Solved

Spam Control, why is it so hard

Posted on 2004-09-10
4
306 Views
Last Modified: 2006-11-17
Spam Control, why is it so hard ?  

It seems easy to me if you assume that spammers take down their email server.  Require that every email provider sign the message with their IP or name.  Also reqire it is send in an incripted form and requires a password ( or key)  to decript it.

When the user goes to his client software ( Mozilla, Outlook etc) and clicks on "check for spam", the software goes back to the original  provider of the email that was proviced in the email and requests the password ( or key)  to decript it.   Now just have the new versions of email servers out there refuse to forward mail that is in the encripted anti spam format.  

They could use a form of PKI if they wanted,   There are likely one hundred ways to do this.    

There are things out there for Linux that will fire back an email to the sender saying "did you send this"  That is another way to control spam.   Can it be that hard to control ?  I think I must be very nieve about spam.  If a user does not have a ID ( IP or name) just do not forward his emails from email server to the next and do not have the client software accept the message.  Spam too much, loose you ID.

 
0
Comment
Question by:TIMFOX123
  • 2
4 Comments
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 150 total points
Comment Utility
I'm afraid that you don't understand the complexity of the problem.

1) HOW does the E-Mail provider "sign the message"? That is, what *specific* technology is used? Remember, that technology must be deployable across the dozens of platforms in use across the 'Net, and by the scores, if not hundreds, of MTA (Mail Transfer Agent) softwares out there (not everyone is stupid enough to use Exchange as an SMTP server).

2) What encryption technology is used, how are keys distributed to the millions of legitimate MTAs, how do you get around the encryption-restriction laws in various countries, and how do yo prevent spammers for masquerading a legitimate humans long enough to get some keys?

3) OK, so now someone has an E-Mail. How do they "click" on something in, say, Pine? Elm? *NIX mail? Da Vinci E-Mail? Who is going to write the necessary code for every one of the thousands of mail readers and their versions in user across the Internet? You specifically talk about how the user "clicks" on something - what it they read mail using a character interface, not a GUI? What if they are offline (uses POP to get their E-mail and now disconnected) - people who are on metered connections, especially ones with high initial connect costs, are going to get eaten alive authenticating each individual E-Mail thru each individual service provider.

We've already seen spammers, within weeks of its introduction, using SPF to send SPAM E-Mail. There is no technological solution to this - at best, technology can only stem the tide. We have to attack the *money*, the incentive for spammers to spam. Until that's done, these low-lifes will continue.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 150 total points
Comment Utility
The reason that spam is very hard to control is due to the nature of SMTP.

SMTP is a very open protocol - by its nature it will accept email from any server or any machine. Even spam controls such as those that AOL use still require the connection to be made, which AOL then rejected.
There are lots of SMTP servers and engines so any technology used needs to work with every SMTP application.

As so many companies have now decided that email is THE most business critical application, no one will make the first move that could cut spam overnight. It would only take 1 lost email from the company's biggest customer who haven't implemented the latest spam fighting trick and the demand will come from the boss that the system be turned off.

As for your idea of asking "did you send this" this is pretty much whitelisting. That idea doesn't really work. During most of the recent virus attacks up to 40% or more of the email messages being sent were actually AV messages saying "you sent us a virus" which were sent to people who hadn't sent the virus. This is despite the industry message of turning that feature of. If mail administrators cannot manage false posititve messages, or keep up with what is going on in the industry enough to know to turn this off, how will any kind new technology be implemented. Do you think MS (for example) are going to develop support for this new technology for Exchange 5.5 or older? There are lots of those servers still in use.

The other major problem with spam is the rate of return.
It costs a spammer a very small amount of money to send the messages and thus requires a very low rate of return - I believe less than 0.1% to make it worth while.

Spam is here to stay for at least the next couple of years, and all the time there are network administrators who either don't care or don't know what goes through their networks then spam will remain a problem.

Simon.
0
 

Author Comment

by:TIMFOX123
Comment Utility
Sendmail is free and someone needs to "invent" an identification gateway that everybody whould have to use.  It would put the ID on the message on the way out and not accept anything that did not have an ID.  It would also verify the ID and verify that it sent emails to other ID servers.   In time this "ID protocall" could be incorperated into all email so the ID box would go away.   I guess it is like IPV6, a great idea that is coming but never seems to get here.

0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Yes, sendmail is free. Lotsa people don't use it (I happen to, in one location, but another is a mix of sendmail and GroupWise). You can't force anyone to use it. Whatever solution comes about must support a wide variety of platforms and MTA. If  E-Mail client support is added, it becomes immeasurably more complex.

The problem is not invention of the necessary technology so much as *adoption*. Getting diverse groups with different, sometimes competing interests, to agree on the solution. And all it takes is one major player that hates independent standards and open software - like M$ does - and the game is over.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

I didn’t use eM Client for long when I decided to swap to Outlook 2016. The reason for the switch is that it started asking for payment to continue some of its services after one month.   The problems I faced when I didn’t pay were:   I was not …
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
The purpose of this video is to demonstrate how to set up a Mailchimp campaign. This will include styling and adding elements to a newsletter/email. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchim…
The purpose of this video is to demonstrate how to use PicMonkey software to customize images for a Mailchimp campaign. Picmonkey is free and simple online software which can be used by users who don’t have robust editing software such as Photoshop,…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now