[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
technical spam prevention
the problem of spam prevention has concerned me for a long time.
the Internet was designed to withstand a nuclear attack-- yet
it is incredibly vulnerable to spam. the initial assumption
was that all nodes on the network are friend, not foe, i.e.
trusted. this concept is breaking down as the net scales massively.
some people warned long ago that spam would become an increasing
problem on the net as it scaled, and that the technical visionaries would
wise to try to cooperate and come up with approaches. such a
point of view is not popular on this list, which is not really
big on collaboration (despite that some of the greatest successes
and fame have come from it, such as via the code cracking
ring). but increasingly events are forcing people to come together
to come up with solutions.
there are many promising approaches to spam prevention. the one
I like is a system whereby the receiver can specify how much
money it costs to receive an email from anyone. the mail is
rejected if it doesn't contain this fee. different people
can configure their incoming mail different. Gates may charge,
say, $1000. joe schmoe would charge, say, $1. an interesting
part of this model is that if someone you like sends you mail,
including the fee, there is nothing to prevent you from reimbursing
them in a return message (or paying their own fee with the money
they supply). such a system would be a very powerful spam
prevention system. (due credit goes to TCM for being one of the
first for advocating this.)
however, I would like to suggest that spam prevention is a great
test for a *reputation*system*, something we have talked about
a long time here but found it very difficult to implement. the
reputation system would rate people based on their lack of email
complaints, and allow queries that could screen email based on
poor ratings. such a system would not immediately block spam,
but it could be implemented in a way such that spam becomes far
less powerful.
there are two problems with spam that any designer has to confront.
there are some internet providers who do not want their users to spam.
if they inserted a few header into the outgoing mail such as the
following, it would allow excellent screening heuristics:
1. total bytes sent through this email address.
2. total age of this account in days.
the sender is free to calculate the ratio if it prefers, or use
various heuristics on the straight values themselves.
now, I consider this pretty easy. the more difficult problem is
that there are some IPs that do not wish to ban spammers-- they
may be making a business out of it. a reputation system that
weeds out these sites may be buildable-- but it's the most
difficult problem.
I think a lot of fame and glory will go to someone who invents
effective spam prevention mechanisms-- increasingly I think the
future of cyberspace depends on solving this very difficult
and seemingly intractable problem.
(if anyone can point me to a mailing list that focuses on technical
spam prevention, I'd appreciate it.)