Revising the Internet Email Infrastructure

Lauren Weinstein writes "People For Internet Responsibility (PFIR) today released a white paper aimed at starting discussion and work to fundamentally revamp Internet e-mail systems to control spam, forgeries, and a range of other problems, while empowering e-mail users rather than ISPs." Excellent start.

PGP

[Richardsonke1]

Until this comes out, PGP is a great way to keep your email private and secure. It also deals with forged headers using email signing. MIT has a great client here

Re:PGP

[rtnz]

I would suggest GnuPG, free as in free.

GnuPG

Re:PGP

[cperciva]

"Free as in free" isn't necessarily better, especially where security is concerned. A good example of this is qmail -- djb offers a guarantee that it is secure, and he can do that because he wrote qmail entirely himself. If he was accepting code from around the world, it would be much harder for him to provide such a guarantee; and if qmail was changing as rapidly as many open source programs, it would be impossible.

Open source means that lots of people can fix bugs; it also means that lots of people can introduce bugs. For security critical applications, I'd prefer to use code which was written carefully by a single person or small group of people whom I trust, rather than using code contributed by a large number of effectively anonymous people whom I don't know.

Re:PGP

[OrenWolf]

If I look at the GnuPG AUTHORS file, I count exactly ten (10) people who have contributed to the code outside of people doing text translations.

Exactly how many people coded PGP? Do you even know? Can you say it was *less than or equal to 10?* is 10 "lots" in your view?

Your point would be valid if it were not for the now-well-known fact that most opensource projects *do* have a core development team of only a few people - as discussed in the recent Mozilla Roadmap.

I submit my belief that GnuPG is authored by *less* people than PGP, and by your own theory, given that more eyes *see* the code, though less people actually *touch* it, it would be *more* secure than the closed-source PGP.

Re:PGP

[cperciva]

You're right; I would trust GPG more than PGP. I was making a general remark about "free as in freee" software not *necessarily* being more secure.

That said, for non-email uses I don't use either PGP or GPG; I use my own RSA code, which I trust more than either of those.

Re:PGP

Well, if you're going to be an arse about it, it's actually authored by *fewer* people. Discrete units -> number (as opposed to amount) -> fewer

Re:PGP

[blake182]

For those using Outlook and Outlook Express (regardless of any feelings you might have personally against them, and regardless of the quality of the products, there are people who use them), it comes with S/MIME support which is another great way to keep your email private and secure. OpenSSL implements S/MIME also, if you're looking for a free solution.

Re:PGP

[mattdm]

Because obviously, you never make mistakes.

C'mon, this is an old one. It's been proven again and again that exposing crypto code to peer review is the only way to know that it's safe.

Re:PGP

[cperciva]

Because obviously, you never make mistakes.

It is entirely possible that my code contains bugs. However, I wrote it with an awareness of modern attack methods, which cannot be said of a certain commonly used ssl library; further, my code does exactly what I need it to do, and no more. ASCII armor, ASN encoding, and other features are sometimes useful, but I don't need them; by not including those I cut out a range of possible bugs.

C'mon, this is an old one. It's been proven again and again that exposing crypto code to peer review is the only way to know that it's safe.

That's not true. "Many eyes" does not necessarily mean that bugs will be found -- many security holes are found years after they were introduced. A much better approach is formal proofs.

That said, see that link just above this post? My code is there; feel free to examine it.

Re:PGP

[Vengeful+weenie]

While this is true in small groups, this does not handle problems when a remote user is setting his headers w/ intent to decieve. The violation is only found if the email address is a valid one and already has a key, which you can confirm to be different from the one on the incoming email.

If the user has set his headers, and generated a key, the key will match the email header. If the email header is valid or not, the key matches. The problem is one of authenticating credencials not just message integrity. In the end, who do you trust?

Re:PGP

[ruhk]

Is that 'free as in free' or 'free as in free of all appended bullshit, including that which comes from RMS'?

Feel free to ignore. I'm trolling.

This is a total dead end.

[FreeLinux]

They may well come up with some "standard" for a new internet email system but, nobody is going to use it. Hell ESMTP has been out for years and it still isn't supported by more than half the systems that are on the net.

Re:This is a total dead end.

[Hayzeus]

But in fairness, ESMTP doesn't pretend to address any problems as urgent as the spam problem. The hope, presumably, would be that necessity would drive adoption. Still, I have my doubts about how certification authorities are going to be managed. (see my other post).

Re:This is a total dead end.

[bsayer]

It seems to me that it depends on how badly the masses want to be rid of spam. The bit that worries me about the potential for adoption (let alone rapid implementation) is that it claims to put control in the hands of the user, not the ISPs. I can't imagine they'll be too keen on that.

Re:This is a total dead end.

[Bendy+Chief]

Disregard this comment if ESMTP would eliminate spam (can't tell from its homepage if it has anything to do with authentication), but I think perhaps you should talk to AOL, Earthlink, The World, and various other ISP's head honchos before you claim no one would want to switch.

In recent weeks all of these people have weighed in on the massive bandwidth drain spam generates, and given that they're pretty big in the industry, I don't see why a push like this would fail.

Re:This is a total dead end.

[trb]

It is quite possible for comm programs to negotiate protocol. This means that newer programs can check to see if the newer safer features are available and use them if they are there. If not, they can fall back to older SMTP. There is certainly an incentive to upgrade, so I see no reason why it shouldn't happen.

Re:This is a total dead end.

[Xentax]

I dunno -- when I read the paper, one big group of candidates that came to mind as potential PCAs are those very same end-user ISPs.

That is, when you sign up for dialup, or broadband, or whatever services your ISP provides, you'd get access to their mail server, *including* Pits certified by that ISP for any messages you send via their mailservers (given that you authenticate with them, something POP3 and IMAP already support, right?). It certainly keeps a fair amount of control and influence in the hands of that ISP, but it doesn't *preclude* alternatives, and it WOULD make it easier for those ISPs to follow good/friendly practices.

That way, any other ISP/mail provider who is willing to receive emails from *YOUR* ISP would deliver your mail. Should your ISP get a reputation for harboring spammers or other miscreants, any given mail provider can choose to simply reject your ISP as a valid certifier (or subscribe to a RBL-equivalent watchdogging the various PCAs, perhaps).

Obviously an ISP as your (or one of) your PCAs wouldn't be for everyone. Obviously there'd be a bit of a setup challenge, as far as getting various ISPs and other mail providers to recognize each other as valid PCAs. But those aren't insurmountable problems.

In fact, it sounds a lot like the SSL certification system (probably no coincidence). Hierarchical PCAs would certainly be one way to organize the solution...

Xentax

Re:This is a total dead end.

[jroysdon]

If all MTAs are not switched, all it will do is create a whitelist of ESMTP ISPs... you can't just blacklist everyone still using SMTP.

So, yeah, AOLEarthlink traffic would be safer (if they both switched to ESMTP), but there are far more ISPs or just local businesses running their own MTA that it won't solve.

Re:This is a total dead end.

[Bendy+Chief]

Ah sorry, mild misunderstanding. I was just referring to ESMTP given that the parent had claimed its adoption was megaslow... the actual focus of my comment was the new standards currently being proposed.

I suppose your argument still stands to reason, but if AOL and Earthlink decided to be 800 pound gorillas and force smaller outfits, maybe it would help. Maybe not.

Re:This is a total dead end.

[KPU]

So what you're saying is that spammers can still use SMTP, right?

Re:This is a total dead end.

[nsandver-work]

Yup. It'll be just like IPv6: "We're not supporting that until everybody else does." (Which is, of course, exactly what "everybody else" is thinking, too.)

Re:This is a total dead end.

[trb]

I'm saying that it can happen and it's not a dead end. If you negotiate protocols, people, including spammers, can use SMTP for a certain amount of time while an improved and safer protocol takes hold. SMTP can be phased out eventually. I am disagreeing with people who say "this is a dead end, it will never happen" (because it would be necessary for everyone to switch on some flag day).

PIT?

[theNote]

This TRIPOLI PIT system they are talking about seems to be the same as putting a rule in your email server saying "don't accept anything that isn't PGP signed".

Re:PIT?

[Richardsonke1]

But there's a problem with that. You can still forge a header with a pgp signed message. Beacuse creating a pgp key is so easy (you can create one for any email address, like yahoo) it wouldn't stop any spammers. All it would force them to do was to sign their mail before they sent it. An added 5ms of computer time.

Re:PIT?

[sqlrob]

5ms (sounds like an underestimate to me, but lets go with it) * 2 billion messages (AOL blocked it in one day) = ~116 days computer time.

Slowing spam by 2 orders of magnitude would still help.

Re:PIT?

[Sloppy]

Well, you don't really just check to see if a sig is there. You check the identity that signed it, against some sort of "this-is-somebody-who-has-a-reputation-to-lose" database.

Alas, we need to get the mega web-of-trust built first. And that is very, very hard to do, since people are so apathetic about PGP. (I couldn't even get Slashdot-Meetup and 2600-Meeting people to do it. Although maybe (I almost hope) the 2600 people thought I was a narc or something. ;-)

A good web-of-trust would have sooo many applications... what a waste. :(

Re:PIT?

You check the identity that signed it, against some sort of "this-is-somebody-who-has-a-reputation-to-lose" database.

You mean VeriSign.

Web-of-trust doesn't work not because people are apathetic, but because "I know someone who knows someone" is not a real world trust relationship. Just ask your local drug dealer.

In other words, nobody's going to trust someone just because they went to "Slashdot-Meetup".

Re:PIT?

[sketerpot]

Unless I'm forgetting something, the message could just be signed once. PGP encrypted shows more potential, as well as the benefit of being able to have the messages be private. There's also the HashCash system, which challenges people emailing you with a one-way hash computation that they have to perform. This takes a bit of computer time, and as computers get faster you can just make mailers hash more.

Personally, I like the PGP encryption idea.

Re:PIT?

[sqlrob]

Look at it this way.

Those 2 Billion are from one spam run (major assumption, they're probably not, but there's still large chunks in there)

Case (1) - It's signed once, meaning the content of the message is identical. Filters can handle the entire load simply. Time cost : 5 ms, Delivery: None

Case (2) - The messages are different, meaning a signature has to be done for each. Time cost: 116 days Delivery: full (barring other blacklists/filters)

Case (3) - The signature is bogus. Toss it, tar pit / block that IP. Time cost: None. Delivery: None

Yeah, Right

[sqlrob]

So, how long has IPV6 been out? How much of the net is converted?

Re:Yeah, Right

IPV6 isnt finished yet. And nobody is using it because there is no global plan for a protocol-swap.

Re:Yeah, Right

[sqlrob]

And you're expecting this to have one?

Never mind that you're still open to spam during the conversion if you want to talk to anyone that isn't converted.

Re:Yeah, Right

[carpe_noctem]

Bad example, IMO. In my experience, IPv6 hasn't caught on because IPv4 still works, and there's no major incentive for most big networks to upgrade because there's no features they need that can't be done in 4.
With spam, however, a new protocol for SMTP that could provide protection against virii and spam would provide a sufficient incentive for upgrading.

Re:Yeah, Right

IPV6 is probably not a particularly good example. I, as a sysadmin for an ISP, cannot deploy IPV6 until a workable solution for multihoming appears. Since I don't qualify for the draconian requirements for provider independent address space in IPV6, I cannot multihome (under current technology) which means I cannot provide the same level of reliability which I am currently able to provide on IPV4. This is probably the reason a large chunk of the established world has not even started to switch.

"Tripoli", however, does not have that issue. It can be run in parallel over existing network infrastructure without requiring large technological investments by companies wishing to support it. (Once any necessary software exists.)

I thought

[Enrico+Pulatzo]

that Public Key Encryption was the answer to email woes. PK just needs to be adopted across the board.

I thought about writing more, but I really don't see the need to.

Re:I thought

[axxackall]

I absolutely support that PK is the way to protect email. However, the trick is in infrastrucure, PKI.

What is the % of email users receives their MUA (email clients) with PKI support? Is there any PKI support in Yahoo and Hotmail free email hosting systems? How about AOL, Earthlink and other ISPs?

OK, my friends have god Evolution and Outlook, both with PKI support. Is it right that they can sign email and read it? No problems between proprietary and open standards?

Finally, what CA can they use? How easy is it? Is it free?

And don't forget: do all (or most of) email users know what is PKI and why they need it?

Persoanlly I use GPG. But I see (and experience!) lots of problems with PKI and with other users because of most questions above have not-so promising answers.

Re:I thought

[budgenator]

I had a lot of trouble understanding PKI but finaly it came clear to me; PKI does not need a Certificate Authority because the encryption and authenticity of the sender are two seperate things.
1. to authenticate myself, I need to digitaly sign the documents with my certificate. the validity or trust level is dependent on how rigorously I have to prove my identity to the CA and how much trust the CA itself has. Anyone can set themselves up as a CA, the software is available.
2. to encrypt an Email all that is needed is a public key. the public key allows anyone to encrypt an Email, that only I can decrypt, because only I have the private key. Anyone can have My public key, and they are often stored online in lots of places like keyservers, personal webpages, even on slashdot.

So why would pki encryption help fight spam? the answere is it's expensive, it costs computational time. A guy like Rosky wants to send me a spam, he has to, compose the Email and forge the headers, then he has to get my public key, then he has to encrypt it which takes time, then he has to send it. Rosky brags that he can send 640,000 Emails an hour, there is no way he can do that with encryption, he might be lucky to send 640 (I just guessed that number) an hour with encryption. There is no way that he can pay for a T1 line with a .001% responce rate and encryption, so he gives up and goes into IM spam instead! Of course if he's psycologicaly married to Email spam he could expand his twenty computer set up in his basement to real data center and still do it.

Re:I thought

[axxackall]

You don't understand PKI or I don't understand you. Or let me just explain better my points, which might correct you or just put more details for what you have already said:

1. encryption will close the content of the message until decryption and thus it's good only to close a proprietary content. Eencryption by itself doesn't let me trus or distrust th thender. So, I still want to protect my mailbox from untrusted emails;

2. the only two ways for me to trust email messages is either (A) it's signed with a private key, which public counterpart is already in my keyring and thus I trust it, or (B) it's signed with a private key, which public counterpart is available online on some keyserver *AND* I trust such keyserver (that makes that server to be CA for me). A-signs are common between friends and partners, while B-sign is the way to trus previously unkown sources.

My goal is to read only email from trusted sources: my friends (I've got their public keys) and from publicly trusted sources. Therefore CA must make me to trust all keyholders hosted there. Therefore CA must revoke public keys after getting enough of compromising complains. It's a business and it cannot be free.

It won't be too expensive to buy such publicly trusted key if you buy it rarely - when you register your company with CA and you do it only once at the beginning. But it will certainly hurt spammer as they would have to buy such certificates again and again.

In business one of good practices is insurance. If several spam victims go to court and prove they've been hurt by spam from CA-trusted sources, then the court might apply charges not only to spammers, but also to CA for falsificated trust information. Therefore CA might charge different prices for different clients based on potential risks. Companies without bad trust history may pay less. Company with a bad trust history must pay more. And CA might hire private investigators to figure the trust history out as banks do before giving the credit.

If the picture above sounds sweet for you - wake up. It's not gonna happen soon. There is no such business practice between companies. More important - there is no such culture of "hygienic" email usage between regular users. That's why in a lack of demand Internet infrastructure doing nothing to stop untrusted email flow.

Re:I thought

[budgenator]

what I was trying to say is if only encrypted email is going to get thru to anyone, then the spammer would have to individualy encrypt each email with the addressee's public key. even when automated, it would be computationaly expensive, basicaly a tax paid with cpu cycles instead of money. Grandma isn't going to notice that her email to aunt sally take a half second longer, but she's not sending 640,000 an hour either.

Re:I thought

[axxackall]

Grandma isn't going to notice that her email to aunt sally take a half second longer

Wrong. Grandma won't be able to read a word, as (1) you suggest to encrypt instead of to sign, (2) Grandma is still using either old MUA without decryption or public webmail account on yahoo/hotmail/localISP. What you suggest is breaking backward compatibility and thus no one will support your suggestion.

Besides, stealing the public key of your grandma (if it's published online is not more difficult than stealing her email address, even less difficult as it's oublished on well known keyservers. As for few more CPU cycles - it's loughable.

One more attemt to correct you: instead of encryption new-generation of email receivers (either MUA or MTA or both) should accept only signed email and signed with only trusted (from friend or from CA) key. Therefore old-generation will be still able to read email, ignoring it's signature header/footer leaving spam unfiltered (or filtered by old black-list-pattern methods and motivating the reader to migrate to new-generation. As for spammers - any attempt to go around will punish by revoking the key and thus forcing to pay a really big chunk of money for penalty as well as for new key, bigger and bigger with every revokation. That is not loughable - that will destroy a spam industry in no time.

The concept of my suggestion is: no more anonymously sent email. I understand many remember their human right and will demand the right to send email anonymously. Pay attention: no more anonymously sent email. If you want to send email anonymously and you sure it won't be revoke your trusted certificate - send it through special proxy, aka mail-list. You send it with signing it, they re-sign it with mail-list key (still trusted) and forward it to subscribers anonymously. If you send one time spam through the list, the list hosting company will be punished, they will have to pay to renew the key after temporal revoking, they will revoke your key, so you won't be able to send more than few spam messages through the same list. In other words: No more anonymous *AND* free email. It's either free or anonymous. That doesn't work for spammers. And that what I'd like to see around me.

Site Quote

PFIR - People For Internet Responsibility
TRIPOLI Project Press Release
May 8, 2003

PFIR Home Page

PFIR Announces the "TRIPOLI" Project

A Call to Arms to the Internet and Open-Source Communities!
It's Time to Secure E-Mail, Control Spam, and Empower E-Mail Users!

People For Internet Responsibility (PFIR) co-founders Lauren Weinstein and Peter G. Neumann today called on the Internet and Open-Source Communities to consider a proposal for the most significant and far-reaching changes to e-mail systems since the creation of the Internet and its ancestor ARPANET more than 30 years ago.

PFIR today released a white paper describing a proposed project to consider the implementation and deployment of widespread encryption, authentication, anti-spam, and other advances directly into the fundamental structure of Internet, intranet, and local e-mail systems.

The "TRIPOLI" project overview paper located at:

http://www.pfir.org/tripoli-overview

describes the proposed new environment which focuses on ensuring that choices and power regarding e-mail are vested directly with e-mail users themselves, rather than with Internet Service Providers (ISPs) or government agencies.

The changes described by the TRIPOLI proposal could be gradually implemented, largely based upon open-source software tools that already exist. Ultimately under TRIPOLI, the volumes of forgeries and spam (both received by users and traversing the Internet) would be drastically reduced, by default all e-mail would be encrypted, and e-mail users would have essentially complete control over how they individually choose to send and receive e-mail.

"Current e-mail systems were not designed to deal with the kind of world we have today -- they've become a hopeless nightmare for users and ISPs alike," said Weinstein. "E-mail users are inundated with spam, forged mail, and other garbage, and unfortunately the actions many ISPs are taking to try control spam and other e-mail are shackling their honest customers with unreasonable restrictions and making matters even worse. Some of the proposed anti-spam laws may also exacerbate these problems without really controlling spam at all. Legitimate e-mail users need to be put back in the driver's seat, and there isn't a moment to lose."

"These problems are getting more severe every day," said Neumann. "Not only are users and networks drowning under spam and other e-mail deficiencies, but basic matters of security and reliability on the Internet are being largely ignored under the current intolerable situation. These critical problems simply cannot be fixed without coordinated and major changes to the way e-mail is handled throughout the Internet. It's going to be a big job, but we have to get going on this right now."

PFIR hopes that the TRIPOLI proposal can act as a starting point for discussion and implementation of systems to solve the many e-mail problems that exist today, in a manner that empowers users rather than unfairly restricting them. PFIR invites the participation of the open-source and Internet communities at large towards these crucial goals.

Persons interested in participating or getting more information about the TRIPOLI project can send e-mail to:

tripoli-info@pfir.org

or use the contacts listed below.

- - -

CONTACTS:

Lauren Weinstein
lauren@pfir.org
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
http://www.pfir.org/lauren

Peter G. Neumann
neuma

Why do people bother

[gorbachev]

SMTP is here to stay and it won't change within any reasonable time period. It's unfortunate that it's so unsecure, but that's just the way it is.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first so that they won't be able to run away while you slowly torture them to death.

Re:Why do people bother

[that_guy]

They bother because it *is* insecure. SMTP is going to be around for a while, but that shouldn't stop a better MTA protocol from being developed. Kinda like ipv6, although thats takeing a lot longer than anticipated :)

Re:Why do people bother

[Synn]

And gopher works fine for browsing documents online, so why would anyone use that stupid http thing...

Considering how much spam is a problem for ISPs, I think you'd be suprised how widespread adoption of SMTP2 would be if it actually kill spam.

Re:Why do people bother

[Nutcase]

It's unfortunate that it's so unsecure, but that's just the way it is.

I think it's great that it's not secure. Just like every other classic protocol that truly supports the net (tcp, ip, ftp, etc), it's not about what you put over it - it's about moving data as it's told. This distinction is what makes it so difficult to control or "own" the net. I don't believe we could build a "secure" protocol that retains the inbuilt freedom that we have today.

Yes, people abuse that freedom just like they do any other, and yes, spam is so annoying that many who normally fight for freedom now beg to take it away in this instance, but there are solutions that don't involve removing freedom for everyone.

The idea of challenge response is good.. as is baysian filtering.. as is pgp key signing, etc...

And the solution to the abuse of bandwidth on the servers is not to recreate the protocol. it's to make sending spam pointless in the first place - and that happens at the ends. The middle needs to be stupid in order to be smart.

And now my shameless (and probably inaccurate) retelling of "the world of ends" will itself end.

Re:Why do people bother

SMTP is here to stay and it won't change within any reasonable time period. It's unfortunate that it's so unsecure, but that's just the way it is.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first so that they won't be able to run away while you slowly torture them to death.

Re:Why do people bother

[Xentax]

True, if everyone was filtering their email to where noone ever saw any spam, the problem would die off from lack of demand.

But, IMHO, that's a pipe dream. There will always be a fair number of people who will receive spam against their will (with the current system), and there will always be a small (and idiotic) subset of those people who will fall for the scams and thus keep spamming alive as a business practice.

The kind of solution Tripoli proposes would keep spam from being delivered in the first place, and make it easier to discourage ISPs from tolerating spamming customers for short-term financial gain. Both of these will (IMHO, naturally) go a lot farther in containing or even eliminating the "spam problem".

Xentax

Re: Why do people bother

SMTP is here to stay and it wont change within any reasonable time period. It's unfortunate that it's so unsecure, but that's just the way it is.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first so that they won't be able to run away while you slowly torture them to death.

Re: Why do people bother

SMTP is here to stay and it wont change within any reasonable time period. Its unfortunate that it's so unsecure, but that's just the way it is.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first so that they won't be able to run away while you slowly torture them to death.

Re:Why do people bother

[Jeremi]

SMTP is here to stay and it won't change within any reasonable time period. It's unfortunate that it's so unsecure, but that's just the way it is.

A journey of a thousand miles starts with a single step. Even if Tripoli isn't adopted for another 30 years, at least if they start working on it now it will become the de facto standard in 2033, instead of never.

Whoa, boys..

[grub]

Have they passed their recommendations by Al Gore yet?

Re:Whoa, boys..

[DeltaSigma]

That was really funny until I finally found out that Gore never said he created the internet, but rather suggested that many topics he tackled in politics directly benefitted the widespread adoption of the internet during its earlier stages of growth.

Re:Whoa, boys..

[bnenning]

While Gore never claimed to have invented the Internet, his statements were exaggerations. See here for a balanced discussion.

Posted Article

[DarkBlackFox]

In case of slashdotting, the text of the article reads:

People For Internet Responsibility (PFIR) co-founders Lauren Weinstein and Peter G. Neumann today called on the Internet and Open-Source Communities to consider a proposal for the most significant and far-reaching changes to e-mail systems since the creation of the Internet and its ancestor ARPANET more than 30 years ago.
PFIR today released a white paper describing a proposed project to consider the implementation and deployment of widespread encryption, authentication, anti-spam, and other advances directly into the fundamental structure of Internet, intranet, and local e-mail systems.

The "TRIPOLI" project overview paper located at:

http://www.pfir.org/tripoli-overview

describes the proposed new environment which focuses on ensuring that choices and power regarding e-mail are vested directly with e-mail users themselves, rather than with Internet Service Providers (ISPs) or government agencies.

The changes described by the TRIPOLI proposal could be gradually implemented, largely based upon open-source software tools that already exist. Ultimately under TRIPOLI, the volumes of forgeries and spam (both received by users and traversing the Internet) would be drastically reduced, by default all e-mail would be encrypted, and e-mail users would have essentially complete control over how they individually choose to send and receive e-mail.

"Current e-mail systems were not designed to deal with the kind of world we have today -- they've become a hopeless nightmare for users and ISPs alike," said Weinstein. "E-mail users are inundated with spam, forged mail, and other garbage, and unfortunately the actions many ISPs are taking to try control spam and other e-mail are shackling their honest customers with unreasonable restrictions and making matters even worse. Some of the proposed anti-spam laws may also exacerbate these problems without really controlling spam at all. Legitimate e-mail users need to be put back in the driver's seat, and there isn't a moment to lose."

"These problems are getting more severe every day," said Neumann. "Not only are users and networks drowning under spam and other e-mail deficiencies, but basic matters of security and reliability on the Internet are being largely ignored under the current intolerable situation. These critical problems simply cannot be fixed without coordinated and major changes to the way e-mail is handled throughout the Internet. It's going to be a big job, but we have to get going on this right now."

PFIR hopes that the TRIPOLI proposal can act as a starting point for discussion and implementation of systems to solve the many e-mail problems that exist today, in a manner that empowers users rather than unfairly restricting them. PFIR invites the participation of the open-source and Internet communities at large towards these crucial goals.

Persons interested in participating or getting more information about the TRIPOLI project can send e-mail to:

tripoli-info@pfir.org

Re:Posted Article

Karma Whore. Punish appropriately.

Re:Posted Article

You are the second idiot to repost the text of the webpage. It's pointless to keep reposting the same crap. If people want to read the page, they'll go to the site.

Re:It's called "IMAP"

[conteXXt]

I don't think they are discussing the mailbox protocols here.

I think it's the transports (MTA I believe, think MX records)

Great another fix for e-mail

[stanmann]

Will the Big ISPs buy in?? Otherwise it will never be particularly usable esp since AOL is two of the largest ISPs in the country. I think that we will be more likely to be using whatever the AOL Earthlink consortium come up with.

User controlled....

[zoobaby]

I know very little about this so correct me if I am wrong. The only way to really let each user have complete control over email, would be for each user to have there own mail server and/or domain. This is why most people let their ISP's handle their mail. And you would still get crap from bulk mailers, spammers.

Authentication

[rprime]

What is to keep spammers from setting up a "tripoli" authenticated MTA?

Re:Authentication

TRIPOLI

Players and Equipment

Three in One is best for 4 to 7 players (and is possible for 2 to 9). It requires a standard deck of 52 cards, the cards ranking in each suit, from low to high: 2-3-4-5-6-7-8-9-10-J-Q-K-A. You also need a supply of chips for betting, and a board or cloth marked out to receive the various stakes. The layout looks something like this:

3 in 1 layout
The Deal and Placing the Stakes

Before the deal, each player must place nine chips on the board - one on each of the labelled spaces: ace of hearts, king of hearts, queen of hearts, jack of hearts, ten of hearts, king-queen of hearts, 8-9-10, kitty and pot. It may be that some of these spaces already contain unclaimed chips from previous deals; in this case the new chips are added to these.

The dealer then deals out the cards one at a time, clockwise, to form one hand for each player plus a spare hand. The spare hand does not belong to anyone. Some players will have one more card than others.

If as dealer you do not like your hand you can exchange it for the spare hand. You are not allowed to look at the spare hand before deciding whether to swap. If you do swap, your whole original hand is discarded face down and becomes the spare (you cannot combine cards from the two hands).

Alternatively, the dealer can offer the spare hand unseen for sale to the highest bidder. The person (if any) who buys the spare hand discards their own original hand face down and pays the dealer in chips the amount bid for the spare hand; if you auction the spare hand and no one wants to buy, you still have the option to swap your hand for the unseen kitty. Another possibility is to exchange your hand for the spare and then auction your old hand to the highest bidder. What you cannot do is exchange your hand for the spare and then exchange back - once you look at the spare hand you have to keep it.
First Stage - collecting stakes for pay cards

Anyone who holds the ace, king, queen, jack or ten of hearts takes all the chips from that space.

If a player has the king and queen of hearts, that player takes the chips from the king-queen space, in addition to the chips from the king and queen spaces.

The chips in the 8-9-10 space can be taken by a player who has an 8-9-10 sequence in one suit (for example spade8-spade9-spade10). The 8, 9 and 10 must all be in the same suit, but the suit does not have to be hearts. If two or more players have 8-9-10 in different suits they share the chips in the 8-9-10 space equally, leaving any remainder on the layout for the next winner.

Usually the chips in some of the spaces are unclaimed - these are left on the layout to be won in a future hand. Since more chips are added to each space at the start of each hand, the king-queen and 8-9-10 spaces, which are less often claimed, tend to produce higher winnings when someone does have the right cards.
Second Stage - Poker

Before the stops play begins, there is a round of poker. Everyone selects five cards from their hand that they wish to play poker with, separates them from the rest of their hand, and temporarily puts the other cards aside. You do not necessarily have to select the cards that form your best poker hand (you may have cards that you do not want to reveal until the stops part of the game, especially if you play the variation where stakes are collected from the layout in stage three rather than stage one). If you are not familiar with poker combinations, see the ranking of poker hands page for details.

All poker bets are placed in the pot space of the layout. The player to dealer's left begins the betting, and can either bet (putting an additional chip or chips in the pot) or check. If the first player checks, the next player can bet or check, and so on clockwise around the table. If everyone checks, all the poker hands are exposed and the player with the highest hand takes the pot.

If a player bets, it is no longer possible for subsequent players to check. After a b

The "start over" fallacy

[Ars-Fartsica]

You see this in software too. People think if they just "start over", everything will be okay. Wrong! You just get a new set of problems.

SMTP is here to stay. We're going to have to live with it. Spam control filtering is getting better and there is a good chance that together with decent legislation, spam can be reigned in. A new system will ultimately just create new kinds of abuse, which wil lrequire the industry to take another two year cycle to address.

Re:The "start over" fallacy

[FortKnox]

My thoughts exactly. And not only will it just introduce new problems, how do you plan on switching millions of international users to a new system?

The best, cheapest, most efficient way to handle the issues with email is to fix email, not kill it and start again.

Re:The "start over" fallacy

[poot_rootbeer]

You see this in software too. People think if they just "start over", everything will be okay. Wrong! You just get a new set of problems.

That's why I'm still using MS-DOS 1.0! All this silly "start over" crap Microsoft pulled with later DOS versions and then this Windows horseshit provides absolutely zero benefit to the user!!!

Everything WON'T be okay forever if we migrate away from SMTP and something more securable, but it will be BETTER.

Re:The "start over" fallacy

[Fluid+Truth]

If you think the Windows path that lead up to Windows ME wasn't just a series of "fixes" to MS-DOS 1.0, you're kidding yourself.

Re:The "start over" fallacy

[Jeremi]

You see this in software too. People think if they just "start over", everything will be okay. Wrong! You just get a new set of problems.

True, but sometimes it is still worth it, especially if your new set of problems (e.g. getting people to use the new protocol) is solvable given enough time and effort, and the old set (e.g. SMTP being insecure and spam-friendly) was not.

As they say in software, "prepare to throw your first attempt away. You'll end up doing that anyway."

SMTP is here to stay. We're going to have to live with it.

For the next 5 years, sure. For the next 10, maybe. But for the next 50 years? The next 100? Surely not (or if so, I'm going to be very depressed!)

Re:The "start over" fallacy

[rabidcow]

You see this in software too. People think if they just "start over", everything will be okay. Wrong! You just get a new set of problems.

False. You *may* get a new set of problems, but if you design properly, it will be a *smaller* set. In fact, you're more likely to get more problems if you just apply a patch to the existing system, because now the system is more complex.

The problem in this case is not that you definitely will get new problems, it's that the cost is very high if you do.

PIT/PCA Questions

[Hayzeus]

I may be wrong, but what, exactly, is to keep spammers from becoming their own PCA? Why can't they simply generate PITs willy-nilly?

Sure, ISPs can block PITS from unsavory PCAs, but what stops spammers from creating new, bogus PCAs as needed? If there are only a few "recognized" PCAs, doesn't this tend to concentrate power into a relatively small set of entities?

Finally

[Daimaou]

A revamping of the email technology is what needs to take place. Not an internet tax (good crap we are taxed enough already). Along those lines (better technology instead of more bureaucracy) two great technologies that already exist, that help in the email realm, are GnuPG and Bogofilter.

Re:It's called "IMAP"

[JerkBoB]

Hmm... This needs a -1 (Dumbass) moderation.

Think before you post. I know this is /., but jesus that was a thoughtless post.

Follow Apple's lead

[L.+VeGas]

First thing is to rename it "i-mail".

Re:Follow Apple's lead

[sootman]

Close--that would be iMail.

No, No, No

[npcole]

I'm sick of reading proposals (often from industry profit-seeking types) who want to put a paid-for "stamp" or similar "token" on email. (I'm talking generally, though---yes---I did read this paper)

It looks attractive logic:

1. Lots of people use email
2. We offer a system which will beat spam at a cost---our 'trusted 3rd party' or whatever---but only if people who use it can't talk to anyone else, so everyone has to use it
3. Profit.

This is NOT the way forward on spam. Nor, realistically, is anything which re-writes the rules for email. People like editing headers. In fact, if it weren't for spam, people like email as it is---period.

The way forward seems simple:

smtp servers should start requiring genuine users to log in. (though rarely used, there are smtp systems which allow this, and most major clients---yes even the MS ones---already talk to these servers and have done for years)

servers which don't should quickly find their way onto blacklists.

(I shall leave the exact way these blacklists should be used as an exercise for the reader)

Simple. Low cost. Not a business model; but a clear solution.

Anyone want to start writing to ISPs?

Re:No, No, No

So I scrape 500,000 email address from websites and set up my own mail server - you'll still get spam. No law against setting up your own server, which makes your solution useless. You'll just get mail from the big spammers.

Re:No, No, No

[RedHat+Rocky]

1. Blacklists already exist. Since they are optional, the problem still exists. Non-solution.

2. Anyone (ANYONE) can setup a smtp server. How long it remains up depends on a lot of factors, but that basic fact is why spammers exist and why there are servers for spammers to use/exploit.

3. If one could dictate how smtp servers are configured, then no more open relays. spam dies. But we can't, so spam lives.

A radical stance is required to change. Many say SMTP is here to stay. Oh, remember the little UUCP thingy? When did they stop saying "UUCP is here to stay" and why?

Re:No, No, No

[npcole]

So I scrape 500,000 email address from websites and set up my own mail server - you'll still get spam.

Yep. Then I can find you easily.

Or use a whitelist of servers which are run by reputable ISPs.

No...I can't claim to get rid of ALL spam using my method; but it changes the problem simply, with technology which could be used right now, and which would make spam a lot harder to do from anonymous accounts.

Re:No, No, No

[cjpez]

Spammers running their own mailservers are still going to be able to send out spam, though, 'cause they're authenticating to their own servers properly. You could argue that servers with spam coming out of them could just get added to blacklists, but that happens already for open relays, and the whole open relay thing is steadily beoming less of a problem as more admins wise up to it.

Other problems start when you have people using hotmail and yahoo, etc, to send out spam. They're authenticating correctly, they're just using the accounts to send the spam. Your solution makes a lot of sense if SMTP servers are scarce, but broadband being what it is, it's basically trivial to set up one of your own and use that. You no longer have the controls of forcing people to use well-known, trusted servers. (Again, you can play games with blacklisting, but this already happens today.)

Re:No, No, No

[ldspartan]

Uhh, that won't work, as far as I can tell.

I run a small mailserver of a home DSL line. When I send mail to another host, my home server connects via SMTP to that host, and starts a regular SMTP session. I don't have any affiliation with the remote host, so I'm not a "genuine user" and I have nothing to login with. Your proposal works great for spammers sending mail through their ISPs mailserver, but I'd be shocked if any of them actually did that.

--
Phil

Re:No, No, No

[npcole]

So have a whitelist of trusted servers.

Or blacklist ISPs that tollerate private SMTP and do nothing about SPAM.

And blacklist the free web services which don't have some mechanism to discourage the registration of large numbers of accounts.

My point, as I said elsewhere, is not that authenticating smtp users is a solution to all spam in itself, my point is that it would help. A lot.

Re:No, No, No

[cjpez]

Well, yes, blacklisting and whitelisting would work to cut down on spam. My point was more that the lack of authentication on SMTP isn't nearly the problem that it once was now that more and more systems are becoming aware of keeping their relays closed. I don't think that a push towards SMTP authentication would have a bigger effect than the current movement to close relays and the like (though SMTP authentication certainly has OTHER benefits that make it a good idea).

I think that the (black|white)listing scheme has a much better chance of working, SMTP auth or no.

Re:No, No, No

[lamber45]

Other problems start when you have people using hotmail and yahoo, etc, to send out spam. They're authenticating correctly, they're just using the accounts to send the spam.

Hotmail and Yahoo have been used for spamming in the past, and they've already added controls to make it hard, like limiting the number of recipients for a single message.

I think the really big e-mail providers should set up a way that other organizations can verify that mail is really coming from them (mabey just publising their servers' IP addresses); then I could cut out some spam that has a "From:.*@yahoo.com" header but wasn't sent from there.

Re:No, No, No

[DrHyde]

> Or use a whitelist of servers which are run by
> reputable ISPs.

Are you aware just how many reputable ISPs there are? How many spring into existence or fade into the night every week? How often they move their servers from one address to another?

The small - and reputable - ISP I use will, no doubt, be one that you and most other ISPs and network operators have never even heard of. Your scheme would result in two users of small ISPs being unable to exchange mail unless they were to move to a bigger, shit ISP. That is unacceptable.

Re:No, No, No

[budgenator]

I doubt if many of the Hotmail/yahoo/whoever Email accounts are realy sending out the Emails, have you ever backtraced the ip address to resolve the domains used in sending the emails?
These accounts are just random Email addresses that are forged into the from and reply-to address so something is there. Nine times out of ten the accounts are deactivated before you can reply to them anyways.
The best way to stop the spam is to follow the money, somebody is paying. If they track who sleazey mortgage inc is paying to send the spam, it would stop the problem a lot quicker than any protocol change would.

I predict that the problem will disapate farly soon anyways, when spammers start using the trojan/zombie paradigme to send spam it's surly a sign that they are running out of options and computer trespass is something that the feds take a little more seriously than spam.

Re:No, No, No

[budgenator]

Rent server from rackspace for $99.00 a month, get kicked out after a week; move to a server in china, get kicked out after a month, move to a server in russia. It's no problems to make the rounds in this economy, all the server companies are hungry and over built in the .com bubble.

The spammers like Rosky don't use an ISP like we think of them, they rent a T1 line and send traffic from their home office straight to the rented severs all over the world,which relays the spam.
When your on a dialup/cable/dsl ISP you're paying for a slew of services like pop/smtp DNS some lame content on the "home page" and of course some band width. All the spammers want is bandwidth, don't need a pop server, nothing is sent back to them, they don't need a smtp server because they rent that from a disposable third party, they don't even need dns because they know the address of the rented server. The telecom that's providing the bandwidth doesn't know or care what they are sendin over the bandwidth, the remote server doesn't know or care until they get complaints and blacklisted.The spammer just moves on and lets the last server company cool off when the server gets blacklisted.

Get it right the first time..

[KD7JZ]

Problems like the current state of e-mail always
inspire me to consider the need to do things
right the first time. There are many good systems
that grow organically and work well but at some
point it is realized that there are major holes.
At that point the installed base is too big...

Re:Get it right the first time..

[Aviancer]

Yah well... SMTP was great in the early days of the internet. Why, if I wanted to send an email to my prof, i just did it. There was no point in forging headers -- I had nothing to sell. There were no websites or commercial venture on the 'net at all. It existed solely for idea echange between acedemics and acedemic wannabes. We definately need a micro-payment/postage system a-la this.

Like all PKI schemes...

[stevens]

...it lives and dies by the efficacy of the CAs. If the CAs suck, then the credentials they send with email mean nothing.

I like the idea, but I wonder which sort of orgs are going to be their "PCAs"? ISPs pretty much allow any comer onto their network, so giving all users a cert wouldn't stop people from making temporary accounts for spam.

Perhaps the ease with which MTAs could cut off CAs (like cutting off domains) would help give incentive to ISPs (or whoever is the PCA) to crack down on their customer base, but that strategy is only marginally successful today. Why would creds make this strategy any better?

Perhaps MTAs would be harder to config as open relays, because authn is required. But what percent of spam comes through open relays? If it's a big percentage, then this may help.

Has anyone analyzed this scenario? I'd like to hear some informed thoughts on what sort of email regime we could expect if this were implemented.

Re:Like all PKI schemes...

[realdpk]

The cut-off-domains strategy is not very successful today because it's done so very poorly. Many (or most?) spam fighting organizations believe in colateral damage above all else, and more importantly are not run responsibly, so a lot of admins are wary to use them.

However, if the admins could easily turn on and off certain MTAs or CAs access to their mail servers, at will, that would be far more useful. The admins would have the tools to better be in control and to more easily manage the situation.

A lot of spam does come through open relays - a lot also comes through open form feedback scripts. Both would be taken care of by this sort of thing. Even if the form feedback script sent signed e-mails, it'd be trivial to add their signature to the block list.

Personally, I like the idea of every ISP being its own CA and signing for its customers. People could choose not to trust CAs or not to trust specific customers of those CAs. Much easier than the systems we have in place now (IP blocks, keyword parsing).

Re:Like all PKI schemes...

[Angry+White+Guy]

Personally, I like the idea of every ISP being its own CA and signing for its customers.

If anyone can make a certificate, then it's no good. If only an ISP can, what constitutes an ISP? I can send e-mail, I can set up a server, am I an ISP? If my cert gets blocked, can I not create another one? If I'm not a business, can I still run my own servers?
If I do not qualify to be an ISP, then the internet has gotten a lot more commercial, and has a lot less attractive to me.

Re:Like all PKI schemes...

[realdpk]

So what would you suggest? First you say "if anyone can make a certificate, then it's no good", then you say "If I do not qualify to be an ISP, then the internet is a lot less attractive to me". Do you want it such that only ISPs can make certificates, but the only qualification to be an ISP is to run your own mail server? Wouldn't that be the same thing as everyone making a certificate?

Perhaps there could be a few central CAs, run by non-profits (keep Verisign OUT!), to manage signing ISP CAs. That way ISPs couldn't just make their own all the time and expect them to work.

It's more restrictive, but you could presumably get your ISP to sign your certificate. And, if you really wanted to for some reason, you could try to get them to sign your CA, so you could issue certificates.

Re:Like all PKI schemes...

[iabervon]

The main problem is that there are no trustworthy third parties. Any solution which requires that someone be certified by a third party is doomed, because third parties are either untrustworthy or not accessible to the masses.

What this proposal fails to take into account is the fact that the real problem is email without a valid and authentic return address. This return address could be fail to be able to receive actual mail, or may be a pseudonym, but it should exist, and sending email with a given address should use exactly the same capabilities as receiving email with that address.

This would mean that users would have to send email through their ISPs in order to use their ISP email address, but they could equally well send email with some other address if the MX record for that address pointed at them.

Of course, there is a trusted third party: the domain registrar. But this party is already used for practically everything else, including authenticating the receivers of email, so this isn't a new authority but simply additional consistency.

Re:Like all PKI schemes...

[Stevedust]

Perhaps the ease with which MTAs could cut off CAs (like cutting off domains) would help give incentive to ISPs (or whoever is the PCA) to crack down on their customer base

Wait just a second there... A lot of the spam that finds it's way to my inbox comes from hotmail accounts. Quite a few of my genuine mail comes from hotmail accounts.

Some ISP's are sooo large that no-one would dare block them. Which means these ISP's have little incentive to do anything about the miss-use of their facilities. Which means spam continues.

Re:Like all PKI schemes...

[budgenator]

Seems to me that all major ISP's use load ballencing to direct an address to a server that can take the traffic. Set up one sever to query the sender, reply-to, and bounce-to as a valid users in order to delever the email would work. If it does then depending on bandwidth for the recieving server to autheticate these addresses, they could add or remove to suit the available bandwidth and computer time.

If the spammer expects a 0.01% revenue generating Email resonse, blocking that one Email means that they would have to send an extra 10 thousnad Emails to break even, clearly a losing proposition because the ISP's would have only to add a few more authenticating servers to the pool.

Re:Like all PKI schemes...

[iabervon]

The problem with that is that spammers frequently do use valid sender, reply-to, and bounce-to addresses, just not their own addresses. The trick is to authenticate the mail as coming from the same person (or entity) who would receive a response. After all, if there's anything that spammers have a lot of, it's valid email addresses.

Too Bad.

[dracocat]

I disagree, migrating from SMTP would not be THAT difficult. Give it a 3 year phase in or whatever, and people WILL change.

Would you change your e-mail system if it eliminated SPAM? Thats what I thought.

Now... Its just too bad that this is being done by People For Internet Responsibility (PFIR). Can't a real organization tackle this? Wouldn't something like this have a much better chance for success if a standards board were doing the white paper? Who is going to implement a suggestion by PFIR. Really.

Oh well...

Re:Too Bad.

[jellomizer]

Well After comming up with the protocall. And getting 1 working server to make sure the protocall actually works correctly. Then they should put a huge effort in getting all the major e-mail clients to start supporting it. Then when there is a critical mass of e-mail applications that work with it. Then do the push for all the servers to start using the proticall. That way when the servers switch the infrastructure is already in place.

Re:Too Bad.

The names protocall and proticall are registered trademarks owned by our client, Hukt-On-Fonix, Ink.. Please forward the annual license payment in the amount of $15,000 to our account.

Thank you.

P.S. Registration of comming is pending.

Re:Too Bad.

[Daniel_Staal]

Would you change your e-mail system if it eliminated SPAM? Thats what I thought.

No, I wouldn't. The new system would have to offer other benifits also. My spam filters have had one false positive in the last two years, and have around 3-4 false negatives a week. That's solved as far as I'm concerned.

Re:Too Bad.

[Micah]

In my view, filters are NOT an acceptable long term solution. The spam is still getting sent. Mail servers still have to deal with it. Parts of the world with low bandwidth and high costs will still pay MONEY for it directly (and the rest of us will still do so indirectly).

Yes, SMTP needs to be replaced.

Re:Too Bad.

[Daniel_Staal]

I would argee with you, except for one further fact: I occasionally turn off the auto-delete in my filters (just to double check), and my actual amount of spam I'm getting is going down. Apparently the fact that I A: never buy anything, and B: report the spam to razor and the like, is making my address (which is still publicly posted in places like /.) less and less attractive.

Good filters kill spam. They even stop it from getting sent. It surprises me too.

introducing... the wheel!!

[pitc]

i read the paper, but i don't see what is so new with this. the suggestions it makes seem to be similar to methods for email encryption and spam filtering that are already in place.

joe emailer hasn't taken the time to figure these existing methods out, that's why it seems as though they're not working. i don't know what tripoli is going to offer that will get joe off his butt and get him signed up with a "Pit Certificate Authority".

Prosecute Spammers

[dafoomie]

The only thing that can stop unsolicited spam are laws and prosecution. No matter how complicated the system may be, it will never completely eliminate spam. Go after spammers with the same verocity as the RIAA would with file swapping. Get some anti-spam laws with some teeth.

Re:Prosecute Spammers

[Fastolfe]

Go after spammers with the same verocity as the RIAA would with file swapping.

Yah, because that's working.

Laws aren't the answer either because spammers are increasingly relocating offshore. How are you going to get your laws to apply to them?

Laws might help, especially for some domestic spammers or companies that stupidly contract a spammer's services, but it's never going to do the job.

A solution from both worlds seems like it has the best chance of succeeding.

Obligatory Franklin Quote

[Gothmolly]

Those who would trade freedom for security will lose both, and deserve neither.

The current "hysteria" over spam is going to lead the Joe Sixpacks and the Mothers-protecting-their-children crowd to accept, indeed to beg for, restrictions on their liberties, all in the name of "stopping those spammers". For the rest of us, for whom "WWW" is NOT synonymous with "The Internet", this could have dire consequences. What if I run my own server, and I'm not "blessed" by the current Official AntiSpam Policy Du Jour ? Do I lose out?

Spammers suck, use your filters. DON'T give the government (and media giants, and Big ISPs) the authority to rewrite the way that the Internet works.

Re:Obligatory Franklin Quote

...And those who trade on Ebay deserve PayPal.

...And in the Soviet Union, security and freedom do not deserve YOU.

...Imagine a Beowulf cluster of Benjamin Franklins -- Never mind; while it would be elegantly designed, it probably wouldn't scale beyond light extemporania.

:-)

Re:Obligatory Franklin Quote

Can we assume that you believe the national do-not-call list is also a bad idea?

Re:Obligatory Franklin Quote

[stephenbooth]

Those who would trade freedom for security will lose both, and deserve neither.

Phrased that way it actually works both ways. The reality, as I see it, is that to maintain the greater freedom (to send and recieve the mails you want whilst avoiding being overwhelmed by the mass of junk you don't and your server.connection dying under the excessive load) you have to be prepared to sacrifice some of the more trivial freedoms (e.g. the freedom to send out the latest joke you heard or an advert for some product you created to 100,000,000 people who you are sure really want to know about it). I guess 'the rest of us' have to get out from our chairs and off the keyboards to educate the legislators and joe-sixpacks into how to deal with spam without saccrificing the freeedoms we feel are more important.

Any ideas?

Stephen

rehash of existing proposals

[rkhalloran]

Lauren's rep is impeccable, but this is just a non-starter. It's basically a rehash of the 'whitelisted mailers' proposal that many anti-spam crusaders are pushing, with the [sarcasm mode on]MINOR CHANGE[/sarcasm] of replacing SMTP as the mail transport.

As bad as the spam problem is, it's unlikely that you can get sufficient momentum in the community to displace one of the primal IP application protocols anytime soon. The solution, for better or worse, is probably going to be a combination of filtering technology, $$ legal judgements $$, and Ghu help us, legislation.

(Though anyone taking up a collection to hire the Narn Bat Squad for re-educating spammers please let me know...)

Re:PIT/PCA Questions

It would seem so. Like any certification mechanism, you've got to trust the certifiers. And in practice, that means a few big ones.

I found the point especially odd considering the polemic in the beginning about how individuals need to have their own MTAs that can negotiate around port restrictions lest the evil ISPs control them.

A verbose article, which didn't seem very consistent. The kernel idea (don't allow forged headers) has been brought up a number of times. Not much value added here.

New Spam!

[Beatbyte]

Increase your e-mail infrastructure size by inches!

With our new herbal nutrient, you will have a larger, safe, naturaly enhanced e-mail infrastructure in days!!

email shouldn't be free

[mrped]

Instead of proposing yet another certificate authority scheme (which is PITA to use), why not just charge for email.

A nickel an email will surely slow down spam. Maybe the money could go to some Internet Infrastructure fund or something.

Re:email shouldn't be free

yer a dumbass. feel free to pay my share.

Re:email shouldn't be free

You're a muppet.

Spammers don't tend to use their ISPs mail server in the first place; if they did, it'd be trivial to catch them and put and end to the problem.

Spammers tend to use open relay 9ie badly set up) mail servers; ones that aren't set up properly and are never likely to be. The ISP doesn't have any mail going through *its* mail server, so the email bill for the month is $0.

Not a solution.

RFC 2549 already solves this, and DOSes!

[griffjon]

If people would only use this RFC: http://www.faqs.org/ftp/rfc/rfc2549.txt (IP over Avian Carriers with Quality of Service, a modification of http://www.faqs.org/ftp/rfc/rfc1149.txt), there would be no spam, as the normal can of spam is MUCH too heavy for a carrier pigeon to carry.

Maybe an African Swallow, however...

Re:Oh for fucks sake! Who gives a shit?

well. free software might have no fbi backdoor ?

Kharma Whore - MOD DOWN!

Enough with the Franklin quotes. It's not relevant to the issue here, so I can only conclude you are kharma whoring.

Re:Kharma Whore - MOD DOWN!

so I can only conclude you are kharma whoring.

You can't spell Karma even though it's right in front of your face, so I can only conclude you are an idiot.

Too many goals

[Elentar]

The problem with nearly every single encryption technology, or initiative for securing and improving Internet communication, is that it tries to solve too many problems at once. History has proven over and over again that it's the small, easy steps that move progress forward, not giant ones.

PGP, HTTPS, S/MIME and countless other 'standards' have all made the same mistake in trying to force users to adopt multiple new rules. What's wrong with just providing encryption, without any of the additional burdens of establishing identity? Countless transfers are sent unencrypted every day because the cost of a web server certificate - which is only expensive because it establishes identity - is so high. Anyone can make a server that provides encryption, but such a server is useless with today's browsers. And yet, I'm supposed to have faith that the people Microsoft, AOL and Opera choose to trust are the people that I want to trust?

It is obvious where email will change next, no matter how much money and time is spent on projects like this one. More and more people will use 'virtual receptionist' services that require you to return an auto-reply message to prove that you're real. Eventually, email clients will develop a way to autodetect and autoreply to these messages, until some sort of system is hammered out. You'll write your message, it will be delivered, the receiving server will connect back to you to verify that you're real, and your system will confirm it, all transparently. Someday, it'll happen in real-time, maybe. Spammers won't be able to use this, because of the increased load on a server that must stay online as long as they want their mail delivered.

That's how change happens. Not because of a bunch of idealists get together and tell me to start PGP-signing my mail. You know what? I started doing that 3 years ago. I haven't once found a single person who even knew how to verify my messages. Not to mention the pathetic state that the keyservers are in, full of expired and forgotten keys, and easily corrupted (again, I know from experience - I corrupted my own keys in an attempt to remove them permanently).

-Elentar

Re:Too many goals

What's wrong with just providing encryption, without any of the additional burdens of establishing identity?

you mean apart from the fact that it doesn't buy you anything? if you don't know whose key you're encrypting a message for, it may turn out to be exactly the person you wanted to keep it secret from. conversely, if you aren't sure who sent that mail that purports to have come from Foo Barfly, the fact it was encrypted for your public key is no guarantee of anything useful.

your "virtual receptionist" idea is one way to establish an identity-of-sorts. it establishes that (1) your return address is valid; and (2) there's someone or something paying attention to return mail. if you design the challenge such that machines can't autorespond to it, then your system can further establish it's a someone, not just a something. you're still not sure, of course, that it's the right someone, but you're on your way to establishing a little bit of trust, because your system is telling you something useful about the other party.

all that SSL CAs and/or the PGP web of trust do above this is try to ensure it's the same one entity you speak with every time you send mail to that given address, and try to provide some sort of "official" name or label to identify said entity. as you found out, those things turn out to be a lot more difficult and expensive than most people think. whether you're willing to do without them is up to you.

Re:Too many goals

[jeremyp]

Just get openssl and use it to generate your CA cert and other encryption certs and keys. Then when you want to send encrypted info to other people you can. Of course, there will be all sorts warnings flying about saying "unverifiable certs" *unless* you put your CA cert on a floppy disk and give it to your partners to install in their CA database.

In fact to be truly secure you'd delete all those existing certs from your own CA database (does paying Thawte a stack of cash prove somebody is trustworthy?) and only put in CA certs from people you know and trust in the human sense.

Re:Too many goals

[ftobin]

I have to firmly agree that the web of trust has been a failed experiment. For SSL, it only helps reinforce a top-down hierarchy. For PGP, the web of trust has really failed because it's used so little; it's usually so little work to verify that a certain key belongs to a certain UID, without relying on the trust network. This is sort of why I developed keystory, which looks at the signatures used in a mailing list archive, and gives a simple report of which keys a From address has used.

Re:Too many goals

[ftobin]

if you don't know whose key you're encrypting a message for, it may turn out to be exactly the person you wanted to keep it secret from. conversely, if you aren't sure who sent that mail that purports to have come from Foo Barfly, the fact it was encrypted for your public key is no guarantee of anything useful.

The web of trust was designed so that you could figure out which key to use for messaging a person you had not made contact with before. However, I would argue that the web of trust is so weak, broken, and misunderstood, that it is stronger to simply query the contact directly using maybe two different methods, asking which key they use.

Just look at ssh; ssh flourishes without a web of trust for its keys. I would even argue that because it doesn't take on the burden of promoting a web of trust, it is able be so much more successful than PGP.

The web of trust is an idealistic goal, but unattainable for the forseeable future.

The ugly truth...

[fmaxwell]

I see this as a dangerous time. Many people have discussed going to an e-mail system that relies on encryption and security certificates. Are we going to end up with another debacle like we have now for secure websites, where Certificate Authorities like Verisign and Thawte charge hundreds of dollars every year for a certificate and free certificates set off more alarms than a than a Great White concert in a gasoline-soaked tent?

Will Microsoft make lucrative deals with high-roller Certificate Authorities to include them in the Microsoft Exchange e-mail server? Will you be unable to run a mail server without paying big bucks to some "trusted" Certificate Authority?

If we are not careful, the only e-mail servers that will exist will be commercial e-mail servers where the owners can afford hundreds of dollars every year for certificate renewals.

Why do I believe this? Because I follow the money. If Microsoft, Verisign/Thawte, Netscape, etc. think that there's a way to make money, they will push for a standard that ensures it.

Re:The ugly truth...

Oh, the oppressed poor people! Not only can they barely afford baby milk and dipers, now they have to pay $100 for a SMTP sever certificate in order to host mail.iamsuperl33t.org out of their basement. Woe is them!

Look, the minimum cost of hosting your own mail domain is going to be upwards of $500/year, and that's excluding admin time. A one-time certificate fee should be considered mearly a cost of doing business. The person who cuts you hair probably pays more than that for their hairstylist licence.

A small number of individuals have their own mail domains as a way of establishing their own identity. If they want that identity to mean anything, they should want to protect it.

The only thing remotely agreable in your Woe Is Me rant is that private parties like VeriSign should not be profiting off certificates. It should be function of your government.

Re:The ugly truth...

Are we going to end up with another debacle like we have now for secure websites, where Certificate Authorities like Verisign and Thawte charge hundreds of dollars every year for a certificate and free certificates set off more alarms than a than a Great White concert in a gasoline-soaked tent?

Yes, we are. I'm betting that AOL, Yahoo, MS, and some of the biggiest will adopt such a plan in less than 12 months. Get used to it.

Re:The ugly truth...

[bigpat]

Agreed on SSL. Why should a web credit card transaction be "more secure" than a telephone credit card transaction. The likelyhood that someone is listening to my web transaction is about as likely that someone is listening to my phone call, when I order Chinese, and writing down my credit card number. Yes it happens, but that's why they make jails.

It seems like people were so hell bent on making sure people felt comfortable spending money online that they threw out common sense in the process.

As for email, I haven't read the proposals, but I don't believe any changes are needed to the technology. Like I said before, that's what jails are made for.

It should be very easy to trace data transmissions with the help of the Telecoms and shut down the offenders.

The only change to email I would support is to role in IM support to email, that way you could flag an email as an IM and then the client application could decide to display it differently than other email. Which is all that Instant Messaging really is anyway, email that is displayed differently.

Re:The ugly truth...

[fmaxwell]

Look, the minimum cost of hosting your own mail domain is going to be upwards of $500/year, and that's excluding admin time. A one-time certificate fee should be considered mearly a cost of doing business.

Well, I can see that you have little-to-no experience running a mail server and an equally limited amount of experience with certificates. Like many Internet hobbyists, I run a mail server. It's not for a business. I derive no income from it. It simply gives me a permanent e-mail address and allows me to filter spam (perhaps you are in need of a penis enlarger and herbal Viagra, but I'd rather keep messages advertising such things out of my inbox). I host it on a Dell server that cost me $250 after rebate. I assure you that it doesn't cost me "upwards of $500/year."

The certificate is not a "one-time" fee and it probably would not be $100. It's a recurring fee and the certificate expires. If it is like the certificates used for e-commerce web sites, Verisign will charge $349 per year for 40-bit encryption and $895 for 128-bit. Want to pay $350-$900 per year to run a mail server? How about every small business that has a domain? A two-person company struggling to get profitable doesn't need to be hit with hundreds of dollars of unnecessary fees every year.

Don't assume that something is a wasteful indulgence just because you don't do it.

Re:The ugly truth...

See, the problem is that I do want to get mail from fmmaxwell.com when it's actually fmmaxwell.com and not just the herbal viagra people pretending to be from fmmaxwell.com. I would also like to subscribe to a blacklist that does not block fmmaxwell.com just because he's on a DSL line or because some spammer impersonated him. So it would be in fmmaxwell.com best interest to want to establish his identity.

As for costs, you are probably already paying for static DSL ($65/mo here) and DNS hosting. Anything less and a large portion of the net already blocks your mail. I'd like to hear how you do it for less than $500/year.

My understanding of the proposal is that your existing ISP or DNS provider can operate as PCA and probably would sign the fmmaxwell.com cert at some level as part of the regular service they are already providing.

Re:The ugly truth...

As for costs, you are probably already paying for static DSL ($65/mo here) and DNS hosting. Anything less and a large portion of the net already blocks your mail. I'd like to hear how you do it for less than $500/year.

The author would probably have DSL regardless of whether or not they had a mail server. They can get DNS for $8/year, or free from from places such as homelinux.org.

The only significant cost is electricty. A server that uses a constant 200 Watts at $0.065/kWh would cost $114 per year for electricity. If that server happens to be their desktop machine, the cost is much lower.

Re:The ugly truth...

[fmaxwell]

So it would be in fmmaxwell.com best interest to want to establish his identity.

The reality is that spam gets through not because they pretend to be a trusted domain. Besides, whitelisting millions of domains is not the answer. How would you know whether fmaxwell.com is the domain of a trustworthy party or whether it's one run by a bunch of penis enlarger spammers?

As for costs, you are probably already paying for static DSL ($65/mo here) and DNS hosting. Anything less and a large portion of the net already blocks your mail. I'd like to hear how you do it for less than $500/year.

I'll be happy to tell you. I have a cable modem connection which I upgraded from residential to "SOHO". That upgrade got me a static IP and got rid of the ever-more-restrictive residential TOS imposed by my ISP. The total difference in cost was about $15/month since I had no cable TV/modem bundle discount (I have DirecTV). Even if I was not going to run a server, I would have upgraded to the SOHO package, so that's not an additional cost. If you insist on counting that, it only comes to about $180 additional per year.

The DNS hosting for my domain is handled by three firms that provide the service at no charge: hn.org, dnsexit.com, and zoneedit.com. By using three providers (and, hence, six DNS servers), I have zero down-time due to DNS resolution problems.

My understanding of the proposal is that your existing ISP or DNS provider can operate as PCA and probably would sign the fmmaxwell.com cert at some level as part of the regular service they are already providing.

While that may be the existing proposal, I don't see that ever working that way. Why would your server trust the cert issued by some ISP to some firm in Peru? And what makes you think that an ISP or DNS provider would give anything away? They are looking to make money and would either charge for a cert or, more likely, say "we're the only broadband available to you and we won't deal with the hassle and risk of issuing you a certificate." Besides, how could they trust that Jay Random Customer was not a spammer? If the person turned out to be a spammer, then people might start distrusting the ISP's cert.

Re:The ugly truth...

[mpe]

Agreed on SSL. Why should a web credit card transaction be "more secure" than a telephone credit card transaction. The likelyhood that someone is listening to my web transaction is about as likely that someone is listening to my phone call, when I order Chinese, and writing down my credit card number.

Especially given that the most likely source of leaks isn't the transmission of your credit card details it's what happens to them after they reach the destination.

The only change to email I would support is to role in IM support to email, that way you could flag an email as an IM and then the client application could decide to display it differently than other email.

Something very like this was in the original SMTP spec.

uhmm...Hello?!

[Unnamed+Source]

Just what we need...another group of idiots trying to 'fundamentally change' things. I believe the IETF would be the appropriate place for changing things...

about time

I would actively support a new email standard to solve the current problems, in particular spam. Here is an interesting article about CRN Test Center's anti-spam tool contest. The honorable mention solution looks like a great idea to me. It's basically consists of a white-list of people that never get filtered, a black-list of people that always get filtered. And if you're not on either list, the server responds to the sender with a challenge. If the challenge isn't answered, the email original email never gets delivered. This would cause severe headaches and money if spammers had to respond to "challenge" questions to get your email delivered. To those that say we won't ever be able to adopt a new standard consider this: Yahoo news ran a story the other day suggesting that, as Spam continues to increase and proliferate, it will eventually turn email into an unsuable and ineffective tool. Read it here.

So long credibility

[TedCheshireAcad]

Credibility of idea has been lost due to usage of the word "empower".

Why do people bother

SMTP is here to stay and it won't change within any reasonable time period. It's unfortunate that it's so unsecure, but that's just the way it is.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first so that they wont be able to run away while you slowly torture them to death.

Alternative != replacement

[TomatoMan]

For all of you crying that SMTP will never die because everybody uses it even though it's broken, RTFA.

The Tripoli environment visualizes a "parallel" e-mail system that could operate alongside the existing SMTP e-mail environment for the indefinite future.

Just because SMTP can't be fixed (it can't) doesn't mean it has to die - just that a better alternative has to emerge. I'll keep my SMTP servers running indefinitely and I'll keep SMTP mail, but as better systems emerge I'll be telling people that the more reliable way to contact me is with methods that I know aren't going to give me the experience of picking through the trash when I check my mail. I'll still check my SMTP mail, but probably with decreasing frequency as time passes.

For those of you saying "just improve your filters," (1) give me a filter that can parse an HTML message containing only an image to determine whether it's spam or not (no, you can't reject all HTML mail or mail with attachments, if my brother drags-n-drops a picture of my nephew and clicks "send," I want to receive it), and (2) figure a way to keep the message from being delivered until that determination is made. Post-delivery filtering doesn't solve the bandwidth/cost/traffic problems.

Be courageous, people. Nobody screamed that we didn't need the telephone because the telegraph worked fine. Protocols emerge from changing circumstances. SMTP had its use over the last 30 years, but its time is waning with the onset of the global public internet full of untrusted senders seeking to abuse the system. It's time for a better protocol, and I applaud everyone involved in making a serious effort at developing one instead of trying to fix the unfixable.

Re:Alternative != replacement

[msimm]

The above poster is dead on. SMTP doesn't need to be replaced, that would be a waste of energy. But provide a better alternative and we will naturally migrate towards it.

I mean imagine we where talking about DSL. If you had your choice between AOL dial-up or a highspeed connection for about the same cost and convenience which would you choose?

Re:Alternative != replacement

[jroysdon]

My family all know if they email me HTML they get an auto-reply that tells them it has been deleted and to send without HTML. Some complained at first, but anyone who wanted to email me complied.

SpamAssassin works for me 99% of the time. Anyone who I already know is never blacklisted (but like I said, HTML doesn't get through as I don't use an HTML-capable email client), and I don't see spam. The 1% of folks that are flagged with false-negatives will just have to try again (they weren't that import to begin with since they weren't in my address book).

Re:Alternative != replacement

[Shackleford]

For those of you saying "just improve your filters," (1) give me a filter that can parse an HTML message containing only an image to determine whether it's spam or not (no, you can't reject all HTML mail or mail with attachments, if my brother drags-n-drops a picture of my nephew and clicks "send," I want to receive it), and (2) figure a way to keep the message from being delivered until that determination is made. Post-delivery filtering doesn't solve the bandwidth/cost/traffic problems.

Well, it's been said many times before: Spam filters are not perfect. Some spam just has a way of getting by the filters and there's the even worse problem of false positives. But filters tend to be effective, and their lack of perfection gives room for improvement. And we should continue to seek this kind of improvement.

So anyway, as for how to deal with an HTML message that contains only an embedded image, it should be noted that the subject line and the information on the sender can give away some useful information to the filter. Also, my understanding is that messages that contain nothing but HTML (IMG tags in particular) tend to be spam. So this kind of message you describe would likely be assigned a high "spam score." Shouldn't there be at least some text in the body of the message?

So if you want to send an image by e-mail, it may be best to send it as an attachment. If you receieve an e-mail from an unknown sender with any attachment, you shouldn't open it. And isn't it a better idea to send images as attachments? I find it more convenient for the recipient that way.

So in a nutshell, my take on spam filters is that they can be effective, but only one part of the solution to the problem of spam.

No, No, No

I'm sick of reading proposals (often from industry profit-seeking types) who want to put a paid-for "stamp" or similar "token" on email. (I'm talking generally, though---yes---I did read this paper)

It looks attractive logic:

1. Lots of people use email
2. We offer a system which will beat spam at a cost---our 'trusted 3rd party' or whatever---but only if people who use it can't talk to anyone else, so everyone has to use it
3. Profit.

This is NOT the way forward on spam. Nor, realistically, is anything which re-writes the rules for email. People like editing headers. In fact, if it weren't for spam, people like email as it is---period.

The way forward seems simple:

smtp servers should start requiring genuine users to log in. (though rarely used, there are smtp systems which allow this, and most major clients---yes even the MS ones---already talk to these servers and have done for years)

servers which don't should quickly find their way onto blacklists.

(I shall leave the exact way these blacklists should be used as an exercise for the reader)

Simple. Low cost. Not a business model; but a clear solution.

Anyone want to start writing to ISPs?

Sounds an awful lot like kerberos

[lkaos]

How is this any different from having a global kerberos server that everyone authenticates to and then includes a signed checksum of the email message using ticket data.

Almost sort of sounds like.... Passport!

The rose doesn't smell so sweet when it bears the name Microsoft does it?

Why is it that when some chick and dude get some stupid idea to make them famous, spend $50 bucks on a domain name, and post a website, /. has to carry it?

Next

Re:Sounds an awful lot like kerberos

Why is it that when some chick and dude get some stupid idea to make them famous, spend $50 bucks on a domain name, and post a website, /. has to carry it?

Assuming that the preceding refers to Lauren Weinstein and Peter G. Neumann, check out this hot picture of the "chick" on a motorcycle. If you want to use it as your desktop background, here's a larger version.

In any case, my point is that your personal attacks on the authors are inappropriate. You obviously don't know either of them (or more importantly, their backgrounds). Limit your critique to their proposal.

Re:Sounds an awful lot like kerberos

Sounds an awful lot like kerberos (Score:0)
by Anonymous Coward on Thursday May 08, @04:30PM (#5913332)
How is this any different from having a global kerberos server that everyone authenticates to and then includes a signed checksum of the email message using ticket data.

Almost sort of sounds like... Passport!

The rose doesnt smell so sweet when it bears the name Microsoft does it?

Why is it that when some chick and dude get some stupid idea to make them famous, spend $50 bucks on a domain name, and post a website, /. has to carry it?

Next

feeds

[SHEENmaster]

Many apps and distros offer multiple feeds.

A good example of this is the Linux kernel, those who want everything to work perfectly can use the stable(2.4.x at the moment) feed. Those who want the latest cutting edge features can use the unstable(2.5.x at the moment) feed.

Stable feeds are only updated to fix bugs and get no new features, so it doesn't have anyone introducing new bugs.

Re:feeds

[cperciva]

The 2.4.x kernel -- isn't that the "stable" kernel which had a complete VM subsystem change and two filesystem corruption bugs?

Stable trees might *theoretically* only include bug fixes, but in practice they tend to have rather more than that.

Sounds an awful lot like kerberos

How is this any different from having a global kerberos server that everyone authenticates to and then includes a signed checksum of the email message using ticket data.

Almost sort of sounds like.... Passport!

The rose doesn't smell so sweet when it bears the name Microsoft does it?

Why is it that when some chick and dude get some stupid idea to make them famous, spend $50 bucks on a domain name, and post a website, /. has to carry it?

Next

Sounds an awful lot like kerberos

How is this any different from having a global kerberos server that everyone authenticates to and then includes a signed checksum of the email message using ticket data.

Almost sort of sounds like... Passport!

The rose doesn't smell so sweet when it bears the name Microsoft does it?

Why is it that when some chick and dude get some stupid idea to make them famous, spend $50 bucks on a domain name, and post a website, /. has to carry it?

Next

Discussion is good but SMTP != SPAM

[Durendal]

It is great that folks are taking this issue more seriously but how is improving the protocol for sending email going to deter spam? This seems analogous to discouraging annoying speech by changing languages.

On a fundamental level. Economics drives SPAM. People send it because they are making money. The most efficient way to stop SPAM is probably just to render it unprofitable somehow.

Developing a new solution is usually the best way to fix technical problems. But this is really a social/economic problem. New protocols, hardware, and software can make the environment less hospitable to SPAM but I doubt they will be an effective use of resources.

Re:Discussion is good but SMTP != SPAM

[RedHat+Rocky]

SPAM is economical. Why? At the most basic level, because it is largely anonymous.

What's the ratio of SPAM-friendly ISPs to SPAM-targetting ISPs? Pretty low. So, how do spammers keep getting away with sending SPAM? Because it's nigh impossible to trace real SPAM (fraudulent headers and such) back to the actual sender.

This is what needs to be addressed (anonymous or fraudulent senders) and it is a technical problem, not a social one.

Re:Discussion is good but SMTP != SPAM

[Durendal]

Very true RH, SPAM is hard to trace back to a responsible individual. However, a bullet proof protocol for identifing the email's source is only going to get you an account name. How do you connect that to a person?

I think the average commercial SPAM operation is not above giving a fake ID to the ISP that hosts them today. I truly believe the motivation not the implementation is the problem.

I am not so sure anonymous email is such a bad thing. Anonymous Coward is a pretty big contributor here. Does A.C. need to be addressed?

Re:Discussion is good but SMTP != SPAM

[RedHat+Rocky]

With a solid lock on the source of SPAM (and by that I don't just mean an id at an ISP, I mean Joe Blow, 123 ISPAM Way, Areest me Here), it becomes easy to reject any messages from that source.

Anonymous is a hard issue. Personnally, I don't feel Freedom of Speech implies anonymous speech, I tend to believe a person should be responsible for their speech or shut up. Anonymous speech by definition means not being responsible for the speech. However, I suspect my position is mainly because I've never been in a situation that called for anonymous speech. Tough call there.

Sounds good, but...

[Shackleford]

There are a number of problems with this idea, which may at first seem to be the ideal solution to problems plaguing e-mail. Some have suggested that something along these lines be done, and PFIR only seems to be the latest to make these kinds of suggestions. So what are the problems with it?

• The whole idea of replacing e-mail protocols to solve this problem is nothing new. In fact, replacing protocols is something that has often been suggested, but it is not so easy to just replace them. For example, when will IPv6 ever take off?
• It said that all e-mail would be encrypted by default. I believe that the FBI and any other organizations that have been wanting to monitor as many communications as possible would have a problem with this and try to stand in the way of it.
• As it has been said many times before, Internet protocols were designed for a time that the Internet was more open and not inundated with malicious individuals. Well, as with all software times change, and so do requirements. Why go through all the trouble to come up with so many changes to the Internet infrastructure when more changes will be needed in the future? And won't spammers be able to circumvent whatever is in place for spam prevention? I don't believe I need to tell you how persistent spammers can be.

  So I would say that we simply use what we currently have to take on spam and encrypt e-mail. Just a few thoughts...

Re:Sounds good, but...

[RedHat+Rocky]

Everyone keeps using IPv6 as the ugly poster child.

Well guess what? I've heard more and more about IPv6 the last year. More and more projects are including support for IPv6. The ball has to at least be there before it can start rolling.

"If you build it, they will come."

Re:Sounds good, but...

[Anonymous+Canard]

And won't spammers be able to circumvent whatever is in place for spam prevention?

In this case, yes. The system described relies on downgrading people with certificates who abuse their privelege and send spam anyway. The gap in time between when they start sending spam, and when their certificate is downgraded presents the same problem that double spends do for e-cash, but in the case of spammers, nifty techniques for revealing the identity of the double spender are irrelevant; the merchandise (the delivery right of email) has already been received and consumed a thousand fold.

Fixing the incentive behind spam is an enormous and intractable problem, and this 'solution' gets no closer to solving it. Indeed the distinction between this and PKI is minor as far as I can tell -- it merely transfers the signature before the content thereby allowing the MTA to reject the message before the entire message has been received. If PKI were the solution to spam, then it would long ago have had an effect.

SMTP login not enough

[mdfst13]

The biggest reason why SMTP servers don't make users login is that it wouldn't matter. So long as *any* computer on the internet is authorized to send email as me, it doesn't matter if the one server that I actually use requires a login (particularly since most spam does not originate with a legitimate mail server; instead, it is sent by spam software using open relays and proxies).

In order to make this work, we also have to come up with a way of verifying the server (blacklists aren't enough; open relays and proxies get blacklisted now; spammers just switch machines). What I would suggest is adding a new type of record in DNS (call it an SMTP record for now). This record would verify that a particular IP is allowed to send email for the domain of the sender. This would eliminate the effectiveness of open relays and proxies. To get mail through, spammers would have to reveal their identity.

Note that this system still does not require any special certificates, just enhancements to what already exists.

Discussion is good but SMTP != SPAM

It is great that folks are taking this issue more seriously but how is improving the protocol for sending email going to deter spam? This seems analogous to discouraging annoying speech by changing languages.

On a fundamental level. Economics drives SPAM. People send it because they are making money. The most efficient way to stop SPAM is probably just to render it unprofitable somehow.

Developing a new solution is usually the best way to fix technical problems. But this is really a social/economic problem. New protocols, hardware, and software can make the environment less hospitable to SPAM but I doubt they will be an effective use of resources.

Excellent start?

[taustin]

No, stupid idea. And there's no need. The war on spam is being win, not lost. Spammers are increasingly desperate. They're now resorting to outright criminal cracking, writing worms to send spam through. They don't do that because open relay raping is working.

Re:Excellent start?

[JuggleGeek]

The war on spam is being won? Then why am I getting more spam now than ever before?

The fact that you post nonsense doesn't make it true.

The ultimate email fix

The best way to solve email problems is buy having the email hosted on the users server that sent the email. The email would essentially be a link to the users server with the option of opening it. If spammers had to host and maitain the traffic of incoming users they would crumble.

Re:The ultimate email fix

[eufaula]

to build on what you stated, Dan Bernstein (of qmail fame) pondered on this a few years back. his website http://cr.yp.to/im2000.html makes a few of these observations. he also has a mailing list about this very subject. interesting concept -- i'd love to see something like it implimented. it would really make life for a spammer difficult, which is a "good thing(tm)"

The Simple Solution...

[radulovich]

Is not to reinvent the protocol. Spammers will disappear if nobody reads their spam (because it will be too ineffective, even at a cheap price).

The better solution is simple - let me rate the"trustworthiness" of the sender who sends me email and sort it appropriately. I can add all my family and friends to the "explicitly trusted" list. Then, the server can allow for an option such as "possibly trusted", which might include all emails from the same domain I'm in, or from domains I specify (e.g. *@mit.edu).

All other email will be tagged as "untrusted". Now, I can set my email browser to color code them, simply ignore them, or set a rule for each category. Yahoo! already does this, showing a smiley face with the emails that come from people in my address book

This can be done simply, and without rewriting any protocols. Beware people who want to reinvent the wheel to gain profit when there is no need. "Pit certification" is unnecessary, and too costly.

-Mark Radulovich, CISSP

Re:The Simple Solution...

[.@.]

That's exactly what I propose here.

Re:The Simple Solution...

[RedHat+Rocky]

This solves nothing. Filters accomplish this and more already.

A. Nothing validates the whom the email is from, using that info is dubious at best.

B. You still accept the email in the first place, which is the REAL problem that filters currently don't solve.

Re:The Simple Solution...

[radulovich]

That's the point - the sender address doesn't need to be validated. The odds that a spammer will use a friend of yours' email address to send spam to you is zilch. That is the *only* way spam would get through your filter.

And even if they did, they are breaking laws in every modern (and even some not-so-modern) country.

The internet is organic, and as a result, there will be inefficiences. But just imagine a ddos attack on the pit servers. *All* email would stop. Not my idea of fun.

-Mark

Re:The Simple Solution...

[RedHat+Rocky]

Are ONLY your friends going to be on your trust list? What about all the other email people receive, mailing lists, popular newsletters, so and so forth?

And it still doesn't answer the "don't accept the email in the first place" requirement. Still just a filter.

I agree with you about PIT, it would be very bad UNLESS properly implemented. Take DNS as an example of a system that can survive a massive DDOS, though DNS is suffering from adminstrative blockage these days (13 root servers? Why not 13,000?), but I digress. :)

Re:The Simple Solution...

[radulovich]

No -I would add all of the email addresses from which I receive email, including amazon, mailing lists, and so forth. Also, my email server could automatically add the email addresses of anyone that *I* send email to as well.

[One example is Novell Groupwise, which we use at my work. It automatically adds the email addresses of anyone to whom I send email to "My address book". This is completley automated (I'm sure other email programs do this, but I've used Groupwise for so long that I can't remember the others). ]

I do agree with you about accepting email in the first place (it uses disk and network bandwidth), but setting a rule minimizes that issue; I could (depending on my preference) keep the untrusted email indefinately, delete it immediately, or some thing in between (like Yahoo! does with "bulk mail").

As for the DNS solution, I thought about theat, and had to read through the Tripoli doc twice before I posted my first response. Tripoli will certify *every* email, and that requires an OLTP style architecture, and will therefore not be cacheable. Yes, you could set up 13,000 servers (heck, google already does that), but what I'm more concerned about is this: What does a person gain from using PIT over my suggestion? A little, sure, but very little. In fact, my suggestion covers almost all cases. Better yet, we could use PIT to overlay on my suggestion, and then have another email class - "trusted AND verified". Note that PGP and other products effectively do this already (through PKI), albeit with a clunky interface.

My guess is that hospitals, banks, and legal workers (courts, lawyers, judges, FBI, etc) will be interested in that, but for everyone else, it would not be worth it.

-Mark

Re:The Simple Solution...

[master_p]

Another simple solution is to keep two e-mail accounts: one for "serious" use, i.e. contant only people you know, and one for all the other jobs, i.e. signing up etc. Personally, I have done this and I don't receive any spam in the 'serious' e-mail account. On the other hand, the other account is flooded with spam, but it takes 2 seconds to look if anything interesting has come up: usually I delete everything received in there, by just pressing Ctrl+A then Delete.

Possibility and probability are not the same.

[FreeLinux]

Of course it is possible but, the probability is very low, in my opinion. It is already possible for most modern mail clients to automatically encrypt and decrypt mail, making them secure. Yet very few people use PGP or S/MIME. It is already possible for most MTAs to use SSL and/or TLS to encrypt their communications, yet most still do not use this feature. It is already possible for most POP3 and IMAP4 servers to encrypt their communications using SSL and/or TLS as well as having four or more secure authentication options available, yet most still do not use this feature.

It is possible to redesign and rebuild the email infrastructure of the internet in such a way as to completely eliminate spam and forged addresses, it is howeber improbable that good old insecure and vulnerable SMTP will be abandoned. Prior to the internet and standardization on SMTP, there were many secure mail systems around the world. There was also an inability for them to communicate with each other. This is the problem with a new system. In order for it to work and for email to remain a useful tool, everyone will have to switch and everyone will have to do it at the same time. This is highly improbable.

Stupid Administrators

[sirket]

-Begin Rant-

The problem with spam is simple: the old rule that we should be forgiving about what we accept and strict about what we send.

We could wipe spam out, or at least render it controllable, if we simple required proper DNS entries (A, MX, PTR) and proper server configuration (HELO information, etc.)

Unfortunately, every Tom, Dick and Harry feels it is his god-given right to run a mail server despite having ABSOLUTELY NO IDEA what is required to run one. The sheer number of people without postmaster and abuse accounts is astonishing and both are required. The sheer number of people without matching forward and reverse DNS entries is astonishing. The number of people who call their server "Blah" and then put in a DNS entry for "mail" without an entry for "Blah" is amazing. Although this last part is not required by the RFC's, why on earth should I have to look through my logs and see "Blah" when there is no DNS entry for it? How am I supposed to troubleshoot?

Oh well, I give up.

-End Rant-

Re:Stupid Administrators

I agree 100% with what you've said. I am able to stop all but the last fraction of a percent of spam by following the rfc's you allude to. The problem is some large ISP's don't know how to configure their network properly, forward and reverse lookups not matching for one. People trapped in one of those ISPs will either suffer or some MTA admins will loosen up and allow spam through in the interest of unfettered communication.
Between selling out to spammers and not properly configuring their own networks ISP's are the problem, not the solution.
The solution is clue-by-four, start with the ISP's.

Re:Stupid Administrators

[dwsauder]

The problem with spam is simple: the old rule that we should be forgiving about what we accept and strict about what we send.

We could wipe spam out, or at least render it controllable, if we simple required proper DNS entries (A, MX, PTR) and proper server configuration (HELO information, etc.)

Do you work for Microsoft? :-)

Seriously, at the FTC's spam forum last week (I was there), the representative from Microsoft was asked to discuss their talks with AOL and Yahoo about controlling the spam problem. (You remember the big splash they made about these companies agreeing to work together.) Anyway, the Microsoft Veep mentioned exactly this step as a first step. Also, these companies are likely to share information about subscriber sign-ups, in the hopes of preventing spammers from signing up for many accounts at a time, all for the purposes of sending spam. I'm not sure exactly how they would do this, but it is supposed to be like the way credit checks are done. I think they just check that a subscriber isn't using the same credit card number over and over again.

I was especially glad to hear that Microsoft favors incremental steps toward solving the problem, and verifying sending hosts with reverse DNS look-ups is just such an incremental step.

Re:Stupid Administrators

[sirket]

I only partly agree because the MX records are for hosts that receive mail. Not everybody sends and receives from the same hosts, and no, it is not a good idea to create MX records for your senders (even with a low preference) because people will attempt to send mail to them.

Per RFC 1912, Section 2.5:

"It is a good idea to give every host an MX record, even if it points to itself!" and: "Put MX records even on hosts that aren't intended to send or receive e-mail."

The point here is that every host should have an MX record. These records should either point to the host itself, or the mail exchanger for the domain (This is not required though: See RFC 2821, Section 5: "If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host.)

An outbound relay should have an MX record pointing to the mail exchanger for the domain if it does not want to handle it's own inbound email.

Also, to be fair, I never said a host had to have a valid MX record. A host need only have a valid A record and PTR record. The sender domain, however, should have a valid MX record or mail should not be accepted.

My main complaint, however is with EHLO and HELO information. Per RFC 2821, Section 3.6:

"The domain name given in the EHLO command MUST BE either a primary host name (a domain name that resolves to an A RR) or, if the host has no name, an address literal as described in section 4.1.1.1."

The number of hosts that fail this check is truly remarkable.

-Sirket

Re:Stupid Administrators

[kindbud]

The sheer number of people without postmaster and abuse accounts is astonishing and both are required.

"Required" by what? A few RFCs? Those are, in case you didn't know, "Requests for Comments." They are not rules. There is no enforcing body. Compliance is the thing to do if you want to get along. If you don't care about getting along, the RFCs have no arguments or sanctions to make against you.

Re:Stupid Administrators

[sirket]

"Required" by what? A few RFCs? Those are, in case you didn't know, "Requests for Comments."

Is that what RFC stands for? Wow, thanks for telling me!

They are not rules. There is no enforcing body.

The Internet itself is the enforcing body. If you want to break the rules that everyone else has agreed to play by, then the rest of us are free to deny services to you. I (along with AOL, Yahoo, Hotmail, and a number of major corporations) have all decided to start enforcing the RFC's. You have two choices: a) Not send us anything or b) get your act together and start playing nicely. Given your post, I suspect you will choose the former.

Compliance is the thing to do if you want to get along. If you don't care about getting along, the RFCs have no arguments or sanctions to make against you.

If you don't want to follow the RFC's you might as well invent your own email protocol. In the end, the choice is yours. I'll be sure to submit your domain to rfc-ignorant.org so those of us who play nicely won't have to deal with your email though.

-sirket

Re:Stupid Administrators

[kindbud]

I was responding to your apparent attitude that the way to ensure compliance is to wave around a bunch of unenforceable rules that aren't even rules. Your use of the word "require" in your O.P. is what I was speaking to. You simply cannot REQUIRE compliance with voluntary conventions embodied in "Requests for Comments." So waving them around like they are some kind of penal code gets you some chuckles, and not much else.

Adopt opt-in: Proven and perfectly constitutional

[D4C5CE]

Last week at the FTC, many of the "experts" advocated sticking our heads in the ground though the sandstorm of spam grows ever stronger.

Now we are told once more that the best cure against spam should be to reinvent something to replace the tried-and-true eMail system of decade-old reliability, just because some sociopaths apparently cannot learn to behave without getting a spanking (or jail time) and U.S. privacy laws are still too weak to stop the spam.

And after all the years that spam has plagued the networks, that's quite a poor achievement for a nation that managed to outlaw junk faxes, and had confirmation from the courts that regulating advertising does pass constitutional muster perfectly well:

"Nothing in the Constitution compels us to listen to or to view any unwanted communication, whatever its merit... We therefore categorically reject the argument that a vendor has the right under the Constitution or otherwise to send unwanted material into the home of another... We repeat, the right of a mailer stops at the outer boundary of every person's domain."
Supreme Court
Rowan v. U.S. Post Office
397 U.S. 728

Subsequently, numerous decisions have also made it crystal clear, over and over again, that neither the First Amendment nor the Dormant Commerce Clause are an obstacle to outlawing electronic spam, by fax or any kind of eMail.
Nor is it at the expense of any legitimate business. Industry itself can't stand the spam anymore.

This is not about "lawmakers never knowing enough about the Internet to regulate any aspect of it in a meaningful way", it's about doing something to prevent imposing compulsory changes to technology that keep fighting the symptoms rather than the cause.
Congress should get over such shameful cowardice and make the simple law that's needed and proven to work.

There is no need to re-engineer the Internet.
There is no justification for widespread surveillance and data retention under the poor excuse of trying to track down spammers.
There is no risk of banning mailing lists or commercial eMail.
There is no doubt what the sociopathic behavior is.

All that is needed is mandatory opt-in for unsolicited bulk eMail (encompassing all kinds of electronic messaging).

And yet some self-proclaimed "experts on electronic advertising" (whose only merit probably is that they know how to spam because they've done it a trillion times at everyone else's expense) keep pretending that opt-in wasn't legal, or feasible, or desirable.

Opt-in works, and it does not hurt anyone but the spammers.

Europe has adopted it, Australia is adopting it (how far behind do you want the U.S. to be, are we to wait for China to outlaw spam before the U.S. will?!), but most importantly the USA have successfully adopted it themselves against junk faxes.

There's probably something wrong in Washington D.C., and the news media in general, when the most insightful newspaper article on the issue comes from USA Today.
Be sure to fax or eMail it to your congress(wo)man though.
Don't spam them, but do attach some selected masterpieces of spam if you think they need an idea of what ends up in the inbox of their constituents, and of their children, 9 billion times, every single day.

It has always struck me

[Neophytus]

Have the SMTP amended so that MTAs perform a DNS check on the previous server, and if it doesnt match correct the header. With guarenteed un-forged headers then at least reporting will be a hell of alot easier.

Re:It has always struck me

[RedHat+Rocky]

In my experience, most MTAs that matter already do this or at least record the connecting IP, not the hostname. sendmail I'm pretty sure usually warns the hostname is bogus.

qmail, of course, doesn't care what the hostname is.:)

IP spoofing is still a problem of course.

Re:It has always struck me

[Lord+Ender]

My SMTP server has multiple DNS names pointing to it. If I send spam from name A, and it reverse-dns's to name B, then my mail doesn't work? Count me out.

If you did it the other way around (looking up the IP from the DNS and seeing if they match) that would help, but what about joe random DSL customer running his own SMTP server? Can't stop that.

Re:It has always struck me

[Pierce]

IP spoofing could easily be stopped, if ISPs cared to do so. All they would have to do is check the IP addresses on the inside of their network against the ranges that are supposed to be used. Ingres and egress filtering is already supported in probably all routers and firewalls to do this.

http://www.sans.org/rr/sysadmin/egress.php

Re:It has always struck me

[RedHat+Rocky]

I agree, it SHOULD be easily stopped. But then, open relays should be easily fixed as well.

*sigh*

We just can't win, can we?

Re:It has always struck me

[Pierce]

If I were an ISP I would not allow someone to run their own mail server directly on the Internet. Either their mail gets filtered through my system, or it does not get out.

This way the ISP can ensure the mail complies with the AUP and attacks against the mail server are filtered. I do not trust a home user with a DSL modem, even a technical one, to keep their system patched or configured securely.

Re:It has always struck me

[Lord+Ender]

So you are basically saying only companies should be able to run servers. I don't like that. The internet should be fore the people, on equal ground. All nodes should have equal rights and abilities limited only by their bandwidth. There should be no AUP. Upstream providers should pass anything that comes their way, and sniff none of it unless there is a search warrant.

I am not just a 'consumer' of the internet. It is not a 1-way tv station. I am a contributer like anyone else. You like ISPs policing and enforcing AUPs? Well how would you like it if your phone company listened to all of your phone conversations, told you who you were allowed to call, and what you were allowed to talk about?

Re:It has always struck me

[kruhft]

I recently finished writing a drop in replacement for qmail-smtpd that did just that plus a load of more checks. Google for 'magic-smtpd' if you're interested.

Re:It has always struck me

[Pierce]

Totally different; I am not talking about limiting what people talk about.

By having the individual's email pass upstream through a proxy maintained by the ISP it does not imply that the ISP will be monitoring the traffic. If they want to encrypt their data, fine.

What this would allow is for the ISP to block things that are known to be malicous or account for the use of the network. If an individual wanted to be personally liable for the use of their system and keeping it secure, then I would be all for having it directly on the Internet.

But if they are not willing to be personally liable, which I think the ISPs should be held to as well, then they should be behind someone that is.

The problem, IMO, with letting most people directly on the Internet is that they are clueless about security. I don't mean installing a firewall, anti-virus and/or IDS; I mean using and configuring a system so that you actually know what is suspicious behavior and when it happens.

As to wether I like ISPs policing and enforcing AUPs...ABSOLUTELY!!!! I actively work with law enforcement on computer crime investigations and unless you want the police to be actively policing the networks (think Carnivore) then the ISPs are going to have to do something.

I think the difference in view is largely based on how we view the nodes on the Internet. I do not view them as part of a "TV station," I view them as a potential weapon.

Re:It has always struck me

[Lord+Ender]

You like AUP because it makes your job easier. A phone is a potential weapon. You could call people and harrass them with it! The only solution is to make a telephone AUP where you can only call business or certain people durring certain times of the day. And the ISPs would enforce this AUP by listening to what you say on the phone and by disconnecting (firewalling) some calls. A phone is a potential weapon. I work at an ISP and I think the AUP we enforce (which includes having some of our users arrested for copyright infringement) is very idealistically flawed. Of course, it hasn't been estabilished that an ISP is a dumb carrier, like a phone company, so this AUP crap and self-policing continues. I am sure it would make the jobs of other cops easier if phone companies could tell you who and when you could make calls. That doesn't make it right.

Re:It has always struck me

[Pierce]

I like AUPs because it establishes what the rules are; without those rules what do we enforce?

While it would be nice to live in a fairly tale world where everyone plays nicely with each other, it's just not going to happen any time soon. When one person has a complaint with another person, who do you think they are going to go to if it is a serious issue?

There are "AUPs" for phones; try dialing the White House or 911 and then hanging up. Or call a bomb threat and see how many people think it is funny.

These do not require the active monitoring of each call, but it does require that the calls be traceable and logged. Which is one of the big reasons for having a home user route their traffic throug an ISP proxy; accountability.

Re:PIT/PCA Questions

[michaelhood]

Heh. It'll be just like buying a cert for your SSL server, the big boys (Thawte and crew) will get hardcoded into the big clients (Outlook and crew). Others' email, who generated their own secure key (even with PKI) will generate a dialog in the big clients telling you its not safe, or it'll just drop it as spam. Here we go.

Re:Adopt opt-in: Proven and perfectly constitution

[RedHat+Rocky]

It's easy to pass legislation to forbid something.

Enforcing it, however, is a whole different kettle of fish.

Perhaps you recall a small part of US history called Prohibition?

SPAM ( and I refer to fraudulent headers, abuse of open relays here as SPAM) is already breaking the law, it's called Fraud.

Opt-In means nothing unless you have a means to detemine whom is breaking the law. The real problem is tracking SPAM back to the source, which is a technical problem, not a legislative nor social problem.

The PIT tokens seem too liable to help Big Bro....

[gte910h]

I'd prefer challenge response to that.

Re: IPV6 vs. "SMTP2"

[gorbachev]

I think there's a fundamental difference between the problems IPV6 is trying to solve and what any "SMTP2" solution is trying to solve.

IPV6 will solve the underlying problem of running out of IP space.

"SMTP2" would NOT solve the spam problem, because it's not a technical problem, IMHO. Spammers would move over to "SMTP2" eventually. They'd just have to find that one little flaw or feature and they'd be back exploiting it like they're exploiting weaknesses in SMTP now.

If widespread adoption of "SMTP2" takes anywhere near the amount IPV6 adoption is taken, it's not going to work. Spammers would have 5 years to study the new technology and develop solutions to get their crap across the new protocol.

By the time "SMTP2" is in place and used by everybody, the spam problem would no longer be what it is now and we'd be back in the cat-and-mouse game with spammers and their spamware techniques.

All the "SMTP2" solutions I've seen would make normal Email communication between non-spammers much more difficult. I think that's something that should be avoided, even at the cost of not solving the spam problem using technology solutions.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death.

The ugly truth about poor similes

Are we going to end up with another debacle like we have now for secure websites, where Certificate Authorities like Verisign and Thawte charge hundreds of dollars every year for a certificate and free certificates set off more alarms than a than a Great White concert in a gasoline-soaked tent?

Perhaps I take offense too easily to words like this, but there has got to be a better way of discussing the current state of security certificates other than making an offhand reference to a tragedy less than three months ago that killed 100 people. Your post is otherwise well thought out and valuable to this discussion.

It's a shame that seemingly all the time people joke about or take lightly incidents like these. Taking an event like the Columbia disaster or the West Warwick, RI, fire and including it in a typical Slashdot discussion (e.g. how to combat spam, Windows vs. Linux, etc.) does a create disservice to those who perished in that event. Alas, nothing, not even life and death, seems sacred these days...

Re:The ugly truth about poor similes

[WTFmonkey]

I thought that line was funny as hell. There is *nothing* that a good, well-told joke can't make funny (See George Carlin-- "Rape can be funny. Porky Pig raping Elmer Fudd")

Oh, well, you don't like dead baby jokes, either.

Re:The ugly truth about poor similes

[fmaxwell]

Perhaps I take offense too easily to words like this

You do.

It's a shame that seemingly all the time people joke about or take lightly incidents like these.

People make jokes to ease the pain of tragedy. When the Challenger Shuttle exploded, I was grief-stricken. Jokes about it were how I, and others, coped with it in the weeks the followed.

Your post is otherwise well thought out and valuable to this discussion.

Thank you. It's all too easy for people to criticized and a refreshing change to see someone take the time to say something positive.

By the way, you might want to consider reading a book like The Courage to Laugh: Humor, Hope, and Healing in the Face of Death and Dying. It might put the issue of humor in the wake of tragedy into clearer focus.

Re:The ugly truth about poor similes

[toonrmeusa]

I think you're missing the point about using humor to deal with death. Someone you love dies, you make a joke that makes you laugh and alleviates the pain a little. Someone you love dies, and I (a complete stranger) make a joke about it, I don't think you would feel so good. There's a reason why AIDS and Holocaust jokes aren't more popular. And, no, I don't know anyone personally who died in the West Warwick fire (I am from RI), but I do try to respect the memories of those that died (and are still dying).

Re:The ugly truth about poor similes

[fmaxwell]

I think you're missing the point about using humor to deal with death.

No, I'm not. Humor is used to deal with death on a national level as well as a personal one. Why do you think that the most popular issue of The Onion ever was the post September 11 issue?

As an article by Ed Perkins said:

Slowly, a nervous nation got on with the business of daily life in the twin shadows of anthrax and the war in Afghanistan. As they are wont to do, the political pundits coined post-9/11 life as the "new normalcy."

But no one was laughing.

Thankfully, on Sept. 26, the irreverent satirists at a popular web site called The Onion broke the ice.

Since this is a family column, I won't repeat the title of the Onion's tongue-in-cheek report on 9/11. Let's just say that these guys had the chutzpah to say out loud what we all were thinking.

The Onion's outrageous humor set us free. As word got out, you could hear the belly-laughs from coast to coast -- along with the much needed sighs of relief.

Humor is a natural, normal, and appropriate way to deal with tragedy -- whether a personal tragedy or one felt by millions.

There's a reason why AIDS and Holocaust jokes aren't more popular.

Chapter 8 of the book I linked to earlier: AIDS Ain't Funny--Or Is It?

Acceptance

[First_In_Hell]

Spam cannot be destroyed. Spam is like AIDS, everytime we try to come up with an effective way to combat it, it mutates into another form and renders the previous mutation's antibody a moot point.

We just have to accept the fact that we have lost the war with Spam and learn to live with it in our daily lives. I have, and am a lot better for it;

I have learned over 400 ways to refinance my house, increased my penis size by 5 times, heard from lots of hot slutty girls that want to hang out with me, Cured my erectile dysfunction disorder, saved money on Norton Antivirus, and will become a millionaire once I mail out the five letters stuffed with a dollor and my name at the bottom of the list.

There is a lot of good information out there that I have benefitted from and I did not even have to leave to my house! I even forward all of the good opportunities I receive to all of my family and friends.

Shut yer squeel hole, or suggest something better.

Does something need to be done? Latest numbers I've heard are that 40% of email are spam. I would say something needs to be done.

Current filters may work somewhat. Some may have tuned them to work very well. Two problems. Most people are not smart enough to "tune well", and even with filters, the messages are still usually delivered and stored in a holding pattern for retrieval in case filters are too tight. Again, the less knowledgeable will not check their holding area enough, and admin overhead will increase.

Unless we start allowing the UN to write and enforce laws over the planet, legislation will not work. Spammers will move offshore. Currently, spammers can move out of state and avoid prosecution in the states that currently have laws.

I also do not agree with the "fee" solution.

While this recommendation does have it's problems, I see no one suggesting a better alternative. Yet. Hopefully someone will. This is similar to a solution a friend and I zeroed in on, except we thought to keep smtp, with user and /or server PK signatures automagically added along the way. Initially, clients could be configured by users to reject message that don't have the credentials the recipient requires, but eventually the server would reject unsigned messages, and signed messages that did not come from the server that supposedly signed them.

The problem of distributing keys is troublesome. But, there are many smart people reading and/or thinking about this. If instead of throwing our hands up and saying there is no solution, and more people thought about it, maybe something could be done.

A better approach...

[.@.]

is one based on peer-maintained and user-maintained trust. I have written the outlines for such an approach.

Great!

[tds67]

Now we can have SECURE spam!

Re:Great!

[tds67]

That was the most idiotic post I've ever seen.

Re:Great!

[tds67]

Yeah, well at least I don't post replies to myself, dumb ass!

Re:Stupid Administrators - DNS and SMTP

Have you considered that DNS is often controlled by people who don't control SMTP?

Example: ISP ownes the IP and give you 1 IP for your SMTP server.

Or if you have multiple switched internet links for redundancy? Link goes down - you switch IP's to route around problem (switch providers)... but you can't force DNS cache to instantly update.

Also consider clusters. What if you have 3 machines, which need their own name for hardware management, but they are all acting as a single mail exchange host? Yes, I know about multiple MX records - clustering solves other issues. You can combine clustering + MX records.

Bottom line: It costs extra money and time to get your own block of IP Addresses and properly manage DNS. AOL can do it, but so what? Why lock out the small mail servers of the world just because they don't have reverse DNS?!

Mail comes into my USPS mailbox in front of my house. The "FROM:" server does not have to exist to come to the TO: location.

Yes, SPAM is a problem, but quit blaming protocols and technology with the issue is the small percentage of e-mail users who are _sending_ the spam.

RoundSparrow

Re:This is a total dead end. -Not necessarily

[freeze128]

Why would it fail? Look how quickly some existing protocols have been adopted.... Such as ICQ, AIM, Gnutella. Are there alternatives? Of course. You could use IRC instead of ICQ or AIM. You could use FTP instead of Gnutella.

The people (sometimes just one person) who developed those protocols and standards didn't say "It will never happen".

Why Self Quoting???

[thrillbert]

...blah...blah..."they've become a hopeless nightmare for users and ISPs alike," said Weinstein

...yiddy...yaddi..yadda..."These problems are getting more severe every day," said Neumann

"Aren't these two people PFIR?? If so, why are they quoting themselves?!?!?" Said thrillbert.

---
I often quote myself; it adds spice to my conversation.
-- G. B. Shaw

Re: IPV6 vs. "SMTP2"

I think you misunderstand. Certificate-based SMTP is not designed to eliminate spam.

It will make anti-spam techniques easier by allowing people to keep more reliable block lists with less 'collateral damage'.

The other nice side-effect of "SMTP2" is that it solves the open relay problem indirectly by legacying all of those old misconfigured servers with no administrator.

Sorry, encryption isn't a solution for spam.

[Greger47]

From their webpage:

A key aspect of the Tripoli environment is the concept of a third-party certified, encrypted authentication token that would be cryptographically linked with every e-mail message. Within the Tripoli architecture, this token is referred to by the acronym "PIT" (Payload Identity Token, henceforth referred to as "Pit") and is at the core of Tripoli.

It is anticipated that all Pits considered acceptable by the vast majority of all Tripoli-compliant software user would be digitally signed by one or more designated, trustworthy, third-pary authorities who would be delegated the power to certify the validity of identity and other relevant information within Pits.

This doesn't add anything that S/MIME or PGP singed mail doesn't alrady do. And it will fail for the same reasons, putting the public key infrastructure in place is prohibitive.

It worked for https at the expense of creating the VeriSign tax, but the number of https enabled websites are few compared to the number of people using e-mail.

Ofcourse, if we bend over and hand over our e-mail to VeriSign we might finally de-throne Bill as the richest guy around...

Re:Sorry, encryption isn't a solution for spam.

[Greger47]

And while we are on the topic, thos who think that forced signing of e-mail really works.

Consider this, spammers would just use throw away 'identities' just as they use throw away dial-up accounts today.

Yes we might get to know who they are when they sign up at VeriSign, but we already do, it's not like you can sign up for a dial-up account anonymoulsy and we can se how effective that is agains spammers...

Re:Sorry, encryption isn't a solution for spam.

[Pierce]

Then change how you use the identities.

The problem with most 'security solutions' is that people are always reacting to the latest threat. In this case the spammer.

If you have a public key of the people you trust, then only allow mail from them to appear in your inbox. All other mail goes to a pending folder, if you want to allow the sender's mail to arrive in your inbox you accept their key.

If a sender on your approved list starts spamming, remove them from the list. Now you no longer have to worry about the spammer, but you do have to initially build your list of trusted email addresses.

Re:Sorry, encryption isn't a solution for spam.

[Greger47]

What you are suggesting is essentially just a variation on the whitelist-blacklist theme.

The only thing cryptographic signatures adds in this case is protection against a spammer finding out and using the from address of one of your friends. Which is not likely to happen, well atleast not untill we have the spammer worm, crawling the net looking for addressbooks...

Cryptographic signing gives other benefits but it's not a protection against spam in any serious scenario.

To bad really, the wholy grail of dead simple, spam free e-mail seems to be pretty far away.

Re:Sorry, encryption isn't a solution for spam.

[Pierce]

I know, but it would work (I think). Then once you have people using signatures, other things could be added. Such as encryption of all messages.

Re:Sorry, encryption isn't a solution for spam.

[mpe]

And while we are on the topic, thos who think that forced signing of e-mail really works.

More useful to have a system where any mail sent to you must be encrypted with your public key. This dosn't actually stop spam, just makes it a lot more expensive for the spammer.

Bad example

[AT]

Your example is a bad one. Microsoft did its best to avoid starting over with its operating systems. And when it did, it did so very carefully with as much backwards compability as possible.

Windows will still run MS-DOS binaries and Windows 1.0 through Windows ME all ran atop the MS-DOS code base in one way or another. They started over exactly once, when they build NT. And they gave it over 7 years to mature before they dumped the old MS-DOS/Windows code. And even with this one example, they ensured it was as compatible as possible to the old, which is why almost any program written for Windows 95 (and many written for earlier OSs, too) will still work with XP, 7+ years later.

Operating systems are a particularly good analogy, too because, like e-mail, it is a critical piece of infrastructure that depends heavily on interoperating with what else is out there.

Re:Bad example

Well I seam to recall that XP is a complete revamp of NT.

Re:Bad example

Some of the bugs that are in NT seem to exist in XP, so I doubt it was a complete revamp.

STARTTLS does this already

[AYeomans]

The "SMTP Service Extension for Secure SMTP over TLS" (STARTTLS for short) defined by RFC 2487 already provides the technical framework for Tripoli. And is today supported by Sendmail, Exchange, Postfix, Exim, etc.

It normally runs over TCP port 25, the initial connection is normal SMTP, then the STARTTLS directive begins a TLS-encrypted session. STARTTLS can be configured to only accept mail sent with a trusted certificate, or to allow anyone to connect - it is compatible with existing SMTP.

The one additional item in the Tripoli proposal is the use of a trusted third party to validate certificates. Great if this can be made to work, though current experiences with PKI make me doubtful of a truly Public Infrastructure. But STARTTLS can certainly work amongst smaller private user groups.

One current hurdle preventing wholesale adoption is that few ISPs support STARTTLS. Not a problem for people running their own mail servers, though even they would want secondary servers to support STARTTLS. But if the core ISPs started using STARTTLS, they could mutually authenticate each other. Initially all mail could be accepted, but later on unauthenticated mail could be filtered more rigorously.

Re:Adopt opt-in: Proven and perfectly constitution

The difference with prohibition is that most people WANTED ALCOHOL. How many want breast enlargement? Child-rape piccys? Goatse.cx?

Big difference.

Uninspired

[A+non+moose+cow]

I think these ideas are on the right track in that they acknowledge the largest fault with the current email system to be lack of control over accounts by the owner of the accounts. However, the hazy ideas that are hinted at as solutions are not the right idea. They are overburdensome to implement, and I can still think of plenty of ways around them.

As for getting people to begin moving to a new system, it will need to be more than just certificate additions and user controlled filters. It will need to be something that end users can immediately understand as "this is better and easier". With the given proposals, people will have no incentive to change. that attitude will be, "Sure, I'm told the new thingy is better, but I'd rather just deal with the spam than have to deal with something new that I dont understand." End users mostly have the attitude of, "If i do nothing, I can still get my emails. If I change to something new, I might break something and be without my daily communications".

That will be where the big hurdle is.

Re:Uninspired

You've hit the nail on the head. Joe user won't hassle with getting "certified". He is happy when the damn thing works and scared to death to make any changes that might break it, especially if it's at all confusing. So then what, we have M$ pre-configuring the email clients and one big PCA that controls all email certs or every sys admin has more work than can be done helping "friends and family" keep their email clients running. I say no thanks. Its to complicated, puts to much power in the hands of PCAs and Joe user has neither the will nor the competence to switch to it.

Re:Oh for fucks sake! Who gives a shit?

yeah, you get to pay less.
That's free as in beer.

Free Speech software means it will never be obsolete because you can always recompile on a newer machine.

BTW where in the world does one find free beer anyway. At a 4-6 pints per game the hockey playoffs are starting to get expensive.

responsibility

[mattite]

There have been many new proposals for making email spamless, but let's face it: most of them suck. The only way to curb spam is to force responsibility on ISPs and any person or organization that is running a public mail server with the law (setting public standards are what laws are for, folks).
We don't need any fancy legislation (but some simple legislation is necessary). The government repeatedly proves it's ineptitude when it comes to these matters, so we must only trust them with the little that necessity requires. A federal registrar of email servers should be enough, and a few rules should be made about operating these servers:

1) It would be illegal to run a non-registered email server.

2) Lawbreakers will be penalized with a hefty fine and jail time for every count of illegal activity.

3) PROFIT! (just kidding)

4) The server admin would be partly responsible for the messages that go through his/her server.

I know that these may be incomplete, but if anyone is willing, let's put our heads together and come up with something. There is no reason why we need to give up any liberty at all.

Re:responsibility

[RedHat+Rocky]

So I would need a license to run mail server?

Ok, let's go with that, for discussion sake. Suppose you do need a license to run a server. The main problem with SPAM is not knowing whose sending it. So how are you going to catch me to check my license?

We'll leave off the part about forcing US law on the rest of the world (good luck).

Re:responsibility

[mattite]

That's a fair question. Like most other licenses this one will come with a unique, identifying number (well, more likely an alpha-numeric code), which is to be attached to all messages coming from the associated server, and would be checked against a national database. Messages with valid numbers would be able to go through, and others could simply be rejected. This may not personally identify an individual or company, but it helps by locating the offending network. Fraud could be an issue with this, so maybe some more rules should be made:

5) It would be illegal to use someone else's unique number. Somekind of nasty penalty would apply of course.
6) Making up a "unique" number would be illegal (that would be very difficult to enforce, though).

But that isn't quite enough to prevent fraud. The codes would be reissued on a daily basis. Encrypting the codes would be necessary, too, to prevent someone from grabbing a day's code from a random email. A general set of public and private keys would be issued with the codes to maintain this. This would also better help filter messages: a message with an old code or old key would be denied.

As for forcing US ways on others, well, if this works well enough other countries will follow, and there won't be a need to force anything on anyone. I apologize to slashdotters of other nationalities. Sometimes I forget that good old /. is an international medium ;)

Re:Adopt opt-in: Proven and perfectly constitution

[mcarland]

But there is a difference between legislating junk faxes and legislating spam. In the case of junk faxes, almost all of them (used to) originate from inside the US, due to the prohibitive cost of setting up offshore. It's easy for the US to pass legislature governing an activity that can realistically only occur in the US. In the case of email, unless we involve the UN or something crazy like this, spammer need only move offshore just out of reach of the long arm of the US law. Unless we are going to pull an Iraq on every country that doesn't implement our spam/intellectualy property laws, this won't work.

Re:Adopt opt-in: Proven and perfectly constitution

[RedHat+Rocky]

Almost a valid point. The people who wanted alcohol didn't prevent the passage of the law though, so they can't be "most" (leave our democracy workings aside for a moment).

There are a number of people that want to SEND spam, they are the ones who equate to your people that wanted alcohol and are the ones MOST of us wish to stop or at least be able to choose it ignore.

ISP as PCA?

[ipour]

As usual with basically good ideas, there is a fly in the ointment.

In this case, it is who gets to certify, and which certifiers are going to be recognized by the community as valid and desireable.

The answer is the likely certifiers are going to be the ISPs. Let's face it - they have been winnowed down to a manageable number, they are the entry point for all e-mail users, and they will be recognized as an authority by the majority of users, who are mostly casual anyway.

Moreover, they are the only ones who can guarantee that they will get paid for their work.

I love the idea that Tripoli wants to empower the user, but I think their scheme will do just as much to empower ISPs.

What about something like FTP?

[Fisty]

In FTP, the client tells the server what IP it's at. The server then makes a connection to the client. Wouldn't this sort of thing help prevent spoofing and getting a "true" IP that we can then put in the headers?

Would this not help solve the "non-tracability" of spam?

This sort of thing could be optional at first.

So hopefully, over time, the ends closest to the end-users will have more and more Received: lines that are the new way and various servers/end users could opt to reject mails that aren't 100% new-style received headers.

The only way to spoof headers then would be to forge it, but then someone's gotta talk to a back-connect server which will yield a true IP which would be tracable. ...Matt

Re:What about something like FTP?

[RedHat+Rocky]

Hmmm. You mean something like this?

Since it's dated 2000, you can see how far we've gotten.

Re:What about something like FTP?

[Fisty]

Not quite. Messages would still travel as they do now, but instead of the sender connecting to the receiver saying "Here's my message", it's "I have a message to send to you now" and the server immediately connects back saying "Ok, give it to me"

Re:What about something like FTP?

[RedHat+Rocky]

A call back for mail servers? Interesting. Doesn't handle the open relay problem, but it might be a step in the right direction.

Re:Shut yer squeel hole, or suggest something bett

[Pierce]

While this recommendation does have it's problems, I see no one suggesting a better alternative. Yet. Hopefully someone will. This is similar to a solution a friend and I zeroed in on, except we thought to keep smtp, with user and /or server PK signatures automagically added along the way. Initially, clients could be configured by users to reject message that don't have the credentials the recipient requires, but eventually the server would reject unsigned messages, and signed messages that did not come from the server that supposedly signed them.

I've had the same idea, even going so far as to tinker with code to insert a SHA1 hash into the headers of the message. This way the systems that do not know what to do can ignore it and those that are interested can check the DS.

The problem of distributing keys is troublesome. But, there are many smart people reading and/or thinking about this. If instead of throwing our hands up and saying there is no solution, and more people thought about it, maybe something could be done.

The key could always be attached to the message you send. Granted this would increase the size of the message, but it would not be any worse than people always sending their vCard. Perhaps the system would only send the signature the first time you sent an email to a person.

Too complex...

[john_roth]

Their proposal includes three different and only loosely related issues:


1. User in control
2. Encryption for privacy
3. External certificates for authentication.

To put it bluntly, the primary issue is authentication. The control and privacy issues are, admittedly, dear to some people's hearts, but if anyone thinks that encryption will keep government agencies out of your e-mail, that person has an unrealistic view of the world.

So that leaves us with authentication. All that is needed here is an agreement among several major ISPs (AOL, Earthlink, anyone?) to set up secure links between their servers, and only tag e-mail as authenticated if it provably comes from one of their users.

The rest of it should be rather straightforward.

John Roth

Re:This is a total dead end. -Not necessarily

[Grayputer]

LOTS of spam is passed through open relays. Closing Sendmail open relays has been easy for A LONG TIME now. Yet hundreds of open relays still exist. A new protocol is spiffy and all BUT WE CAN'T GET PEOPLE TO USE THE EXISTING TOOLS. A new 'magic bullet' ain't the answer, education is, boycott may be, and use of blacklists can help. Implementation of Tripoli is nice and all but if we can't get people to upgrade to a sendmail/qmail/... with closed relay support how do we get them to upgrade to Tripoli? Figure that out and then use the same method to get the open relay holes closed with the existing tools and save the Tripoli coding time. Hell, spammers that spam from their own address get blacklisted pretty quick, use the blacklist, and close the relays.

(Yeah, I know the blacklists aren't perfect but we can't even get that to work, a new tool isn't likely to work either.)

Bottom line, this is not REALLY a technology issue, it's a LUSER/Business issue. A new technology that penetrates 20-60% of the net still gets spam from the other 40-80% of the net. Tech answers work great IF you get 100% market penetration.

We need the identity part

[87C751]

There's nothing wrong with "just providing encryption", but that doesn't address the problem at hand. TRIPOLI uses encryption and identity-based authentication and TTP certificate issuers so that responsibility for sending email can be backtraced to a specific (though not necessarily meatspace-correlated) identity. This is the key to the whole system. To send mail, you must have an authenticatable identity. Spammers' authentications should have half-lives measured in seconds, assuming systems like Razor grow to meet the new requirements. So unless a spammer wants to shell out the big bucks for thousands or millions of PCA certs, he'll soon find himself unable to send mail to anyone at all. Good riddance.

And your example of real-time authentication won't stop a spammer. Won't even slow him down much. SSBs (Spam Service Bureaus) will just go out to Best Buy and pick up a couple of quad-P4 boxes to handle the authentication traffic, lie during the authentication (ethically no different than forging From: and Received: headers) and life will go on as before. Remember, spammers' servers are already online for the duration of a spam run. Without a Trusted Third Party involved in the authentication chain, you have to trust the (possibly unknown and/or unknowable) other party not to lie to you.

Don't change the email standard

[geekoid]

first:
"People For Internet Responsibility"
They propose to interduce a standard to enforce responsibility? ludicrious, you can not standardize responsibility.

The change they, and many others, propose to deal with spam takes away a lot of the freedom that legitimate user need.
Perhaps I need to send an email to a coworker who isn't bathing? I would need to do it anonymously so as to prevent lawsuits, and lessen a hostile tone.
What if I am fighting an oppressive government?
Would there have ever benn a deep throat* if anonyminity couldn't be assurd?
And they can not stop spam without ending anonymity.
Spam is becoming the great excuse to loose control of something very precious, the ability to speak you mind and not fear reprocussions. Does this cause a lot of chaffe? of course, can't have one without the other.
The way to stoip spam is through education. The only law I would like to see would be to force people selling merchindise to put a code into the body. then you could filter out those, but you still would need a spam filter to remove the non legitament, and foriegn spam.

*not the movie, but the Nixon scandle.

encryption & identity go hand in hand

[shdragon]

Encryption & establishing identity go hand-in-hand. I work for one of the largest PPO's in the nation. It is of the upmost importance that identity can be established in addition to providing a secure means to get there.

I need to know that not only can nobody but the recipient get my message, but that said recipient is who they claim to be.

I am in the middle of discussions of trying to move us off of tumbleweed (a la hotmail type secure email) and on to pgp/gpg. I would like to hear more about your experience/difficulties with pgp/gpg (I don't have any. but then again, I've been using pgp since 1997, so any difficulties I might have remembered are forgotten in light of the tumbleweed project).

PGP enabled sendmail

[Brew+Bird]

Don't we already have this? It turned out to be too much of a PITA to use, hence the current quagmire...

Public Key authenticated mail, backed up with a whitelist, and actualy following the rules for PGP key admission (i.e. there needs to be a place you can register your key with that will certify that it belongs specificly to you)

People For Internet Responsibility?

[CausticWindow]

Why are stupid (as in very silly) names like "People for the ethical treatment of animals", "Grand Parents for A Drug Free America", "Drug Abuse Resistance Education" or "Parents for barefoot children" all the rage in the US?.

Oh.. and SMTP rocks my world. Unsafe means free and uncontrollable. You know what your govnerment lusts for.

too simple! Re:The Simple Solution...

how does your computer "Know" for sure that the email really is from your friends or family? ... looks at the from: header field right?

the next step in the spamming war is they will begin hijacking people's address books.

without something like the PCA in the proposal (certificate) there isn't any way to tell if the email really is from your friend/family/remote system crying for help/etc.

Thawte==VeriSign

[jroysdon]

I'm not sure how many folks are aware that VeriSign bought Thawte a few years back:

Registrant:
VeriSign, Inc. (THAWTE-DOM)
487 East Middlefield Road
Mountain View, CA 94043
US

Domain Name: THAWTE.COM

Administrative Contact, Technical Contact:
VeriSign Hostmaster (VH2134-ORG) vshostmaster@VERISIGN.COM
VeriSign, Inc.
487 East Middlefield Road
Mountain View, CA 94043
US
650-961-7500
Fax- 650-961-7300

Disagree

[Fastball]

Legislation will NOT curb or stop spam. Politicians are the very last people you want working on the spam problem. Roughly ninety percent of incumbents win their elections (in 1998, 98% of U.S. Representatives won their elections). These people have nothing at stake. They have no incentive to fix this problem.

Techies like you and I do, and I would rather cast my lot with fellow techies who share in my pain.

Success comes from failure if you dare to try again, revise, adapt, and overcome. I don't see why we should continue to bend over for spammers if the possibility exists that they will exploit a new system for mail transfer.

Personally, the SMTP system has rendered e-mail useless. I'd accept a challenge system, whitelists, or whatever else someone comes up with if it meant I could communicate with my family and friends effectively. As it stands, 100-200 spam messages are jamming the transmission.

hashcash

[Adam+Back]

the PIT things have been proposed under other names in numerous other proposals. PKI is complex in and of itself, so I don't see how taking two hard problems (spam and PKI) and combining them is going to help solve the spam problem. As others have observed the CA is effectively a black list moderator. Spammers can set up their own CAs. And it discriminates against anonymity and privacy. It is not in the users interests to non-repudiably sign each email just to combat spam. Hashcash combined with content based filters like spamassassin makes more sense in that at least it attacks the problem: by making the sender pay (in CPU time) on a scale that costs normal senders effectively nothing (they already have spare CPU) but increases the costs of sending spam. The filtering software would then just not filter your email if it had a hashcash token attached. This means users have an incentive to install hashcash plugins in their mailers to avoid their mail getting lost in filtering false positives. hashcash is at: http://www.cypherspace.org/hashcash/ Adam

Re:Adopt opt-in: Proven and perfectly constitution

[geekoid]

"Opt-in works, and it does not hurt anyone but the spammers."
I would say
"Opt-in works, and it does not hurt anyone but the spammers, whose business nobody wants."

this way yiu can use that argument against spammer when they say "People want this information" Fine, now we have a way to save the spammers time (they don't have to spam people who won't buy anyways) and it will save those eople who do not wish to participate.

This sounds great to congress, and the only respose spammer can say is, "well, we sell to people who don't really need to proiduct anyways."
and quite frankly, they won't get much sympathy
for that.
Alway make is sound like both sides win, that way its a 'compormise'.

This "plan" was disucssed as early as 1997...

[Nugget]

Vernon Schryver keyed what is possibly my favorite quote ever on exactly this subject in 1997 in a usenet article posted to news.admin.net-abuse.mail:

"There is a style of design I call "wishful thinking engineering." It starts with something like "pigs can fly if you feed them enough beans" and develops utopian plans such as like having everyone commute to work riding on personal pigs, and along the way ignores minor details such as the consequent rain of the non-gaseous byproducts." - Vernon Schryver

The full article is here on google if you want to read all his words on the subject. It's worth the time. I've got nothing of value to add to Vernon's wise words on the subject.

Re:This "plan" was disucssed as early as 1997...

[Zeinfeld]

Vernon Schryver keyed what is possibly my favorite quote ever on exactly this subject in 1997 in a usenet article posted to news.admin.net-abuse.mail:

Vernon also runs the Distributed Checksum Clearinghouse (DCC) and is guaranteed to argue against anything that might topple his position as top spamcop.

If Vernon receives email from people he disagrees with he feels free to block their domain and report all emails that are cc'd to him to the DCC. He does this even if he is sending mail to the other people and the messages he is reporting are merely replies.

Vernon is on record advocating that everyone block mail from free ISPs, but he argues against RMX and the Microsoft style proposals as terrible censorship - even though he is the person who uses his own scheme for censorship of views he dislikes. Perhapse one of those C's in DCC should stand for something else.

Basicaly Vernon has almost singlehandedly sunk the IRTF ASRG group by driving away most of the people who were willing to do actual research or write code.

Good idea, but...

change the name. Triple E = _Empowered_ Email Environment? Give me a break!

Just dont read spam - not a solution

Hmm, lots of comments to the effect "well, if you just don't read the spam it'll go away." Bzzt, wrong! By the time the spam gets to your smtp server *it's already too late* even if you just discard the spam. The reason being you have already paid for the bandwidth to download the spam so your fancy pants filter can download it, analyze it and discard it, not to mention the cpu cycles it takes to analyze incoming e-mail. It gets even worse if your filter is consulting an external database for every piece of mail flowing through the system.

Until the burden is placed on the *sender* to verify they are sending legitimate communication everyone else in the chain is going to lose. The sender doesn't pay for transporting their garbage over the wires to get to your smtp gateway and be discarded. Filtering is a half assed and ineffective solution to the spam issue - it places the computational and financial burden on the wrong party in this transaction.

So stop your blubbering - if you want to effectively control spam you're going to have to accept some burden as a sender to verify who you are and that you are sending legitimate e-mail. One of the advantages of a global authentication/credential scheme is that those credentials can be revoked if they are abused (ie, it creates a layer of accountability). Of course, you get the whole thorny issue of who gets the authority to assign and revoke credentials, and as one poster said a bad authority will make such a scheme worse than no scheme at all.

Here's why it won't work.. and what might.

[EriktheGreen]

It's nice that people are thinking along these lines, but this scheme has at least one big problem. Effectively the PCA (the keepers of the keys) in the proposal have to have a significantly large, distributed infrastructure to handle authentication for global e-mail. This doesn't exist, and a lot of money is needed to set it up, which implies some form of government support, which comes with strings attached (usually).

If you make the PCAs non-centralized to the point where relatively small organizations can function as a PCA, then there are so many of them that some hierarchy of PCAs has to be set up, ala DNS, or else you dramatically increase the load on mail servers which will already need more CPU for cryptographic processing by making them check long lists of PCA IPs to see if anyone has the key for the message they're trying to validate.

Here's a better (though still flawed) idea, which assumes a symmetric public key system can be used:

Set up a Domain Key System (DKS) where every host on the internet has a defined DKS primary and secondary server.

1. Set up a convention within DNS servers where a lookup on a given subdomain returns the public key information for a particular user. Construct this false DNS name using the FQDN of the user's mail server plus the username and a subdomain name (like "key", eg. erik.key.hotmail.com). Users wishing to send mail should send the mail with a return address @ the domain that holds their public key.
2. Every e-mail sent should have in its header an X-key field that is the armored (with the user's private key) checksum of the message plaintext.
3. On receipt of a message, the receiving server performs a DNS lookup of the constructed "key" address to get the user's public key. It uses this to verify the authenticity of the message received (IE is the sending address really the person who sent the message). If the message doesn't verify, dump it in the bit bucket.
4. Require all compliant servers to use the MAPS RBL or a similar list (possibly a commercial one) to download a (cacheable) list of servers (or users) that send spam. Since messages are authenticated as definitively coming from a source domain, this eliminates black holing innocent bystanders, and allows RBL to target spammers only. Since the list of black holed domains is relatively short (computationally speaking) a copy can reasonably be kept on a mail server, and updated on a regular basis. Large organizations can download a single copy of the list to an internal server, and explode it out to other servers from there.

   If desired, the MAPS people can charge for the more frequent updates of their list (every 5 min, for instance) thus supporting their servers.

5. A bonus of this system allows easy encrypted e-mail... your e-mail client just looks up the public key of the destination user in the DKS, encrypts the message with it, then calculates the checksum and armors that with the sender's public key before sending. The receiving server can validate this e-mail as coming from a given sender, and only the holder of the private key that matches the destination address can read it.

   Minimal changes to the existing SMTP server software are needed to implement this system, and I think no? changes to BIND style DNS.

   The system scales linearly with the number of users... if you have a mail server supporting 10,000 users, your DNS server had better support them too. A single user can have a tiny server that supports publishing their single key, perhaps the same as their SMTP host, and perhaps only transiently on the Internet (long enough to send a message), although this prohibits receipt of encrypted e-mail.

   If you manage to set up a central key authority somehow, for bonus credit you can allow the DKS keys to be kept in armored form in the DNS servers, decrypted only by the public key of the central authority, which will provide the armored key to the e-mail user upon verifying the user's identity

Re:Here's why it won't work.. and what might.

[EriktheGreen]

Normally I don't reply to my own posts, but I thought I should fix an error above: s/symmetric/asymmetric/ ... an asymmetric cryptography system is what I mean, PGP like using RSA for the passphrase with some symmetric algorithm for encrypting the body of the message. Erik

What We Really Need

[jazman_777]

Is for Bush to declare a "War on Spam", get Congress to authorize the funding (much $$), and that will take care of it very nicely. No more spam! Hormel will have to change their product name to something like "Liberty Meat".

Also needed...

[Richy_T]

Is e-mail address portability. So that if your mail provider gets shut down for allowing spamming, you can transfer to another with minimal disruption

Rich

Re:Also needed...

[Zaak]

...e-mail address portability.

This would be like delivering mail based on city of birth rather than city of residence. Yes, the address could uniquely identify a person, but it would give no information whatsoever about how to go about finding him.

The only way to implement this would be a database roughly the size of DNS that would map portable addresses to current actual adresses. I suppose it's possible, but the cure might be worse than the disease.

TTFN

Re:Also needed...

[Richy_T]

Well, my e-mail address is a .co.uk address but I live in the U.S.

Yes, it would require something as big(or bigger) than DNS. Maybe it would be an impossible problem, maybe not. It should definitely be considered though.

Rich

Re:Stupid Administrators - DNS and SMTP

[sirket]

Example: ISP ownes the IP and give you 1 IP for your SMTP server.

So? Get them to add a PTR record for you. If they won't do it, then you are probably not supposed to be running a server on that account.


Or if you have multiple switched internet links for redundancy? Link goes down - you switch IP's to route around problem (switch providers)... but you can't force DNS cache to instantly update.


What the hell does this have to do with anything? All I said is that every IP should have a reverse DNS entry and that your HELO information provide a FQDN which has a valid A record and/or MX record. I never said this had to _match_ the PTR and A records in DNS. Besides which, nobody in their right mind handles HA this way. You run BGP4 and configure real redundancy. Don't know how to run BGP4? then perhaps you should not be worried about HA.


Also consider clusters. What if you have 3 machines, which need their own name for hardware management, but they are all acting as a single mail exchange host? Yes, I know about multiple MX records - clustering solves other issues. You can combine clustering + MX records.

If a cluster has a single IP, then nothing I suggested would pose a problem. If the cluster has unique IP addresses, then each one should correspond to a Unique DNS entry. Period. Please read RFC 1912.


Bottom line: It costs extra money and time to get your own block of IP Addresses and properly manage DNS. AOL can do it, but so what? Why lock out the small mail servers of the world just because they don't have reverse DNS?!


First, anyone running a mail server _should_ have a business class account of some sort. With that comes DNS, Reverse DNS, IP blocks, etc. (Hell a lot of non-business class accounts give you these features). The problem is, people who have no business running mail servers do so, and do so poorly. I am absolutely astonished at the kinds of questions people ask on the Postfix and qmail mailing lists. Every time I read one of their posts I am forced to ask myself how these people managed to get connected to the Internet in the first place.


Mail comes into my USPS mailbox in front of my house. The "FROM:" server does not have to exist to come to the TO: location.

That this doesn't bother you is a problem. If the sender doesn't exist, why the hell would you accept anything from them?


Yes, SPAM is a problem, but quit blaming protocols and technology with the issue is the small percentage of e-mail users who are _sending_ the spam.

If you read my post you would notice I never blamed the protocols. What I blame are the plethora of inexperienced or downright incompetent administrators out there.

-sirket

Just say no to saying no

[jerryasher]

So uh, what's insightful about the parent comment?

"Tripoli -- nobody is going to use it" -- FreeLinux, 2003

"640K ought to be enough for anybody." -- Bill Gates, 1981

"There's no possible reason anyone would ever want to have a computer in their home" -- Ken Olson, 1977

"I think that there may be a world market for maybe five computers" -- Thomas J. Watson, 1943

"Stocks have reached what looks like a permanently high plateau" -- Irving Fischer, 1929

"This wireless music box [the radio] has no imaginable commercial value. Who would pay
to hear a message sent to nobody in particular?" -- RCA Executives, 1920

"Who the hell wants to hear actors talk?" -- H.M. Warner, Warner Brothers - 1927

"Heavier than air flying machines are impossible" -- Lord Kelvin, 1895

"I'm gonna get laid this year" -- FreeLinux, 1999, 2000, 2001, 2002, 2003

Just being a curmudgeon, just saying "feh", is not insightful.

Re:Just say no to saying no

[andynyc]

"Stocks have reached what looks like a permanently high plateau" -- Irving Fischer, 1929


I've never heard this comment before, but if the date is accurate, I'm surprised you place it with the others. In fact, that might be the absolute best forecast of all time.

Obviously, stock prices and all indices are much higher today than they were in 1929. However, as you probably know, 1929 was the start of a massive, four-year decline in equity prices that played a huge part in creating "The Great Depression." Clearly, every investor who owned stocks in 1929 wished he/she had heeded Mr. Fischer's advice.

You may have an issue with the word "permanently," which is why you'd consider the statement to be ridiculous. However, after the crash of 1929, the Dow Jones IA did not reach it's pre-crash level again until 1954 -- 25 years later! In investing terms, 25 years is about as close as you'll ever get to "permanent" or "forever." Plenty of people died in those 25 years, so for all of them, Mr. Fischer's accuracy was stunning.

The bottom line is Mr. Fischer was making a sell recommendation, and he was absolutely, 100% on the money.

Re:Just say no to saying no

[jerryasher]

At the risk of being spanked again with an offtopic moderation...

I placed it with the others because the website I found it on placed it with the others. But I think most folks look at this as an example of hubris and one of the worst market calls in history. Fischer was of the belief that there were no more business cycles, that we had reached a new era of prosperity and economic understanding, and that the market would not being going down.

Or to crib once more from a google found resource (warning this is FRENCH!) The New Economy: Myth and Reality -- Atelier:

Over the course of every long boom in the history of industrial capitalism, economic interests have sought to account for continuing growth and stock market expansion by arguing that a New Era has arisen, which has tamed, or even eliminated the business cycle. Such New Era pronouncements are always rooted in some notion of changing technology and/or business organization. Prior to the 1929 stock market crash that introduced the Great Depression, it was commonly argued that a New Era had emerged with the growth of the large monopolistic capitals, which were able to manage and regulate the economy more efficiently, smoothing out the economic swings and decreasing or eliminating the downswings altogether. Irving Fischer, professor of economics at Yale, and the most prestigious U.S. economist of his day, is reported to have declared, on the basis of such New Era thinking - just prior to the stock market peak in 1929 (which was closely followed by the crash) - that "stock prices have reached what looks like a permanently high plateau" (quoted in Schiller, Irrational Exuberance, p. 106).

Junk Faxes

[jmorris42]

Junk faxes might be illegal but we get a dozen or so every week. Bet you do too. So don't be too confident that a law will stop spam.

Something I have know for years

[BlueCoder]

It would work. I have concieved of such a system for years. It's rather obvious. But the problem with tripoli is that it's trying to achieve too much.

Encryption is a seperate issue and should be addressed sepereatly. Signed messages in no way have to be encrypted. Besided various powers that be against encryption would assert they influence against it becoming standard as much as possible.

A signed message infrastructe is the heart of the spam solution and it needs to be made plain and simple.

But where Tripoli erred in overcomplicating it with encryption it should have rather enphasised development of sponsorship signatue key lists and public key list databases and software that to some extent automatically manages it all. This would allow more control power than individually authorizing each email sender. (I don't know about you but I get annoyed authorizing all the damned cookies all over the web.)

adding a cost for sending mail

I like the idea of adding a cost to sending mail. Pouring out millions and millions of spam mail is just too damn cheap.

But, unlike some, I don't think we should add a cost in terms of real-life currency. That might create more issues than the problem it solves.

Instead, let's use something more readily available: computing resources. I belive there are quite a few algorithms where creating a challenge is trivial, while coming up with the solution takes some effort. One extra second, or ten, wouldn't make a lot of impact on normal users, but imagine the time it would take to send out a million spam mail. ;D
_____________

However, doing something like this between servers/relays is probably a no-no, which puts us back to square one..

How about just configuring mail-servers so they automatically check whether the server they're receiving a message from is an open relay, and in that case just deny the message?

Only solution to spam

[jmorris42]

Depending on some signing authority to end spam is stupid. Spammers will just buy keys like they buy disposable AOL accounts unless the price is high enough to be a burden on small sites.

Expecting laws to stop people who already make hiding their true identity and crossing as many jurisdictions as possible because they are usually selling ILLEGAL products is insane.

In the end there is only ONE solution. It is the use of encryption/signing, but not the way most people think of using it. Mail User Agents need the following fixes, made so that the average AOL/Outlook user can handle it. By default they only accept mail from people already in the address book. All mail is sent GPG/PGP signed, with the public key attached and the clients grab keys automatically.

When an mail arrives from someone that isn't in the address book it sends them a challenge that only a human can answer (more on this below). If that test passes it allows the original message through and sticks the public key in the addressbook. If the message was not signed it stores the address of the SMTP server it came from as a backwards compatible fallback. The end result is that legit senders only get challenged once if their client signs, otherwise they get challenged once each time they send from a different server. Spammers have to have a human involved for each spam for each user which kills the attraction of the practice.

Now, about those challenge methods that only a human can solve. Make that a plugin architecture. Have modules that send a multiple choice question or two, some that send text as a graphic in some whacked way, etc. Allow people to express their personality through their choice of verification method.

This suggestion would kill spam dead, put only a minimal burden on legit traffic and require no laws or centralization of the Internet. Which is why Outlook will never implement it and therefore the problem will continue to fester.... until enough people become willing to trade liberty for what? In this case, mere convenience.

Re:Only solution to spam

[JasonAsbahr]

The challenge might not need to be something a human would solve -- if something actually can receive the challenge email, it's like to not be a spammer, since they don't use real Reply-to addresses. If they do use real Reply-To: addresses, they can be quickly traced and shut down.

Re:Only solution to spam

[llj555]

"Expecting laws to stop people who already make hiding their true identity and crossing as many jurisdictions as possible because they are usually selling ILLEGAL products is insane."

How come?

Laws never completely stop illegal behavior, but they do tend to curb it.

In the case of illegal drugs, the reason drugs are still sold is because of demand: people want the drugs and are willing to pay for them. Nobody wants spam, just like no one wants ads interrupting their TV shows. They might want the products advertised in the spam, or on the TV show, but they don't want the spam or the ads. No demand equals no supply.

FWIW, I can't think of anything that I've been spammed for that was truly illegal, despite what the emails claimed. If you're selling something illegally, why would you announce that fact to a million strangers? At some point you'll take money from the customer, and that's when the cops get you.

Re:Only solution to spam

[jmorris42]

> No demand equals no supply.

Eh? There is zero demand for spam now, but we are all up to our butts in it. Me and Thee aren't the ones who count for teh purpose of determining demand. So long as someone thinks they can make a buck they will can spam. If they can.

And yes, most spam pitches illegal products and services. Selling Viagra over the counter is illegal. Selling pyramid schemes is illegal. Selling pirate DirecTV access cards is illegal. Etc. Of course those stupid enough to send one of those idiots their credit card info will find out they are only interested in credit card fraud.

Re:Only solution to spam

[jmorris42]

I'm thinking ahead. Your solution would just escalate things to the next level. Use the zombied Windows machines to accept the maila nd respond to the challenge. And that is just where spam is already going with open relays becoming harder and harder to keep available. Lets not fight the last war, lets make it impractical to fight one ever again.

Re:Only solution to spam

[llj555]

I should have been clearer and simply said that spam isn't demand-driven, it's supply-driven. I have to disagree about most spam selling illegal products. Selling Herbal Viagra over-the-counter isn't illegal, because it isn't Viagra. It's orange peels. The filters to get pay-per-view for free aren't illegal, but they don't work, either. I forgot about pyramid schemes, but to be honest I haven't been spammed for one of those in years.

The spam solution that I'd like to use

[afflatus_com]

I have thought about this for awhile now, and this is what I would like to use.

If an email author is not on my whitelist of emails, then they get a toll if they want to get through and have me download/read their letter. I can set the toll according to my own private rules. For me, it would be likely in the range of 1-10 cents (a professional might set a bounty of 20-50 cents for a stranger's email). One of my first private rules would be to double the toll if it is an HTML-formatted email, and triple the toll if their is attachments.

There is no assumption that the letter is spam content or not or restriction of speech, just that the sender will pay me for their taking of my time regardless. For 99.9% of spammers it is not feasible to pay a few cents per spam, but if they can spend that much to contact me then I am likely a likely enough target market for their service that they can pay me the money for me to skim their message.

I would have the implementation similar to how "Read receipt" messages get sent back, but instead of a dialog box that says "Mr. Jones requested a read receipt, do you wish to send it?" it would say "Mr. Jones charges a toll of 3 cents to receive unsolicited emails from people he doesn't know. Do you wish to pay this 3 cents?" There would be a "Yes/No" button to send the 3 cents to him.

There is no forcing of users to exact tolls on reading unsolicited mails, if they don't want to use this, but instead want to read them all for free, that is their choice.

The specifications would be by a internet body, like W3C or similar. The implementation would then be over to a choice of independent transaction service companies, similar to how there is a vast consumer choice of registrars for domains. Consumers can take a service that comes with lots of handholding, 24/7 live support but costs a larger percentage of the toll charged to unsolicited non-whitelisted email, or a consumer can choose a non-frills provider that gives 95% of the toll charge to the reader of the email. Consumers may wish to base part of their choice based on the perceived trustworthyness/reputation of the company. Companies that do a good job at it get more business, making a good market opportunity for companies that do the service well.

For a company to be a provider of the service requires some minimum standards, pretty much similar to the standards to become an OpenSRS domain registrar. [As an aside on the subject of domain names, consider how much more junk domain names would flood the domain name registry if there wasn't a cheap cost of $6-15/year to have a domain name. 99.9% of sociopathic people are physically limited from registering 80 million new domain names per day into the DNS, because there is a cost-prohibitive toll against this abuse]. There is a somewhat stiff cost to become one, obviously, and there is a contract regarding arbitation before the council in cases of fraud or other repeat poor performance, with th e penalty of damages and the stripping of the ability to provide the service. The cost of becoming one is set high enough to make it an unviable business to defraud your customers.

I pay a fixed amount into my own chosen provider of my toll/bounty service, say about $10 for my upcoming year or two of contacting people that I don't know yet. Transactions are then handled from provider of service to provider of service moving the few cents without much human intervention and pretty low risk since there is only the short list of provider accounts that money can be sent to. Since there is low interaction and relatively low financial risk, there is a good slice of money available to be given to the bounty recipients.

Why would I use it? Since it handles my needs as both a reader and sender of email:

-I currently lose a large amount of time in dealing with the current mess of spam, where I have to sift through non-whitelisted messages looking for something important from a potential employer or an old friend that I haven't seen in a while. I

Anonymity, eh?

That this doesn't bother you is a problem. If the sender doesn't exist, why the hell would you accept anything from them?

Perhaps I'm a journalist... and the sender -- a corporate whistleblower, or the person who obtains the next Pentagon Papers, or a Venezuelan revolutionary -- wishes to remain anonymous for fear of reprisal.

Anonymity doesn't make you a criminal any more than publicity makes you a saint.

Re:Anonymity, eh?

[sirket]

Perhaps I'm a journalist... and the sender -- a corporate whistleblower, or the person who obtains the next Pentagon Papers, or a Venezuelan revolutionary -- wishes to remain anonymous for fear of reprisal.

Anonymity doesn't make you a criminal any more than publicity makes you a saint.


You still have an IP address and a connection time which I can track. Worse, you are using straight SMTP so nothing is encrypted and anyone can read your message.

If you want anonymity, try using hushmail or other similar service. There you get a secure connection to the provider AND anonymity. In the end, that's a much better deal.

-sirket

Already Being Discussed

[Foozy]

The IETF Anti Spam Research Group (ASRG) is already debating this topic.

Subscribe: https://www1.ietf.org/mailman/listinfo/asrg

Caution: this is a very active list.

Comment removed

[account_deleted]

Comment removed based on user account deletion

This COULD work...

[Fish+(David+B.+Trout]

This COULD work... I think some people are forgetting an important aspect of the MTA/PCA issue: What's to stop people from becoming their *own* "trusted authority"? I mean, why rely on someone ELSE -- some big ISP or "Certificate Authority" (Verisign, etc) -- to ultimately say who is trustworthy TO YOU and who isn't? Why not rely on YOURSELF? (or your trusted friends?) From my reading of the paper *anyone* could ultimately become an "authority", determining who is and who is not allowed to send email to a given person (with the "given person" in this case being oneself). Thus I can envision a sort of "peer-to-peer" email delivery network arising from this idea wherein everyone, over time, builds their own database of "trusted sources" that would be allowed to send them email (or rather, whose email a person would be willing to accept email FROM). A private "white list" if you will. With this approach we each only accept email from individuals/organizations that WE OURSELVES trust, -or-, optionally (on an individual by individual basis), who are trusted by others whose judgement we ourselves trust. The email delivery "network" would thus reduce to everyone/anyone participating in the delivery/authentication of email, ala the old "circle of friends" approach. You want to send me email? Fine. Then you need to either be someone I personally know (and thus someone I myself trust; i.e. a friend) or else someone who knows someone I trust (i.e. a "friend of one of my friends"). If you're not one of those types of people, then I'm not interested in receiving your email. Full stop. Each person could configure their own levels of trust (i.e. how far removed from their own close circle of friends someone could be and still be allowed to send you email). The spammers would end up quickly developing their own "circle of friends", sending and delivering their spam amongst themselves (and/or amongst demented individuals who liked receiving such junk) whereas the rest of us sane individuals would end up developing our own separate "trusted circle of friends" who would automatically reject any email from people they didn't trust (i.e. the spammers). A "trusted" peer-to-peer email delivery network. It COULD work. Couldn't it? Or am I missing something here??

This COULD work...

[Fish+(David+B.+Trout]

This COULD work...

I think some people are forgetting an important aspect of the MTA/PCA issue:

What's to stop people from becoming their *own* "trusted authority"?

I mean, why rely on someone ELSE -- some big ISP or "Certificate Authority" (Verisign, etc) -- to ultimately say who is trustworthy TO YOU and who isn't? Why not rely on YOURSELF? (or your trusted friends?)

From my reading of the paper *anyone* could ultimately become an "authority", determining who is and who is not allowed to send email to a given person (with the "given person" in this case being oneself).

Thus I can envision a sort of "peer-to-peer" email delivery network arising from this idea wherein everyone, over time, builds their own database of "trusted sources" that would be allowed to send them email (or rather, whose email a person would be willing to accept email FROM). A private "white list" if you will.

With this approach we each only accept email from individuals/organizations that WE OURSELVES trust, -or-, optionally (on an individual by individual basis), who are trusted by others whose judgement we ourselves trust.

The email delivery "network" would thus reduce to everyone/anyone participating in the delivery/authentication of email, ala the old "circle of friends" approach.

You want to send me email? Fine. Then you need to either be someone I personally know (and thus someone I myself trust; i.e. a friend) or else someone who knows someone I trust (i.e. a "friend of one of my friends"). If you're not one of those types of people, then I'm not interested in receiving your email. Full stop.

Each person could configure their own levels of trust (i.e. how far removed from their own close circle of friends someone could be and still be allowed to send you email).

The spammers would end up quickly developing their own "circle of friends", sending and delivering their spam amongst themselves (and/or amongst demented individuals who liked receiving such junk) whereas the rest of us sane individuals would end up developing our own separate "trusted circle of friends" who would automatically reject any email from people they didn't trust (i.e. the spammers).

A "trusted" peer-to-peer email delivery network.

It COULD work.

Couldn't it?

Or am I missing something here??

Spam control filtering is getting better ??

[rastos1]

>Spam control filtering is getting better

Can you please enlighten me? Is there a way to stop spam before I download it? So that it is not wasting my bandwidth?
Yes there is: in world with no open relays you can get rid of spam. Unfortunatlly that's not going to happen in this universe anytime soon.

Re:PIT/PCA Questions

[timftbf]

This was exactly my worry. It starts off with a grand goal of "empowering end-users" then tells you that in order to be empowered you have to be certified but some big-brother organisation that decides who is to be trusted and who is not.

Doesn't sound like much of a way forward to me.

Regards,
Tim.

Re:Oh for fucks sake! Who gives a shit?

That's for sure. Everybody knows that Apache is the worst web server in the world, after all.</sarcasm>

Web Of Trust

[mazor]

Something like the Thawte Web of Trust network, established to certify personal identity certificates for email and web authentication?

Thawte has provided free personal certificates through this Web of Trust for more than 5 years. I know, because I'm a WOT notary.

I agree with the apathy of many of the posts on this thread. People like the idea of being annonymous on the Internet, but they don't like the consequences that go with it.

Spam is a consequence of the freedoms provided by annonymity. While it may be possible to construct a new mail exchange system that prevents mail of uncertain origin, such solutions will likely have a cost of reduced personal annonymity (aka certification of origin or identification of sender).

-mazor

The Queen's English

a white paper aimed at starting discussion and work to fundamentally revamp Internet e-mail systems to control spam, forgeries, and a range of other problems

I bet I'm not the first person to mention split infinitives .....

Splitting Infinitives?

[porkchop_d_clown]

Up with this I shall not put!

Re:This is a total dead end. -Not necessarily

[budgenator]

the bottom line is the spammers, and they are few and far between, are very active on a per spammer basis and pay the big bucks. I suspect that a lot of the "open relays" aren't open because of negligence but are open to provide the owner with a degree of plausable denignablity, and the spammer is paying big bucks for a relatively throw away IP address to route his Emails through.

Maybe IP6 will help because it'll give enough IP address out so that dynamic IP's will become un-necessary. Many hosting companies allow user's to send Email that resolves to their domain name; our account at vario allowed this, how they had to set it up is
first you'd check your Emails stored on the pop server, which ran a script that opened the relay for one half an hour; with a static IP, they could limit the relay to IP addresses only from authorized IP addresses. IP's could even be reverse resolved so my address could be resolved to budgenator.isp.net so if I send out many complaint generating Emails, my address could be blacklisted instead of a whole block belonging to the isp.

Re:Stupid Administrators - DNS and SMTP

[mpe]

All I said is that every IP should have a reverse DNS entry and that your HELO information provide a FQDN which has a valid A record and/or MX record. I never said this had to _match_ the PTR and A records in DNS.

It probably wouldn't be a bad idea that if the FQDN given in the HELO command and that derived from doing a DNS lookup do not match to insert delays in the remainder of the transaction. Similarly if the domain in MAIL FROM is inconsistent with that from either a DNS lookup or the HELO command. Thus indicating that some form or relaying is likely to be going on.

RIR - RIPE/ARIN/APNIC/LACNIC ...

[compu]

The Internet is a place that everyone should be allowed to use right?

Well isn't the Internet based on a resource that has to be centrally assigned?? I'm talking about IP addresses(and AS#)

"Users" of IP addresses are required to register for their IPs from Regional Internet Registries(RIR) i.e. RIPE/ARIN/APNIC/LACNIC etc ...

<make-things-look-simple>
Strictly speaking, there is nothing that technically stops a "user" from using any IP address.
If you talk BGP to your ISP, well, you could technically pick up a free IP range and say it is yours, and the routers on the net will believe it.
</make-things-look-simple>

now lets get to the point! If e-mail has become so unusable as it is being claimed(don't get me wrong, I'm fed up myself with spam!), there is a simple solution:
All ISPs would be required to regiser authorised mail servers with the RIR(being it via some kind of whois, or using a DNSBL or rather DNS allow list) Obviously the mail servers should use authentication etc.

this doesn't require anything new technically, and servers listed would be a little more trusted. Administrators/users would than have the option to accept mail from anywhere, or accept only those "trusted"

miss use of the mail servers would then remove them from this list

ok 1 question to be answered, who defines what is misuse??!

dejV

Is it really Spam?

I don't know about you guys, but I don't get a lot of spam, I get a lot of offers from people who "got my email address from one of their partners or affiliates". What I propose is "Who". Force mass-mailers to tell me who they got my email address from, so I can go to them & tell them QUIT SELLING MY FXXCKING NAME! And if they got my name from someone else, who? So on, and so on, and so on...

Re:This is a total dead end. -Not necessarily

[Grayputer]

Most of the open relays are 'config errors', not intentional (mistakes or easier to 'open world' then 'open what I need'). A spammer is unlikely to open a relay for his competition to use.

The ability to block dynamic IP blocks exist today, most ISPs will not provide the blocking services the dynamic ranges, THIS may be, as you say, 'plausable deniability'. The ISPs claim they 'choose not to restrict their customers' (Yeah, have you READ a cable End User Service Agreement (EUSA) or even a dial-up ISP EUSA).

Re:This is a total dead end. -Not necessarily

[gfim]

boycott may be

That's exactly what is proposed in Tripoli. A boycott of relays that don't use the Tripoli protocols. However, the boycott is (potentially) by the end user mail recipient. Any recipient is allowed to run their own relay and accept any message that they like - SMTP or Tripoli protocols. However, if the large majority of users (including ISPs) only accept the new, authenticated protocols, the number of spams received will drop dramatically and there will be no incentive to be a spammer.

Graham

Re:This is a total dead end. -Not necessarily

[Grayputer]

I understand. BUT Tripoli, as I understand it, implies I boycott everyone that does not use Tripoli, I.E. I do not talk to people that do not update their mail servers. My point is that people do NOT update their mail servers and cuttng myself off from 90% of the net is not likely to work (I'd like to get the mail my bank, my doctor, my office, send me as ignoring it COULD be bad).

A boycott scheme that does NOT require people to change mailers (RBL type lists) works better as my doctor, bank and office do not have to update to Tripoli and are not likely (I hope) to make it to an RBL list. They make NO changes, I still get mail, I still get to boycott the 'bad guys'. A better more workable solution (IMHO) than forcing people to change mailers.

Problem is open relays and dynamic IPs make the list a rotating door of addresses and it becomes an arms race, spammers use the address before it gets listed, change addresses once it does, and play catch me if you can. This doesn't change with Tripoli, they install Tripoli, you get spam from that address, you block, they change addresses/installs (if you want global mail, you need a default permit on receiving mail from 'new' Tripoli installs). The only win is really open relays, once you list it all gets blocked, gee same as an RBL. Oh, OK instead of JUST changing IP addresses as in the current arms race, they need to reinstall Tripoli somewhere else, possibly under a different name. I'm afraid I do not see much advantage.