On 12/01/2010 02:13 PM, Martin Gregorie wrote:
On Wed, 2010-12-01 at 07:27 -0800, Marc Perkel wrote:
I've been thinking about what it would take to actually eliminate spam
or reduce it to less than 10% of what it is now. One of the problems is
the SMTP protocol itself. And a big problem with that is that mail
servers talk to each other using the same protocol as users use to talk
to servers.
I don't think that would help at all. Bots would just pretend to be mail
servers and use SMTP. Any other form of spam could be circumvented by
setting up spammer-owned MTAs that spammers would use to inject spam.
IMO the best solution would have been a charge per e-mail provided it
was universally enforced. A small charge, e.g. $0.001 to $0.01 per
addressee per message would be almost unnoticable to a normal user or
business while still being enough to discourage volume spammers by
wiping out their profits. Another benefit would be that the bill
received by a bot-infected user would serve as a powerful wake-up call
to get disinfected.
Much simpler is to have a per user whitelist.
There are a few projects for this and even SA can be used to do it.
The problem is that the spam problem is thrown at the user rather than
the admin.
There is no need to an extra RFC for this.
The server returns a 5xx/4xx error for non-whitelisted mails.
For the lazy ones, managing the whitelist from the mail client is very
important.
Even a period of transition can be easily setup.
a - the users are aware of the change and how to manage this.
b - users start to setup their whitelists (specially for maillists).
c - post spam filtered messages are automatically replied about the need
- if not already in the whitelist.
this would let the known sender to poke the lazy contact.
d - whitelist in effect returning a 5[4]xx error with some explaniation
message.
Then we got the point on how to know the addresses to whitelist it in
the first place (first contacts).
A first time sender could have its message reformated in a way to let
the user know about it and white/blacklist (e.g. links to the admin site
- GUI action).
Somewhat like an IM works (or should).
-rsd
