06.24
I do not know how much of the current email traffic is spam but from what I can gather it is between 96% and 99%, depending on who you ask. Also the email system is a mess, and really needs to be redesigned from scratch – it was never meant to do what it is doing. So here is my method of fixing the problem.
The first issue is rip and replace. It’s not possible to simply remove the current email system and stick something else in its place, the upheaval and requirement of every single email client and server needing to be reprogrammed and reinstalled is immense. Any replacement would have to be dual-role so that the current system could be eventually retired.
The roll-out plan would be to replace the servers first, initially with dual-use (that is, they ping the target to see if it is also a ‘new’ server before deciding to send new or old style emails). They would also allow old style clients to connect, even though they would not be able to take advantage of the newer (and more sane) features, as the receiving server would change the format of the message on arrival so the current range of software – from webforms to mobile phones – would still work.
For the server, the basic crux of the idea is for it to send a token, rather than an actual message. Then (and only then), when you view your inbox and view your message, will it be requested from the source server. This solves several problems:
- The burden of storing the spam is on the sender, not the receiver.
- You can un-send email (but not after it has been read).
- If the offending server gets turned off, blacklisted or blocked everything it’s sent gets binned.
- You know that who sent the message is actually who sent the message – spoofing is near on impossible without some complicated MITM attacks.
- Messages can no longer just disappear (so no using that excuse anymore).
Next, only servers with a valid DNS record should be allowed to send – just an IP address? Tough luck. In my opinion if you can’t hold down an IP long enough to point a domain at it you really shouldn’t be running an email server from it.
Blacklists then will be operated automatically (and de-centralized like the current system e.g. Spamhaus), with various methods (bayesian etc) of detecting incoming spam, but also with user based filtering – a ‘report as spam’ button. Once a server drops below a certain signal-to-noise ratio it’ll go on the list and all its messages will effectively no longer exist.
The automatic part of the blacklist means that any blocks will be lifted after a certain duration (12 hours), with possible increments for repeat offenders. It should also be possible that, on blocking, the mail server should receive a message (and alert the postmaster) of what happened so he can take steps to deal with it, with the option of re-sending the tokens.
Anyone see any major problems with this?
I love your solution. I’ve been pressing for an end to FREE email. Forgive me if I just paste in my own writings here (using the supremely simple and superior “Ctrl-C/Ctrl-V” method
. Hope you won’t mind, but I don’t wanna retype it all. But I like YOUR idea even better.
It’s time for an end to “free” email.
“Free” email has resulted in the deluge of Spam that currently clogs our inboxes. 99% of email that I get is just plain trash.
Once your name is on a spam list, it’s on it forever. And if you’ve EVER typed your email addres into ANYTHING on the internet, then your name is probably on several lists already. You will NEVER stop getting spam – ever. These lists are sold and resold a hundred times a month.
Charging to SEND each email would immediately stop a lot of this because spam email lists are typically lists of MILLIONS of email addresses, which the buyer knows will contain a LOT (probably 90% or more) of dead addresses.
But email is free! It costs them nothing to send to those three million “dead” email addresses in order to reach the few hundred thousand in the list that are probably good. Charging to send each email would immediately make those huge “mega-lists” obsolete as spammers would then have to trim those lists down to size and to bring the mailing costs to within reason – an impossible task!
If an email incurs cost (almost any cost at all – just a penny) then suddenly every single email address in their lists carries the weight of an asset or a liability – a value that they then have to justify in order to sell the list.
Spammers know that their email barrage is going to net them about a one tenth of one percent success rate. They know that with a list of six million email addresses, they are likly to only see 1/10th of 1%, or 6000 replies. It’s worth it to them, though, because it costs them nothing to hit the other 5,994,000 in the processes in pursuing their 6000 good hits.
Suppose an email cost a penny to send. Suddenly, spamming with a 6 million email address database becomes a matter of spending six millions pennies ($60,000) in order to reach one tenth of one percent of valid addresses the list contains (6,000, or $60 worth of email). $60,000 to send email that should only cost $60.
Charging for email brings market forces to bear on spammers. Market forces are the ONLY regulation on junk mail right now, and you do not flip open the lid on your mailbox and find 99 envelopes full of garbage and 1 letter you actually want – EVERY SINGLE DAY. Junk mail costs money to produce and to mail. And because of that, it is self regulating. When the return fails to cover the cost, it stops. Plain and simple.
For those complaining that it’s unconstitutional, or unfair to do this, or whatever other silly liberal socialist reason, I propose two separate systems – the constitutional “free” system that we have already, and a commercial, opt-in system for those of us willing to pay for email services.
I propose that the two systems coexist, but that each be optional. Thus, if you do not want to pay to send me an email, you don’t have to – you can send to my “free email” address. But unless I think to check that email address, I won’t see your email. And lets face it, if you can’t be bothered to spend a penny to send me an email, I probably don’t want it anyway.
This is entirely possible RIGHT NOW. The difficulty is in waiting for some clear market leader to emerge. Right now, we are all like the people waiting to buy a video recorder until we see how the Beta/VHS war pans out.
If there were a recognizable, central, mailing authority who gauranteed charges would be charged and collected, and mail delivered, I’d sign up immediately and pay a penny an email, so long as the payment methods can be made relatively easily. That means, credit card over the internet, or stop by the “post office” to buy electronic stamps.
The USPS Seems a perfect candidate for this, if you ask me. Just covering mail to and from domestic United States destinations, and let them figure out how to handle an international exchange/forwarding system. Cause, let’s face it. If you cannot be bothered to live in a country that I’d actually care to get email from, then I prolly don’t want it in the first place. (Tongue-in-cheeck
But really, What good reason is there for some bank manager in Nigeria or Ivory Coast to contact me? Zero!
Just reliably handle domestic email, and I’d sign up for that alone.
Wouldn’t this make accessing email slower and less reliable.
Thomas B said…
Hello again everybody. First of all, you people are the noobish fanboys who I ranted about on my blog. It is you people who need to get a life!
I agree with you people that a lot of Linux users can be immature, but this site is the HOME OF IMMATURE NOOBS. We need to get lives eh? At least us “freetards” don’t spend all day attacking an operating system that’s much better than Winblows made by Microshit.
You hypocrites make me so fucking angry!
Us “freetards” aren’t giving our money to companies that don’t give a fuck about their customers, like Microsoft and Adobe and more!
Actually, this is getting so fucking annoying, this constant bashing of an OS that is years ahead of Windows! Microsoft is finally making something good, because we all know that every operating since Windows 95 hasn’t had a new feature added.
Microsoft, I used to like, I used to defend. But they have gotten so fucking stupid, I just had to switch. They didn’t care about me, or any of their other customers. At least in the “freetard community,” we’re actually paid attention to.
http://mpscripts.dunsoft.org/blog/
August 8, 2009 5:25 PM
The only issue I can see is if the host goes, so do all the messages. That’s fine if the host masquerades as the king of Nigeria or the inventor of a new Viagra replacement, but if it contained some legitimate data then it could be a problem. After all, there’s no telling when the first request to download a message will actually be made relative to the date it was sent; I’ve let a couple messages sit for a week before reading them in my time.
I like the idea of constraining email hosts to those with valid DNS records though.
As for the guy who wanted to charge for email, I’m thinking it might be a better balance between the two evils if ISPs charged on number of bytes transfered rather than number of messages.
Consider: if I send a hundred one-word messages around, they’ll charge me the same amount as if I sent a hundred uncompressed copies of the latest blockbuster movie. This would be less of a burden to the average user, but would have the downside of being less of a burden to the spammers as well. This is just for the sake of discussion; I’m not even sure if I would support it seeing as how very little spamm has made its way into my inbox and I’ve gotten only one false positive blocked this year. But hey, that’s just me.
Storing the e-mail on a server before having them delivered solves nothing. It is not more difficult to set up a server to deliver e-mail on request than it is to actually send the e-mail in the first place. In fact, it might make it easier to send out bulk e-mail. You can send out more UBE per unit of bandwidth if you have to only deliver a “token”, just having to deliver the actual message body to those, where the message goes far enough to actually be opened in their e-mail client.
It would also make using e-mail more slow, assuming that the e-mail client didn’t pre-load all the e-mail sent to it. (Which would negate the advantage.) In fact, clients would probably start doing that in order to perform content-based filtering once this system is in fact also abused by spammers, and you’d be back at square one.
This also opens for a new kind of “joe job / DDoS” attack. Consider: a malicous entity begins to send out tokens for legitimate newletters to some random spamlist. Legitimate newsletter sender gets inundated with extra server load for delivering the messages they never sent, and with complaints of sending UBE.
Finally, with regards to a centralized “report spam” system, this could also very easilly be abused. (Don’t like somebody? Just use your botnet to report them as a spammer, and violà, all the e-mails they sent disappear from the world.)
Your system would just cost a lot of time and money to implement, and wouldn’t solve anything. Better luck next time.
Making email cost money won’t solve the problem. Spammers today already use infected pc’s (botnets)to send out spam, so what stops them from using the computer user’s mail software/account?