enforce policy then to go the legal route, and it is also insane to route all email through a few choke points. One of the reasons that tcp/ip and the RFCs won out over other better funded alternatives was the lack of central choke points. A micropayment system is more feasable.

You are going to have to change alot of get this in place anyway, so just create the improved smtp replacment instead.

[theparrot]

Quote:

Originally Posted by NetTuner

The stamp idea was a start, but can you imagine the burden of tracking and collecting fees for each message sent, and keeping a tab of all sent messages, and by which user they were sent? This system would also be open to abuse, as spammers would sooner or later figure out a way to have counterfeit stamps. Our idea is much simpler to manage and ipmlement, and it would be very difficult to crack. To beat this system, Spammers would have to somehow make their connection appear to be from the central relay server, which should be impossible to do. I have never heard of a case of someone faking the IP address they are connecting from unless they actually hack into the host server (and then they wouldn't be faking).

if you have never heard of someone faking the source IP you have not been around long, and/or not read much

[NetTuner]

Quote:

Originally Posted by theparrot

if you have never heard of someone faking the source IP you have not been around long, and/or not read much

Interesting. Do you have any links to articles of this actually happening. If someone can do this, then why do Spammers use open relays and compromised hosts? Also if this was possible without compromising the actual server whose IP you are faking, wouldn't DoS attacks coming from a single IP be virtually impossible to trace? I've been around for a while, and somehow I don't think I'm the only one in the dark here.

Also regarding the few choke points. Isn't that what we have with the current DNS system? All DNS queries go through the root servers, and that system seems to work just fine. The trick would be to have so many servers mirrored to do the task that there would not be a single point of failure.

[NetTuner]

Microsoft is proposing a similar idea (see http://www.ecommercetimes.com/story/32995.html):

"To disclose a sender's true identity more accurately, Microsoft has proposed a caller ID for e-mail whereby IP addresses of sending mail servers are matched with domain-name server listings to ensure the mail originated from the proper place -- otherwise it would be considered spam and blocked before being allowed to pass. Sendmail said it will develop software tools for the program as plug-ins for open-source and commercial software."

The only thing is our proposal goes a step further by registering and checking each e-mail address. The problem with only matching the IP to the sending server is that each server can host thousands of e-mail addresses, and it would be impossible to tell if that server really has authority to send on behalf of any specific address.

[theparrot]

the dns works due to it being small amount of data that can fit in a packet, it being a small request / response protocol and no state needed to be kept, and caching being allowed... you should know email does not meet any of these characteristics that allow dns to work the way it does.

if you want to research this a bit look up the old 'r' protocols and you should come across some of the info on that soon. I am not going to put much more then this on a public forum.


Spammers use open relays and compromised hosts, because that is the easiest to do, what do they gain from faking an ip address today, nothing, so why would they do it??

[dtobias]

Quote:

Originally Posted by NetTuner

1) Pass legislation that requires that all email is sent through a
government sanctioned (an organization like ICANN or possibly ICANN itself)
clearinghouse which will relay all mail to its destination after verifying
the sender's identity.

Government censors and would-be censors, from the People's Republic of China to the U.S. Department of Homeland Security would love that...

[theparrot]

Quote:

Originally Posted by dtobias

Government censors and would-be censors, from the People's Republic of China to the U.S. Department of Homeland Security would love that...

not to mention that is would not really be enforcable, as people would start running mail servers on other ports, until and unless we had all inet traffic going through a central point.

[NetTuner]

Quote:

Originally Posted by dtobias

Government censors and would-be censors, from the People's Republic of China to the U.S. Department of Homeland Security would love that...

You are absolutely right. The only thing is, all e-mail now goes through a public network that is totally accesible by everyone including the government. So e-mail you send now is not private unless it's encrypted. With my proposal, everyone can send out encrypted e-mail just like they can now. The centralized system has nothing to do with the content of messages which can be protected any way possible, but only matching the senders' IP addresses to the e-mail address that the message claims it's from. So this system is no less private than the current system despite how authoritarian and totalitarian it may sound. The only thing the government and the general public would gain is the ability to trace a message to its real sender, content would not be more compromised than it is now.

This system would only apply to e-mail sent through the WWW, not internal corporate networks. The only time mail from internal corporate networks would have to pass through the centralized relay is if it's sent outside of their network.

[NetTuner]

Quote:

Originally Posted by theparrot

not to mention that is would not really be enforcable, as people would start running mail servers on other ports, until and unless we had all inet traffic going through a central point.

Why would people try to go around a system that eliminates all Spam from their mailbox?

[theparrot]

Quote:

Originally Posted by NetTuner

Microsoft is proposing a similar idea (see http://www.ecommercetimes.com/story/32995.html):

"To disclose a sender's true identity more accurately, Microsoft has proposed a caller ID for e-mail whereby IP addresses of sending mail servers are matched with domain-name server listings to ensure the mail originated from the proper place -- otherwise it would be considered spam and blocked before being allowed to pass. Sendmail said it will develop software tools for the program as plug-ins for open-source and commercial software."

The only thing is our proposal goes a step further by registering and checking each e-mail address. The problem with only matching the IP to the sending server is that each server can host thousands of e-mail addresses, and it would be impossible to tell if that server really has authority to send on behalf of any specific address.

This attempts to solve a different problem, that of fake headers. And while I have not read it, my guess is that it will break the current RFC 822.

[theparrot]

Quote:

Originally Posted by NetTuner

This system would only apply to e-mail sent through the WWW, not internal corporate networks. The only time mail from internal corporate networks would have to pass through the centralized relay is if it's sent outside of their network.

Mail is not sent through the WWW

[theparrot]

Quote:

Originally Posted by NetTuner

Why would people try to go around a system that eliminates all Spam from their mailbox?

looks at the history again, and the answer will be obvious, you needing to ask this gets me back to my point that you must be a newbie.

[theparrot]

Let me ask you a question, why don't you just use a whitelist only, challenge response system for your email?