[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

spam-- a technological solution/proposal




for a long time conversation here has covered the possibility of 
"certificates" especially the cryptography and algorithms behind
them. also, spam is a frequent topic. in fact I think the term
"spam" was used on this mailing list almost before anywhere else.

at the heart, spam is a fascinating question. the internet has
been designed to survive a nuclear war through its decentralization,
i.e. a threat from without. but what about a "threat from within"
such that your own nodes can be corrupted? this is the case with
spammers. it's an extremely difficult question to solve, and involves
concepts like a body, "immune system", cancer, etc.

after thinking about it for many moons, here is an interesting idea that I 
think could work on "spam prevention" using certificates. it's 
somewhat decentralized and has other nice "cyberspace friendly" features.

a "spam-free certifying agency" is started. this is essentially
a web site that allows people to download "spam-free certification".
it parcels out new digital signatures to anybody who asks.

the system works simply as follows: a person is spam-free until 
"the net" complains otherwise. the agency decides what threshold
of complaints constitutes a loss of "spam-free certification". 
when it revokes a certificate, it sends out the revocation to
the net.

you'd need something like the DNS system today to carry all the
spam-free certificates in a distributed fashion. everyone who
reads their mail can have automated checkers that throw out 
mail from non "spam-free" certified emailers.  this system requires
people to put their spam-free certificates in their mail.

the idea is that spammers could get intially certificates, but that 
complaints would be so numerous and so immediate that they couldn't get out 
that many letters before they lost their certification due to everyone
immediately complaining.

another interesting approach would be for internet providers not to allow
too many mails to be sent after a new spam-free certification of a 
new email address. that is, tie in the email addresses themselves to
the spam-prevention system.

interestingly many of these ideas are similar to the credit-reporting
agency techniques. you can get credit after you get a credit history.
the more history, the more credit. perhaps a system that limited the
amount of mail a person could send based on a "spam free history" 
could work well.

I think you could have a system that had multiple spam-free
certification agencies. you could have standards that try to juggle
among multiple agencies and certificate schemes. a variety of schemes
is better than none.

of course, all the usual caveats apply here. it's patently obvious
this system could be misused and manipulated. however I believe it's
the most promising route of anything that's been tried. I personally
think legislative/litigation solutions are a waste of time and potentially
harmful. if anyone would like to help develop this, please send me
email.