Spam at 4x, this and more spam stuff at Love Spam

Every once and a while I find myself trying to solve an age old problem, this one has, I’m sure, been the focus of perhaps thousands of specialists in silicon valley since the early days. I’m talking about Spam. My last email is an example of how much time I spend wondering who, how, and why spam is moving back and forth in our synthetic system. We’ll right before going to bed last night I read a quote in the March issue of Wired magazine from Bill Gates:

Two years from now, spam will be solved.’

…He was quoted saying that two years ago. (Jumping the gun on problems before they are actually solved reminds me of another quagmire, and let’s not even go there for the sake of a focused ramble) It’s now 2006 and still spam in our boxes seems to be multiplying minute by minute. Of course the first thing to pop into my head in the A.M. was this half-baked solution:

Have all your email sent with a ceritificate of authenicity that can be verified instantly by a receiveing mail server and if needed reverified a second time… 1.) you send 1 email, along with that email you send a *note* to your server saying, “hey, I’m sending this email to so and so, if his/her recieving mail server asked you if it was really me who sent it, tell them yes.” So your sending-mail server sends the email and holds on to your *note*. A few seconds later the recieving-mail servers gets your email and asks your sending mail server if this infact was sent from you, ie. “Did so-and-so leave you a *note* about having sendt this email to a mailbox over here?”. Your sending-mail server checks up an down the list of *notes* to see if yes in deed it had been notified regarding this email. Voila! email is forwarded. Seems too simple right? You might also be able to double-check the notes via time stamp, if the stamp is off byan hour then a re-notification is need, and so the email is held up in a qeue until your sending-mail server can actually contact you asking if you sent it. Some delays yes, but worth it.

So instead of the opposite model where the recieving-mail server holds on to your email and ask the sender if in fact this is really mail from you, why can they recieving-mail server as the sender if infact the email was sent to them? Currently, I know that now some recieving-mail servers check the sending-mail servers to verify if the email address of the sender atually exist, but that’s as far as it goes.

This would ATLEAST prevent spoofing, but what if the sender’s note is real but the sending-mail server isn’t legit? ugg, -A conundrum. (Wiki: Sender Policy Framework (SPF) has poven to be useless.)

This entry was posted on Thursday, April 13th, 2006 at 7:41 am and is filed under Internet Culture. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.