[Techtalk] bogus bounces--WTF?

[Rudy Zijlstra]

Maria McKinley wrote:
> Miriam English wrote:
>   
>> Hi Carla,
>>
>> That's an interesting point. I've always been infuriated at the loads of 
>> spam I've always got (especially from Russia). Lately it is more than 
>> just an annoyance as I've noticed some of my emails getting trashed by 
>> people's less-than-intelligent spam filters, and I've missed some 
>> legitimate emails sent to me because due to unfortunate subject line 
>> choice. Even worse, my domain name has been banned by some sites because 
>> some bastard spammers have been forging my address in their headers.
>>
>> I have thought of a simple way to eliminate this stupid arms race that 
>> is slowly wrecking email's viability. Trouble is nobody I've approached 
>> wants to know about it... which is weird. I wonder if anybody here knows 
>> who it could be put to?
>>
>> All I want is for email to work easily again. The current obsession with 
>> bolting on ever more complex rules to spam filters doesn't work. Banning 
>> sites doesn't work. And the various pay-per-email "solutions" just suck 
>> because not only would honest people have to cough up because of crooks, 
>> but it wouldn't stop spam anyway.
>>
>> The solution seems to me to be surprisingly simple. All that is needed 
>> is for email not to be passed on to the receiver until the return 
>> address is checked, similar to how normal http error checking is 
>> currently done every time we access a web page. If the receiver machine, 
>> on checking with the sender machine finds the address is valid and has a 
>> record of having sent the email in question then the recipient gets the 
>> email. If not then the header is forged and the email is deleted and 
>> never bothers the recipient. Spammers would be reduced to using genuine, 
>> unforged addresses, because forged sending addresses would simply never 
>> get through. Places that have laws against spam would land them in jail. 
>> Spammers in other places would simply render their addresses ineffective 
>> because it is too darned easy to block a genuine address that sends lots 
>> of spam.
>>
>> The genuine servers would not have to hold on to the whole email, just a 
>> checksum and perhaps date and/or subject. And only until it is verified 
>> or some maximum time (maybe a couple of months) had elapsed. It doesn't 
>> need to hold any identifying information, so it doesn't compromise 
>> privacy. All that is checked is that the email's from address is genuine.
>>
>> Since the very early days of the ARPANET email has hardly altered. The 
>> system of attachments is terrible. It bloats email by expanding binary 
>> to 7-bit encoding in a day when 8-bit communications are normal. And 
>> because of the old naive trust we used to have, spam filters are 
>> inefficiently bolted on, faced with the impossible task of deducing 
>> genuine from fake email.
>>
>> Email seriously needs to move into the 21st century. The current 
>> outmoded form is gradually becoming more and more damaged by misuse.
>>
>> Anybody know who could affect this? They are welcome to present it to 
>> anybody they wish with my blessing. Or if they want, I would be 
>> delighted to put these and more arguments for the case.
>>
>> Best wishes,
>>
>> 	- Miriam
>>
>>     
Hi Miriam,

Besides technical problems stated already by others there is a more 
serious reason why i would not support this scheme.

This scheme above is based on the premise that everybody can email with 
no need for anonymity.  In most cases this will be true when you are 
living in the western world. Even there though, you may have good 
reasons to want anonymity (consider whistle blowers, who often end up in 
deep trouble when doing it publicly).

More serious though, is the situation in countries like China, where 
this may lead to prison sentences or worse.

The problem with you scheme is that it makes anonymous email impossible.


Cheers,


Rudy