[Techtalk] bogus bounces--WTF?

Miriam English mim at miriam-english.org
Tue Oct 14 07:12:07 UTC 2008 

Hi Carla,

That's an interesting point. I've always been infuriated at the loads of 
spam I've always got (especially from Russia). Lately it is more than 
just an annoyance as I've noticed some of my emails getting trashed by 
people's less-than-intelligent spam filters, and I've missed some 
legitimate emails sent to me because due to unfortunate subject line 
choice. Even worse, my domain name has been banned by some sites because 
some bastard spammers have been forging my address in their headers.

I have thought of a simple way to eliminate this stupid arms race that 
is slowly wrecking email's viability. Trouble is nobody I've approached 
wants to know about it... which is weird. I wonder if anybody here knows 
who it could be put to?

All I want is for email to work easily again. The current obsession with 
bolting on ever more complex rules to spam filters doesn't work. Banning 
sites doesn't work. And the various pay-per-email "solutions" just suck 
because not only would honest people have to cough up because of crooks, 
but it wouldn't stop spam anyway.

The solution seems to me to be surprisingly simple. All that is needed 
is for email not to be passed on to the receiver until the return 
address is checked, similar to how normal http error checking is 
currently done every time we access a web page. If the receiver machine, 
on checking with the sender machine finds the address is valid and has a 
record of having sent the email in question then the recipient gets the 
email. If not then the header is forged and the email is deleted and 
never bothers the recipient. Spammers would be reduced to using genuine, 
unforged addresses, because forged sending addresses would simply never 
get through. Places that have laws against spam would land them in jail. 
Spammers in other places would simply render their addresses ineffective 
because it is too darned easy to block a genuine address that sends lots 
of spam.

The genuine servers would not have to hold on to the whole email, just a 
checksum and perhaps date and/or subject. And only until it is verified 
or some maximum time (maybe a couple of months) had elapsed. It doesn't 
need to hold any identifying information, so it doesn't compromise 
privacy. All that is checked is that the email's from address is genuine.

Since the very early days of the ARPANET email has hardly altered. The 
system of attachments is terrible. It bloats email by expanding binary 
to 7-bit encoding in a day when 8-bit communications are normal. And 
because of the old naive trust we used to have, spam filters are 
inefficiently bolted on, faced with the impossible task of deducing 
genuine from fake email.

Email seriously needs to move into the 21st century. The current 
outmoded form is gradually becoming more and more damaged by misuse.

Anybody know who could affect this? They are welcome to present it to 
anybody they wish with my blessing. Or if they want, I would be 
delighted to put these and more arguments for the case.

Best wishes,

	- Miriam

Carla Schroder wrote:
> What's with all the skillions of bogus email delivery failures I'm seeing 
> lately? All from .ru domains. Are they spams, and this is supposed to make me 
> curious and read them, and then lose my mind and buy stuff? Most of them are 
> unreadable anyway, they're either in bad HTML that doesn't render, or 
> Cyrillic characters.
> 
> Carla

-- 
My time wasn't completely wasted last year.
I went on a 940 million kilometer journey.
-----
Website: http://miriam-english.org
Blog: http://miriam_e.livejournal.com

More information about the Techtalk mailing list