Permanently Fixing the Spam Problem

Posted on by

I have an idea of how to permanently fix (or severely curtail) the problem of e-mail spam. You won’t like it, but I think it will work.

The solution is a combination of authenticated server-to-server communication and authenticated client-to-server communication. Thoughts? Leave ‘em in the comments!

  • Each server that intends to send mail to another server must be signed via a certificate authority. This is already done with SSL certificates and the like, so a similar system could be set up very quickly. The signature system should be set up to require more intense verification of “entity existence” than domain registration for approval of application. The approval process should be artificially slow (24-48 hour) and require as much manual processing as is feasible, in order to thwart any bots and fly-by-nights. This way, even if spammers get signatures, it’s easy to track who the signature goes to. Additionally, if spam is seen as coming from a specific source, the certificate can be revoked, ending the entire source of spam. Of course, this adds network overhead because of having to check the CA for each message, but the really smart network programmers can find ways of caching this information locally so checks don’t have to happen too frequently (i.e. cache a certificate for 24 hours.)
  • Each user who intends to send mail to a recipient must send their message using a client application that authenticates against a mail server to which that user has sending authority. This will prevent client programs from bypassing server certification. No client will ever be authorized to send mail directly to the recipient’s server.
  • A server will only allow mail to be delivered to a mail box under one circumstance
    • If the incoming message came from another signed server. (Messages sent to the same server from which the originate is not a problem, the user sending the message is already authenticated.)
  • There are some caveats to deal with in the details. These include:
    • Webmail services: how to deal with bots creating accounts quickly and sending crap through those services. Those can be fixed through better CAPTCHA systems.
    • Man-In-The-Middle and other spoofing tactics.

2 thoughts on “Permanently Fixing the Spam Problem

  1. I think that is a great idea, but it seems a bit hard to implement.
    Caching the certificates works in theory, but does it in practice?
    I suppose it would work in the same way as SSL encrypting websites, where the browser caches the certificate of the website.

  2. Good question. I don’t know how that would work in reality. That’s why there are other people out there smarter than me! But everything starts from an idea, I guess.