Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 337
  • Last Modified:

Spam Control, why is it so hard

Spam Control, why is it so hard ?  

It seems easy to me if you assume that spammers take down their email server.  Require that every email provider sign the message with their IP or name.  Also reqire it is send in an incripted form and requires a password ( or key)  to decript it.

When the user goes to his client software ( Mozilla, Outlook etc) and clicks on "check for spam", the software goes back to the original  provider of the email that was proviced in the email and requests the password ( or key)  to decript it.   Now just have the new versions of email servers out there refuse to forward mail that is in the encripted anti spam format.  

They could use a form of PKI if they wanted,   There are likely one hundred ways to do this.    

There are things out there for Linux that will fire back an email to the sender saying "did you send this"  That is another way to control spam.   Can it be that hard to control ?  I think I must be very nieve about spam.  If a user does not have a ID ( IP or name) just do not forward his emails from email server to the next and do not have the client software accept the message.  Spam too much, loose you ID.

  • 2
2 Solutions
I'm afraid that you don't understand the complexity of the problem.

1) HOW does the E-Mail provider "sign the message"? That is, what *specific* technology is used? Remember, that technology must be deployable across the dozens of platforms in use across the 'Net, and by the scores, if not hundreds, of MTA (Mail Transfer Agent) softwares out there (not everyone is stupid enough to use Exchange as an SMTP server).

2) What encryption technology is used, how are keys distributed to the millions of legitimate MTAs, how do you get around the encryption-restriction laws in various countries, and how do yo prevent spammers for masquerading a legitimate humans long enough to get some keys?

3) OK, so now someone has an E-Mail. How do they "click" on something in, say, Pine? Elm? *NIX mail? Da Vinci E-Mail? Who is going to write the necessary code for every one of the thousands of mail readers and their versions in user across the Internet? You specifically talk about how the user "clicks" on something - what it they read mail using a character interface, not a GUI? What if they are offline (uses POP to get their E-mail and now disconnected) - people who are on metered connections, especially ones with high initial connect costs, are going to get eaten alive authenticating each individual E-Mail thru each individual service provider.

We've already seen spammers, within weeks of its introduction, using SPF to send SPAM E-Mail. There is no technological solution to this - at best, technology can only stem the tide. We have to attack the *money*, the incentive for spammers to spam. Until that's done, these low-lifes will continue.
The reason that spam is very hard to control is due to the nature of SMTP.

SMTP is a very open protocol - by its nature it will accept email from any server or any machine. Even spam controls such as those that AOL use still require the connection to be made, which AOL then rejected.
There are lots of SMTP servers and engines so any technology used needs to work with every SMTP application.

As so many companies have now decided that email is THE most business critical application, no one will make the first move that could cut spam overnight. It would only take 1 lost email from the company's biggest customer who haven't implemented the latest spam fighting trick and the demand will come from the boss that the system be turned off.

As for your idea of asking "did you send this" this is pretty much whitelisting. That idea doesn't really work. During most of the recent virus attacks up to 40% or more of the email messages being sent were actually AV messages saying "you sent us a virus" which were sent to people who hadn't sent the virus. This is despite the industry message of turning that feature of. If mail administrators cannot manage false posititve messages, or keep up with what is going on in the industry enough to know to turn this off, how will any kind new technology be implemented. Do you think MS (for example) are going to develop support for this new technology for Exchange 5.5 or older? There are lots of those servers still in use.

The other major problem with spam is the rate of return.
It costs a spammer a very small amount of money to send the messages and thus requires a very low rate of return - I believe less than 0.1% to make it worth while.

Spam is here to stay for at least the next couple of years, and all the time there are network administrators who either don't care or don't know what goes through their networks then spam will remain a problem.

TIMFOX123Author Commented:
Sendmail is free and someone needs to "invent" an identification gateway that everybody whould have to use.  It would put the ID on the message on the way out and not accept anything that did not have an ID.  It would also verify the ID and verify that it sent emails to other ID servers.   In time this "ID protocall" could be incorperated into all email so the ID box would go away.   I guess it is like IPV6, a great idea that is coming but never seems to get here.

Yes, sendmail is free. Lotsa people don't use it (I happen to, in one location, but another is a mix of sendmail and GroupWise). You can't force anyone to use it. Whatever solution comes about must support a wide variety of platforms and MTA. If  E-Mail client support is added, it becomes immeasurably more complex.

The problem is not invention of the necessary technology so much as *adoption*. Getting diverse groups with different, sometimes competing interests, to agree on the solution. And all it takes is one major player that hates independent standards and open software - like M$ does - and the game is over.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now