Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

The Case for Rebuilding The Internet From Scratch 443

dotnothing writes "I just caught a column on a security site advocating for a total start from scratch as far as certain internet protocols like SMTP. It's an interesting idea and there are some ideas on how to conduct the transition... if everyone would agree on something like this it would definitely reduce the spam (among other things)."
This discussion has been archived. No new comments can be posted.

The Case for Rebuilding The Internet From Scratch

Comments Filter:
  • Get real (Score:5, Insightful)

    by Ars-Fartsica ( 166957 ) on Monday April 21, 2003 @05:49PM (#5776174)
    We can't even roll out IPV6. Even Internet2 has some basis in existing standards.
    • Re:Get real (Score:3, Interesting)

      People should try to get a grip on reality. There is no way to rewrite standards such as SMTP from scratch. Perhaps for military use, maybe. For the general global network of networks though its going to be pretty darn impossible.

      Looking at other progressive moves to improve Internet technology is probably the best bet.

      • Re:Get real (Score:3, Informative)

        by Directrix1 ( 157787 )
        I find these changes interesting as proposals for the avoidance of spam. The way I always avoid spam is to have an smtp/pop3 server running on my computer (using Hermes) [alixoft.com], having MX records point to my dynamic dns address (using DirectUpdate) [directupdate.net], and then signing up to new services using a temp email address on my server until I know they are trustworthy and if they are changing my service email address to my permanent one, simple!! And it takes very little time to set up, because of the simplicity of the sof
    • Re:Get real (Score:5, Insightful)

      by Elwood P Dowd ( 16933 ) <judgmentalist@gmail.com> on Monday April 21, 2003 @06:12PM (#5776383) Journal
      Um. Internet2 has some basis in existing standards in that it uses all of those existing standards. It's just like the regular internet except that there's fewer people and more bandwidth.
    • Re:Get real (Score:3, Insightful)

      by jdhouse4 ( 14603 )
      Agreed. This is like trying to rewrite C++ just because the syntax isn't organized well enough. Most ivory tower type idea I've heard in awhile.
  • It's an interesting idea and there are some ideas on how to conduct the transition

    Dude, it's easy. You just download the source and: ./confugure
    make
    make install

    Works every time, er... unless you're missing some dependancies... but apparently Gentoo and the BSD portage system fixes the dependancy problem.
  • by TopShelf ( 92521 ) on Monday April 21, 2003 @05:50PM (#5776185) Homepage Journal
    "I asked a few people involved in solving the problems of e-mail what would be involved in fixing it. This put them in an awkward position of conflict; after all, spam-filtering vendors and other security companies make their living because these problems exist. "

    There are some very powerful entities that have a vested interest in keeping things they way they are today. I agree that many of these protocols are being used in ways and volumes never intended by their creators, and a redesign would be highly desirable. But with so many interests involved, how would such an endeavor ever get off the ground???

    • by Anonymous Coward on Monday April 21, 2003 @06:04PM (#5776313)
      Agree. Ain't gonna happen. The major isp's do a tremendous job keeping most of the spam out of our mailbox. For the few that slip through, there are various filtering programs like SpamAssassin that can help.

      For those interested in higher accuracy and more speed, you can write your own filtering program that analyzes the headers and responds to your unique name and email address.

      I just uploaded my version written in Borland Pascal running in DOS.

      My spam program filters valid messages at up to 3,000 msg/sec, detects spam messages and decodes base64 at 200 to 300 msg/sec, and has no false positives or false negatives.

      The nice thing is it is easy to update when spammers change their tactics. If you are interested in seeing how I do it, download the source file at

      http://www3.sympatico.ca/add.automation/misc/spa2e 921.zip [sympatico.ca]

      Best Regards,

      Mike Monett

      (Who tried to re-register but cannot get SlashDot to remember my name and password:)
    • There are always interests in keeping the status quo. No matter what change you propose, there's someone who's making money off the old way of doing things, and they will lobby with all their might to prevent it. That's just the way the world works.

      This is no reason to keep things the way they are. As the world changes, so must industry. Companies that become obsolete adapt or die. If you make software that filters spam and then spam is eliminated, tough cookies, find a new job.

      Something like this would g
      • by neitzsche ( 520188 ) on Monday April 21, 2003 @07:10PM (#5776863) Journal
        I agree. There were a couple slim areas in this article - the presumption that SPAMmers would not adapt was distressing.

        Reading this article, I recalled that the ones that probably would gain the most financially from an increase in spam would be spam filtering companies.

        Also, the idea of individuals having certificates was pretty funny. Good way to increase certificate sales without addressing the underlying SPAM problem at all.
        • by slamb ( 119285 )
          Also, the idea of individuals having certificates was pretty funny. Good way to increase certificate sales without addressing the underlying SPAM problem at all.

          I complete disagree with that:

          First, spam is not the only important problem with SMTP. There's also identity theft. I just finished reading this article [cnn.com] about email identity theft on CNN. When a technology problem hits CNN, you know it's not rare. If people expected email to be digitally signed, this would not have happened.

          Second, individual

    • by lseltzer ( 311306 ) on Monday April 21, 2003 @08:00PM (#5777213)
      I'm the author of the column under discussion. I hope I got my point across that whatever merit I see in this I doubt it could succeed in less than a long time.

      But I don't see the spam filtering and security companies as the main obstruction. I see millions of users and companies who would have to change applications as the real problem. Whatever the benefits, this would be highly disruptive. As others have pointed out, look at how long it's taken to get almost nowhere with IPv6.
      • by ajs ( 35943 ) <ajs AT ajs DOT com> on Monday April 21, 2003 @09:49PM (#5777844) Homepage Journal
        You're missing something that just about everyone who talks about "the limitations of SMTP" misses: SMTP isn't limited. SMTP has a standard mechanism [apache.org] for introducing extensions such as cryptographically certifying mail servers [ietf.org], and mechanisms already exist [faqs.org] to allow for fast, distributed key recovery and verification.

        Reading the RFCs is a very good start to understanding how to solve this sort of problem. Giving everyone on the Internet (or at least all of the SMTP-sources) an Identity and then actually attaching a record of trust to those identities would be a wonderful idea, and does NOT require replacing SMTP. In fact, if you do it very, very carefully, it probably doesn't even require writing any (or at least very little) new code.
      • by iabervon ( 1971 )
        The issue with IPv6 isn't so much adoption as that the thing is still partially being specified; it's the second-system effect on a large scale, but with no time constraints, so it will take a really long time to get done, but it will never fail. IPv6 has actually gotten widely adopted at the network infrastructure level. Most of your packets today probably go over IPv4 tunnels over IPv6 routers at some point getting across the internet. User adoption takes longer, but this is also due to there being IPv6 f
      • by zenyu ( 248067 )
        Whatever the benefits, this would be highly disruptive.

        Highly disruptive, expensive and undesired.

        Having a central authority for tying identity to e-mail not only concentrates power and points of failure, but also adds unneeded hasle and real dollar cost.

        What you really want is to charge hash cash. The hash cash means the reciever uses just a few cycles to generate a challange and the sender must expend many cycles to create the response. You could set this up so the first time someone sends you a messa
      • by cosyne ( 324176 )
        I see millions of users and companies who would have to change applications as the real problem.

        If the concern is that current mail clients won't support improved protocols, what's to stop someone from writing an 'email proxy server' which automagically sets itself to handle communications under whatever shiny new protocol (or better use of the old ones) we're talking about, and then sets the user's client to contact it at 127.0.0.1?
      • I'm the author of the column under discussion.

        So how do you see the idea of a parallel system? Without even touching current email systems, someone could implement an "e-squared-mail" system with postage costs, certificates, etc. Getting too much spam in your email inbox? Simply direct your friends and family to use e2mail to contact you. No gateways or entry-points needed; if you want to contact someone without an e2mail address, you can just load your email program and use that. While you're there,
  • my picks (Score:5, Funny)

    by Lord Ender ( 156273 ) on Monday April 21, 2003 @05:51PM (#5776189) Homepage
    IPv6, replacement for SMTP, Slashdot style moderation on USENET, default encryption on all data transfers, DHCP configures EVERYTHING (like mail server, news server, etc), and more naked women. That would be perfect.
    • Re:my picks (Score:3, Interesting)

      by Trinition ( 114758 )
      I recall a feature of DNS when Iwas researching SIP (session initiation protocol). It seems DNS has a way to list the default host names for particular protocols by using SRV records. For example, I could query DNS for the "sip.tcp" SRV record for my ISP and find the host to be "sip-server.myisp.com".

      So why use DHCP to do something new when DNS can already handle it? Even if itsn ot fully realized in all DNS servers, it's still closer than DHCPs are, sin't it?

      Or does DHCP have this inate ability too?
  • by da3dAlus ( 20553 ) <[moc.liamg] [ta] [uarg.nitsud]> on Monday April 21, 2003 @05:51PM (#5776196) Homepage Journal
    Will they make use of the new 'Evil' IP bit?
  • by Murdock037 ( 469526 ) <tristranthornNO@SPAMhotmail.com> on Monday April 21, 2003 @05:52PM (#5776198)
    Alright, we can do this, but this time around I've got dibs on "business.com."
  • by corsec67 ( 627446 ) on Monday April 21, 2003 @05:52PM (#5776200) Homepage Journal
    You could have a new version of SMTP, maybe called SMTP2 that would refuse connections from an SMTP1 server. That would cause most people to change rather quickly, and might even be workable.

    Something like IP, otoh, would be best if the new version could coexist with the old version.
    • by DocSnyder ( 10755 ) on Monday April 21, 2003 @07:44PM (#5777112)
      SMTP means "*Simple* Mail Transfer Protocol". It's the equivalence of a letterbox - simple and efficient. Of course it can be abused for spamming, but so is any successor of SMTP and any different messaging service. As long as it is possible for anyone to send email, it will be possible for anyone to send spam.

      The main problem does not consist in trying to stop spam in general (that would be impossible), but in making *anonymous* spamming *very* difficult. Standards are there - but many legitimate operators don't care about a standards-compliant infrastructure, stifling security efforts that would be good enough to keep a lot of spam out.

      For example, each IP address should have a DNS reverse record pointing to a valid hostname, which resolves to the same IP address. HELO strings and message ID domainparts should be FQDN and not only "office" or "workstation", the sender's host should be an official Mail Exchange (MX) for the envelope-from domainpart, and so on. This way you could easily - using *existing* standards - make sure that the sender is authentic. Anonymous spamming via open proxies or open relays would be impossible, and spammers using their own infrastructure can be RBLd.

      So why invent new standards with millions of people having to switch on, which would take 10 or 20 years? Why not use and push existing standards not only as "nice option" for email communication, but as requirements?
  • The problems with various internet protocols (including the underlying IPv4 protocol!) have been known for YEARS, and have been screamed about by us geeks for YEARS. Nothing has happened, and there is a reason for this.

    If you want to change the standard, you first must convince people to use your new standard. Now if someone comes up with a shiny new email feature that everyone thinks they *must* have, and it happens to be based on an existing protocol, and there's no way it will work with SMTP, well...
  • no it wouldn't (Score:4, Insightful)

    by edrugtrader ( 442064 ) on Monday April 21, 2003 @05:53PM (#5776218) Homepage
    spam can not be stopped. period. if you believe otherwise you are misguided. the protocol does its jobs, and the verification of the headers and contect are to be done on the end systems. a challenge system at the backbone level is ignorant.

    the only update the internet needs is more IP space and faster connections and Internet2 is already doing that.
    • Re:no it wouldn't (Score:5, Insightful)

      by RatBastard ( 949 ) on Monday April 21, 2003 @06:06PM (#5776330) Homepage
      If spam can't be stopped then the Internet's Killer App will be in serious jeopardy. Email is becomming a useless means of communication for far too many people. The ever-increasing mountains of spam are simply swamping email servers and clients, making it almost impossible to find the few valid emails in an ever-deepening sea of raw sewage.

      The sick thing about spam is that most of it isn't about selling you anything. Most of it is about creating huge lists of email addresses and selling those lists to the next layer of stupid suckers trying to make money the Don LaPre way.
    • Re:no it wouldn't (Score:5, Insightful)

      by kwerle ( 39371 ) <kurt@CircleW.org> on Monday April 21, 2003 @06:16PM (#5776423) Homepage Journal
      spam can not be stopped. period. if you believe otherwise you are misguided. the protocol does its jobs, and the verification of the headers and contect are to be done on the end systems.

      I don't know what you're thinking, but making it impossible to forge headers would be a HUGE step in stopping spam. RBL's would become far more useful. Prosecuting spammers would be far easier (since it becomes easier to tell where the spam really comes from).

      The protocol is broken in that headers are not really verified.
      • Re:no it wouldn't (Score:3, Insightful)

        by edrugtrader ( 442064 )
        ok, so as a spammer, my next step:

        automate purchasing domains such as
        myspamdomain0001.com
        myspamdomain0002.com
        m y spamdomain0003.com
        myspamdomain0004.com ...
        the same why they automate buying yahoo addresses.

        the RBL's would become far LESS useful. because domains have so much value, spammers are going to do everything they can to send email through domains that are not blocked... and in doing that block everyones domain.

        verifying headers is damn near impossible unless you have each server log every transact
        • Re:no it wouldn't (Score:3, Interesting)

          by kwerle ( 39371 )
          automate purchasing domains such as ...
          the same why they automate buying yahoo addresses.

          Buying domains is not free. Setting up yahoo addresses is. That puts a price on SPAM, which would instantly reduce it.

          the RBL's would become far LESS useful. because domains have so much value, spammers are going to do everything they can to send email through domains that are not blocked... and in doing that block everyones domain.

          Domains should not relay - that's the whole point. That's what RBLs are for, a
  • unfortunatly (Score:5, Insightful)

    by geekoid ( 135745 ) <dadinportland @ y a h oo.com> on Monday April 21, 2003 @05:54PM (#5776224) Homepage Journal
    redesigning the internet would take away everything that makes it good.
    A redesign would be forceed to the best interests of conducting business, not sharing information.
    It would not cut down spam, only change the form it takes. SPAM can only be slowed via eduacation. People must learn that SPAM is not the way to buy things.

    If business don't like the way the internet works, then they can get together and build there own, down to, and including, laying there own backbone.

    • Re:unfortunatly (Score:2, Interesting)

      by reiggin ( 646111 )
      Sure, it'd be nice to think that business can build "their" own, but do you really think that pipe dream will happen? If you want something done on that level, don't leave it up to business to do it on their own. There will never be one standard and instead, you'll just end up with absolute chaos. It takes a community of people committed to real change to ban together to make something like this happen. And I'm all for that.

      Who's to say that a redesign would take away? When people banned together to

    • by dant ( 25668 )

      redesigning the internet would take away everything that makes it good.

      Exactly. Anybody's who's been around Slashdot for more than five minutes should know enough to be terrified of the very idea.

      A new design would inevitably reflect business motivations over technical ones at every turn. Say goodbye to the end-to-end concept, get ready for trivially-encrypted protocols just so that the DMCA can be used to force you to use 'authorized' clients that make you view advertisements left and right, expec

    • Re:unfortunatly (Score:5, Interesting)

      by bheerssen ( 534014 ) <bheerssen@gmail.com> on Monday April 21, 2003 @06:40PM (#5776591)
      SPAM can only be slowed via eduacation. People must learn that SPAM is not the way to buy things.

      Unfortunately, you're wrong about this. SPAM works because the vanishingly small amount of money it generates per message is still greater than the cost of the message. The people who get taken by spam are the same people that get taken by psychics that advertise on cardboard signs. These people will always exist - no matter how much effort is made to educate them.

      Two quotes come to mind:

      "There's a sucker born every minute" - P.T. Barnum

      and

      "Knowledge is realizing that the street is one-way, wisdom is looking both directions anyway" - unknown

  • And, on the seventh day, of the seventh month, of the two thousand and third year of A.D. a darkness fell.

    The "net" fell, first one computer, then another, and another.

    The web was being taken down, ripped as if it was a spider's web that a clumsy person had walked through.

    A few rebels called "Spammers" held out, but they were soon slienced, then, and forever.

    But, then a light shined, a new web was forming, first one computer, then another, and another.

    And so the story ends, with a new beginni
  • HAHA... (Score:5, Interesting)

    by deadsaijinx* ( 637410 ) <animemeken@hotmail.com> on Monday April 21, 2003 @05:55PM (#5776239) Homepage
    ... sorry, not happening. Hell, we can't even push out v6, let alone start from scratch. Sure, these organic growths (i'm talking bout the internet) may seem inefficient and disorderly, but anyone in theorectical math knows that such systems have an awkard effecientcy. Similar to the buses in Mexico (they don't have a single entity controling them, like the US does), the internet grows from several competing interests, and often seems chaotic and ineffective. Yet, studies show that the buses in mexico are several fold more effecient than the regulated from the start ones here in the states. Just some food for thought.

    (someday, i will make FP)
    • Re:HAHA... (Score:5, Funny)

      by Scrameustache ( 459504 ) on Monday April 21, 2003 @06:32PM (#5776537) Homepage Journal
      Yet, studies show that the buses in mexico are several fold more effecient

      Have you ever seen a mexican bus?

      They have 2x the internal capacity filled up AND people hanging off the sides! All the while running at about 1/5 the spped of light on narrow winding mountain roads...

      Its efficient? Its also the scariest thing ever!
  • by wo1verin3 ( 473094 ) on Monday April 21, 2003 @05:56PM (#5776251) Homepage
    not to tell AOL? Lets just not mention anything to them, and suddently we have two seperate networks...

    The old network only consisting of AOlers.
    The new network consisting of everyone else.

    If this isn't acceptable, could we try just not telling Microsoft?
  • Agreement? (Score:5, Insightful)

    by randumb_surfer ( 208708 ) on Monday April 21, 2003 @05:56PM (#5776252) Homepage
    You can't get 3 people to agree on where to eat. How does anyone expect to reach a worldwide agreement on how to redesign something that's become such a huge part of our lives.

    The only way we ended up with something as good as we have was due to the fact that it was created by a small group of very intelligent men with much foresight.

    With that in mind I suggest we form a task force to look into this matter. That way we can sleep soundly at night knowing nothing will ever actually happen.
  • by Niles_Stonne ( 105949 ) on Monday April 21, 2003 @05:56PM (#5776253) Homepage
    "If you limited normal users to 100 messages per second and major companies to 10,000 messages a second it would be hard for legitimate users to complain, but spamming would be much harder."

    Hm... At a limit of 100 per second that only means I can send out 100x60x60x24 = 8,640,000 e-mails per day. How am I going to be able to talk to all of my friends now?

  • For years, there's been this little protocol called IMAP. It's really good. Yet most people, or rather most companies, insist on using the hopelessly-outdated POP3 standard. And these two standards are compatible - I can use IMAP without forcing everyone else to make the transition.

    You want to obsolete SMTP entirely? Get real.
    • pop3 is really quick and has little overhead.

      Imap can bring a server to a crawl, espcially if your lusers er clients are trying to sync every porn spam they've recieved in the last 10 years with the latest bug ridden copy of outlook they insist on running.
      • Re:imap is a hog (Score:3, Interesting)

        by Khazunga ( 176423 )
        pop3 is really quick and has little overhead.

        Nice timing. I am just retrieving the 5345th message from my ISP inbox, which contains a password recovery code. I couldn't care less for the other 5344 messages in there (one year spam collection). Yay! 20min overhead.

        It does not classify as little overhead. I could get the message in 2s using IMAP, but nooooo! That'd qualify as Good Service(tm).

  • Email != internet (Score:5, Interesting)

    by mblase ( 200735 ) on Monday April 21, 2003 @05:57PM (#5776264)
    A subjective summary of the column:

    - Scrapping the Internet is a good idea because spammers have used email to annoy everyone.

    - Under this new, hypothetical email system, Verisign would require everyone to buy a secure ID to ensure they are who their messages say they are.

    - The columnist is willing to spend more money and lose his privacy in exchange for these conveniences, so we should be, too.

    Please. The problem with spammers isn't because SMTP is so weak. The primary cause of the modern deluge of spam is unsecured email servers around the world, allowing senders to spoof their identity and auto-email anyone they happen to have an address for. And no new system, no matter how rigidly secured, will make up for admins who don't do their job; if it did, it would be prohibitively expensive or complicated and thus be impossible to implement as widely as email is now.

    The writer, Larry Seltzer, complains about spammers abusing his account, and yet his online publisher sticks a link to his email address right at the bottom of everything he writes. I would suggest that if he wants to reduce the flow of junk to his inbox, he start with his own managers.
    • Re:Email != internet (Score:5, Interesting)

      by shadowbearer ( 554144 ) on Monday April 21, 2003 @07:01PM (#5776770) Homepage Journal
      "Please. The problem with spammers isn't because SMTP is so weak. The primary cause of the modern deluge of spam is unsecured email servers around the world, "

      and if I may add, also the number of ISPs who don't Give A Shit. Seems from my reading that most within the US and Europe are at least making a start at implementing some decent spam solutions ( complaint monitoring and the actions taken/not taken is really the biggest problem) but from the steadily growing amount of spam I've seen in the last few months, not enough are doing their jobs.

      I don't think we need legislation to solve this. I think we need more education and public denial solutions (blacklisting till they've cleaned up their act - and possibly some standard rule set as to how to go about this). There are a lot of spam sites, but I haven't seen any yet who have a really comprehensive list of what should be "kosher" in anti-spam activism. Can anyone point me to a link?

      SB
    • "Please. The problem with spammers isn't because SMTP is so weak. The primary cause of the modern deluge of spam is unsecured email servers around the world, allowing senders to spoof their identity and auto-email anyone they happen to have an address for. And no new system, no matter how rigidly secured, will make up for admins who don't do their job; if it did, it would be prohibitively expensive or complicated and thus be impossible to implement as widely as email is now."

      You might as well sing the "se
  • No Way. (Score:2, Interesting)

    by BigChigger ( 551094 )
    MS would buy control of the process and then pollute any standards that result. At least now there is a level playing field.

    I don't want MSInternet.

    BC
  • Intel created a 64 CPU from scratch and it appears to be a bit of a turkey. Good design but not a real world solution, you can say the opposite about the Internet.

    If the Internet has protocol problems then fix the protocols, it didn't take that long for most of the web to adopt http resume.
  • by Enrico Pulatzo ( 536675 ) on Monday April 21, 2003 @05:58PM (#5776275)
    This happens to all projects, irregardless of size. Developers will eventually believe that a total restart is the only way to fix problems. It's kinda sad, but I'm as guilty of it as anyone. I don't know how many times I've rewritten a project cuz I didn't like how it turned out, or couldn't fix a bug in the system quite right.

    Same thing here.

    The fallacy comes in the notion that something can be perfectly engineered. Nature teaches us that a vulnerability will be found, the weakest link will break, and that the internet will have problems in it.

    Just cuz you don't like SMTP doesn't mean you should try to take it away from everybody.
    • The fallacy comes in the notion that something can be perfectly engineered.

      It doesn't have to be that. Every time you rewrite, you make mistakes. Later, you find them and learn so that the next rewrite will have less significant mistakes.

      If the internet were to be redesigned, I'd recommend designing it so that the underlying protocols could be changed again later as easily as possible. (while staying secure, of course)

      The trick is doing that perfectly...
  • by bcollier06 ( 667189 ) <benjamin.collier@nospAm.yale.edu> on Monday April 21, 2003 @06:00PM (#5776282)

    I can understand the author's frusteration with the current infrastructure, and it might be nice if we could chuck all of the bad at once.

    BUT, this is completely impractical and would never happen. The current installed base and backwards compatibility always have and always will act as insurmountable intertia to sudden and drastic changes. The innovators will keep on innovating while the rest of user base slowly upgrades their most woefully inadequate equipment/software to the new standards.

    Let's face it: once the internet moved out of the realm of hobbyists and academia and into the commercial sphere it lost the willingness to accept drastic changes. While it continually evolves (the emergence of ipv6, internet2, etc), I don't think we will be seeing a real, identifiable revolution anytime soon.

  • Brilliant! (Score:3, Interesting)

    by jdbarillari ( 590703 ) <joseph+slashdot@barillari.org> on Monday April 21, 2003 @06:01PM (#5776288) Homepage
    Tonny Yu, founder and CEO of Mailshell, says that any new and better replacement for SMTP would have to have some sort of certification system to guarantee that senders are who they say they are.

    Try SMTP AUTH [google.com]. Any respectable MTA implements it.

    The other important requirement, according to Yu, is a system for tracking resource usage per sender. Basically this means that profiles should be established for normal amounts of mail sending from different types of users. If you limited normal users to 100 messages per second and major companies to 10,000 messages a second it would be hard for legitimate users to complain, but spamming would be much harder.

    This would take a centralized authority -- without one, enforcement is left to the commons, and we all know what happens then [sciencemag.org].

    I'm sure we'd have no trouble finding a decent, well-respected, centralized authority to control all of the world's email. After all, no one has any cause to complain about the Internet's existing centralized authorities [icann.org]!

  • by yankeessuck ( 644423 ) on Monday April 21, 2003 @06:01PM (#5776293)
    Seems like every implementation I've seen first hand of "let's rebuild this super humoungous system from scratch" never goes as planned. Inevitably, there are many unforseen problems with the new system. Some of these problems are due to poor planning. Some are not. Some of these problems will be a tremendous pain to fix. Some will be discovered immediately while others will be discovered months or years down the road. In the end, you may wind up with more problems than the old system and you wonder if it was really worth it. Just my $0.02.
  • by WIAKywbfatw ( 307557 ) on Monday April 21, 2003 @06:02PM (#5776297) Journal
    Seriously, we could talk about what if's all day long, whether about the internet, global politics, the SARS virus, or even the DH rule (I'm against it) but it won't change a damn thing.

    Last time I checked, actions speak louder than words.

    I'd love to see some action to seriously combat spam because, frankly, I think it's going to do some serious damage over the next few years if the current situation is allowed to continue unchecked.

    When people stop checking their inboxes because finding genuine messages is like finding a needle in a haystack, and when 25 or even 50 percent of all internet traffic becomes spam, thus slowing down the entire system for everyone and (more importantly) costing infrastructure providers, ISPs and ultimately the end-user serious money, it'll be a bit late to address the problem.

    Better that it's done today - I'd rather deal with the disease now rather than treat the symptoms later.

  • by Dthoma ( 593797 ) on Monday April 21, 2003 @06:02PM (#5776298) Journal

    "The Internet was designed to be secure from nuclear attack, not its own users."

    The problem is, it's very difficult to protect all of a technology's users from harming themselves with the technology or destroying it all together. Just look at virtually all of our inventions and discoveries: nuclear reactions, cars, CFCs, weapons...you can't generally save people from a technology if a substantial proportion of its users are hellbent on using it to annoy everybody else. I think even an "Internet2" would be unsuccessful unless it was so advanced it could somehow protect itself from its own administrators. But even that has its problems. (Insert Terminator reference here.)

  • Not going to happen (Score:5, Informative)

    by Neophytus ( 642863 ) on Monday April 21, 2003 @06:03PM (#5776305)
    I can see IPv6 being phased in in the next couple of years as the IP problem becomes more intense and NAT becomes even more of a royal pain in the backside. What I don't see happening is twenty years of maturity (in some form) being tossed out the window. It would be a shame to see existing protocols being dumped because they arn't secure - most of the time it is the IMPLEMENTATION that doesnt work or has flaws. Many software packages should be scrapped altogether and rewritten and designed from the top - sendmail is the example that comes straight to mind. So many flaws have come out over time it is silly. I'm not saying SMTP itself isn't flawed though, it most certainly is.

    The people at PlanetJailbreak [planetjailbreak.com] have designed, from scratch, on paper, the UT2003 version and the work has appeared to have paid off - an incredibly low number of bugs from their alpha testers have been reported. Where there have been many flaws in a package based on a fundamentally old codebase it should be rewritten totally, regardless of it being server or client software. The problem would be getting people to adopt - many people never patch a thing.
  • Evil Bit (Score:2, Funny)

    by Cranx ( 456394 )
    This would be a good opportunity for all the new protocol implementations to include use of the "evil bit" we first heard about sometime around the beginning of this month.
  • What we really need is to replace the entire technological infrastructure from scratch.

    New electical, plumbing, telephone, fiber, roads, everything. Technology has advanced so much over the past 100 years that the infrastructure, in the USA in particular, is a patchwork of "legacy" and new technologies. You can see just driving around places where shitty old telephone poles head underground. Places where you'll see new fancy street lights, with old crappy lights at the next intersection. Of course, it'
  • by jmoriarty ( 179788 ) on Monday April 21, 2003 @06:07PM (#5776339)
    This is an interesting mental game but nothing more. Pick any complex system that has evolved like the Internet and you will find valiant efforts going into total redesign. Off the top of my head, look at how long Microsoft has been carrying along legacy code, or look at how Intel is trying to make a clean break from x86. In the non-computer realm, our legal system is so snarled sometimes the police just stop enforcing certain laws. How about gridlock in a developing city? Would sure be nice to just start over with new roads where and how we would like them to be, but fat chance.

    I would even go far to say that even if you COULD rebuild the Internet from scratch, the effort would be useless. The Internet has been an evolutionary system, adapting to the demands users place on it with ever changing requirements. The changes you would make would be accurate for 0.001 seconds, then would start on its own road to obsolesence. You would see this very same article posted on Slashdot about Re-Redesigning the Internet in 2008.

    So have fun with the mental exercise, but this beast will always grow on its own.
  • by NanoGator ( 522640 ) on Monday April 21, 2003 @06:09PM (#5776354) Homepage Journal
    I'm a little confused about this article. It talks about rebuilding the net, but it focuses on a protocol that's really only a software change. You don't need a whole new internet to do that. Just create your messaging service and entice people to use it.

    Frankly, I'm surprised more people haven't ditched email for Instant Messaging. Spam just doesn't work on it anymore because permission has to be granted before anybody can contact you. Etc etc.
    • Frankly, I'm surprised more people haven't ditched email for Instant Messaging.

      Frankly, I'm surprised more people haven't ditched postal mail for telephones.

      That's right, very different purposes. Besides, do you want the majority of all the internet communication in the world to depend on AOL's servers. I thought we all already understood the need to decentralize important services...

      Might I point out that you can have a whitelist for you email as well.
  • by fm6 ( 162816 ) on Monday April 21, 2003 @06:09PM (#5776358) Homepage Journal
    Really this discussion is about smtp, the design assumptions of which are about 20 years out of date. Perhaps there are other protocols that need to be completely replaced, but none has anything like the problems of smtp.

    I've been arguing for years that the only way to fix the spam problem is with some kind of certified-user infrastructure. And I doubt that I'm the first person to see this. Filtering simply does not work, as the current volume of spam (60% of all mail traffic, I'm told) indicates. The only question is, how do you make everybody switch over?

    Seltzer's idea of SMTP gateways is ridiculous. Its just another filtering solution. Nor does it make sense to wait for Internet2 to roll out -- that technology will probably exist side-by-side with the current Internet for decades.

    Not that I have any better ideas. Perhaps users who go to the new protocol could bounce SMTP email with the appropriate "please change" message. Whatever.

    In any case, I don't think the answer will come from the standards wonks. More likely the major ISPs will get together and invent something.

  • If your primary concern for updating the internet is to prevent spam, or to at least limit it, ive found a fairly good solution. I just keep two seperate addresses. One i use for the bulk of my important personal and business communications and the other is merely a decoy. Any service that requires me to give an address on a form I automatically assume will also lead to an inordinate amount of spam, so I give only my decoy address. This has been very effective for me, because at least 95% of my spam goe
  • Nice idea but you've got a whole lot of machines to support in the transition, not everone would want to upgrade their 68k Mac, BeBoxen or Amiga to run a nother platform with compliant software, so who would get the programs for the old systems working?

    Before you say "just get with the program," think of 3rd world countries non-profit organizations and schools who don't have the money for the new hardware and associated software AND licensing for the related necessary upgrades... ("think of the children ca
  • by ecalkin ( 468811 ) on Monday April 21, 2003 @06:16PM (#5776418)
    here's my list:

    1) let's clean up ftp. real security options, performance options, etc.
    2) smtp. as in the article, smtp needs work, at the protocol level and implementation of mail programs and their handing of information. i really believe that a little key management at the isp level (if enough isp participated) could really make a difference.
    3) dns. i would drop .com, .org, maybe even .edu and .net. use the ccTLD with other localizations below that.
    4) more ip addresses. ip6 would be nice, but if i'm starting over from scratch, just increasing the ip address from 32 to 48 or to 64 would help.
    5) the ability to do a number of things in a slow, throttled-back fashion to run nicely in the background.
    6) better printing protocols. lpd is a mess and the other printing protocols seem to problematic.
    7) snmp. this seems to be getting better via v3. the real problem seems to be the software, not the protocol.

    just my $0.02

    eric
  • spam hauses (hope thats the right way of spelling plural spam haus). And based on my mail/firewall logs, these are 50% of the time hosted by XO, Verio, Level 3, and C&W, with C&W being by far the worst. If these companies either stopped carrying spammers, or if everyone and their mom blacklisted these fools (check blackholes.us for a kick ass listing of various ip ranges for these hosters) and used spews and spamcop on their mail servers (content filtering in my opinion isnt the cure, your stil
  • by ackthpt ( 218170 ) on Monday April 21, 2003 @06:20PM (#5776447) Homepage Journal
    Problem: Internet has security issues, various aspects which were never considered an issue until someone exploited them.

    Answer: Compeletely remake the internet.

    Problem: The cost would be prohibitive.

    Answer: It'd trigger another tech boom and everyone would have jobs and even dumb people with marginal skills would be paid like chemical engineers.

    Problem: The switch over would require eveyone to run parallel systems.

    Answer: See above.

    Problem: Current security depends more on exclusion than inclusion.

    Answer: See above.

    Problem: Who are you going to trust to write that security model? A wise collective endorsing open standards, an oligarchy of businesses vying for proprietary standards or the government?

    Answer: Oh, the wise collective, for sure.

    Problem: But do you honestly believe they'd be allowed to?

    Answer: Uh, no ...

    Problem: So what do you see?

    Answer: A problem.

  • by blackpaw ( 240313 ) on Monday April 21, 2003 @06:21PM (#5776454)

    The author isn't very knowledgable. Quota's for email can be implemented without breaking existng email clients. SMTP allows Authentication via certificates to be layered on top or, most email clients allow SMTP send with authentication.

    asked a few people involved in solving the problems of e-mail what would be involved in fixing it. This put them in an awkward position of conflict; after all, spam-filtering vendors and other security companies make their living because these problems exist

    Bollocks - the mail guru's who maintain this stuff are mostly volunteers and are not interested in making money off spam/protection. Thats an insult to them.

  • Nice article. I've had similar thoughts, but it's possible to do what this guy suggests using existing, off-the-shelf, technology (and it can all be done open source too).

    The argument in a nutshell is that if everybody were using authentication (and encryption would be nice), then everybody could filter spam at the gateway by simply saying, "I don't want to see any un-authenticated mail".

    Ok, fine then. Let's all authenticate our email. There are loads of PKI based SMTP gateways. If you're an MS shop, you could even implement this on a per-user basis. There's a lot of security technology out there that isn't being used.

    Ask your favourite Win2K network admin this: do they use L2TP and IPSec on all connections between all machines on their network? Probably not. It's kinda crazy that nobody does since this has got to be one of the most sure fire way to improve your security posture because it prevents all passive network scanning from seeing any data of importance.

    Similarly, why aren't we all using PKI to sign and encrypt our email. It's nuts that confidential legal and personal messages are sent around the 'net everyday with no encryption whatsoever. When was the last time your mailclient had to use it's S/MIME capability to decrypt a message from anyone? Would your lawyer send you those important documents on the back of a postcard? How about that multi-million dollar deal your company is working on? Would your CEO be happy mailing the paperwork in a clear-plastic envelope that anyone could see?

    Seems to me that we need to be smarter and more consistent in using the technology that we have today before we rush out and architect a new solution that will no doubt be full of holes that we can't forsee at the moment. The open standards of the Internet make it both strong and weak. But as they say, "guns don't kill people, I kill people."
  • How nifty (Score:4, Insightful)

    by maxpublic ( 450413 ) on Monday April 21, 2003 @06:23PM (#5776473) Homepage
    Yet another call to hand off the net to some mythical central authority which'll be able to monitor everything we say and do, then use it against us should we ever complain about what the powers that be are up to.

    I'll take a pass on this 'solution', thanks. I'd rather deal with spam than make it any easier for anyone to track every single thing I do on the net. Hell, it's too easy as it is, hence the development of things like Freenet....

    Max
  • by digitalgimpus ( 468277 ) on Monday April 21, 2003 @06:33PM (#5776542) Homepage
    Start with SMTP

    Then lets redo http, to be more efficient, use a PCI card to do compression... we could make it much more efficient.

    Replace all HTML with XHTML

    Replace POP3 with IMAP all around

    Replace All file sharing with WebDAV, perhaps enhance it a bit.

    Then a standard IM Protocol.

    Ah life would be good.
  • by linuxwrangler ( 582055 ) on Monday April 21, 2003 @06:36PM (#5776570)
    Before running off to change everything how about just getting people to follow the rules we have.

    For example one requirement of the SMTP RFCs is that everywhere a domain appears in an SMTP conversation it must be fully qualified AND it must resolve. Unfortunately that requirement is rather widely ignored. Just set your mailserver to reject EHLO/HELO greetings that don't conform and you will bounce lots of spam as well as tons of legit email.

    Like the cockroaches they are, spammers rely on hiding in shadows. If legit mail-server operators stuck to the RFCs detecting, filtering and tracking the shady ones out would be easier.

    No, it's not perfect, but at least I could do things like check the EHLO against the connecting IP to see if the other server is lying.

    I would be absolutely delighted if AOL, Earthlink, Hotmail, Yahoo, MSN and other large mail handlers started being very RFC picky in what they allow. This would force a mass cleanup of non-compliant servers and would make my job a lot easier.
  • A terrible idea (Score:5, Insightful)

    by rknop ( 240417 ) on Monday April 21, 2003 @06:40PM (#5776598) Homepage

    The internet is as flexible and free today as it is simply because it grew up before it was on the radar of the marketing and legal arms of corporate America, and the legislators they send campaign donations to. We're very fortunate about this; an open architecture is what the Internet is "stuck" with, and it's proving difficult for those who would replace it with a closed arcitecture to work against that history.

    You had better believe that if we rebuilt the information superhighway from scratch, it would have in place all the controls and restrictions that the various entertainment industry wants, and would be run on standards and protocols which are closed and proprietary. (Many likely from Microsoft, but they would probably be "magnanimous" and licence other proprietary protocols from other companies who have influence with legislators from other states.) In the end, you would not have nearly the flexible and open Internet we have today, but rather something much closer to the one-way "content delivery" system that the entertainment first thought the Internet was, and is now trying to legislate the Internet to be (once they realized that it wasn't naturally that).

    -Rob

  • by Skapare ( 16644 ) on Monday April 21, 2003 @06:42PM (#5776612) Homepage

    I've already written my own protocol to replace SMTP. I set up three servers to send mail to each other. They've been busy at it all weekend testing it out. It looks like a great success. There's been no spam at all :-)

  • No Way!!! (Score:4, Insightful)

    by PincheGab ( 640283 ) on Monday April 21, 2003 @06:50PM (#5776665)
    Even if it was feasible I still would be adamantly against it. The reason is that the US Government would immediately seize the opportunity and embed eavesdropping on high-level protocols under the guise of "national security." Stupid people in high places would support it (as they support all the other dumb things going on right now, anyone saying "save the children" can get the most iditiotic laws passed too. Smart people in high places are afraid to oppose it because it would "harm children." This is why Clinton signed the COPA, by the way).

    Of course, copyright proponents would love to inspect the contents of Internet traffic as well, and they would put huge money into getting these provisions into the specs.

    Unfortunately the things I mention are not the stuff of crappy science fiction, but rather what has been going on so far wherever certain interests can have an influence. Thanks but no thanks. I'd rather keep hitting the delete key more than a hundred times a day and keep my spam and my privacy wherever I can.

    • Re:No Way!!! (Score:3, Interesting)

      by Maul ( 83993 )
      I agree 100%. If we tried to rebuild the internet from scratch the government would get its grubby little paws on the project. The following then would likely happen...

      1) Microsoft would offer its "solutions" to the government. As a result, MS would own all of the major protocols of the new net.

      2) The DOJ/Dept. of Homeland Security/Schutzstaffeln... err Secret Service/etc. will make sure all these protocols are snoop friendly.

      3) The RIAA and MPAA would get in on the mess and lobby for SSSCA/CBDTPA-lik
  • by Captain Tripps ( 13561 ) on Monday April 21, 2003 @06:54PM (#5776718)
    First off, the story is badly mistitled (even in the original). The author is only asking to phase out SMTP, not redo the Internet entirely. What he seems to want to do is have all email users get their identities certified by Verisign (or some other cert. agency) so spammers can't forge their identities. He notes correctly that this would be the end of anonymous email (for those using the system) then says:

    Of course, it was never really supposed to be anonymous, and real e-mail anonymity is only possible if you forge headers and if your mail-server admin doesn't care. Speaking of not caring, I don't care about the anonymity problem.

    Sure, your IP address may be in the headers, but to resolve it to an identity still takes the cooperation of your ISP. People use webmail accounts all the time with the expectation of anonymity. People use email to leak rumors and expose secrets, like with the Halloween documents. A friend of mine uses her Hotmail account on a mailing list for domestic abuse victims. There's lots of good reasons to hide your identity online, and I won't give them up just as a quick fix to the spam problem.

  • Oh, no, not again.. (Score:3, Interesting)

    by Black Copter Control ( 464012 ) <samuel-local.bcgreen@com> on Monday April 21, 2003 @06:54PM (#5776719) Homepage Journal
    what would be involved in fixing it. This put them in an awkward position of conflict; after all, spam-filtering vendors and other security companies make their living because these problems exist.

    Right -- and guess who's going to make money off of charging 'email taxes' for everybody who wants to send a message? This is like the big kerflufle over the (false) claims that Canada was going to charge a $.05/email tax to help cover the losses to Canada Post.
    So now we're going to pay more money to NSI/Verisign for an email cert when they're refusing to deny DNS to prolific spammers? We'd still need a grey-market method of keeping track of which of those certs were sold to spammers.

    Before we get too deep into the idea of using PKI to 'secure' email, I'd suggest that people look at the rather interesting article pointed to by the GnuPrivacyGuard [gnupg.org] site about The Ten Risks of PKI [counterpane.com].

    A more interesting question is whether this could be done in an open-source manner, with peer-to-peer authentication servers, webs of trust etc.

    The protocol wouldn't be so much a drop-in replacement for sendmail as it would be a parallel delivery mechanism. As (and if) it became proven and trusted, I expect that such a system would slowly overtake SMTP as the preferred method of accepting email (with the 'old' method being less and less trusted). Once 'enough' people started using such a system, the critical mass would result in a flip-over in emphasis by the bigger players.

  • by Zone-MR ( 631588 ) <slashdotNO@SPAMzone-mr.net> on Monday April 21, 2003 @08:02PM (#5777225) Homepage
    Register your own domain or get an address like blah.ath.cx. Then host an SMTP server. You will get email addressed to anything under that domain.

    If you need to give a site your email addy, leave in a reference to that site. eg slashdot@myname.ath.cx. That way if someone sells your address, an address leaks, or whatver, you know EXACTLY who is responsible, and you can block junk mail without affecting legitimate email.

    Ive been using this technique for quite a while. I can check my email and be confident I have no spam whatsoever. At times when I got spam, it always turned out it was a single site that leaked my addy, and I easilly identified and blocked it.
  • by g4dget ( 579145 ) on Monday April 21, 2003 @09:30PM (#5777758)
    Tonny Yu, founder and CEO of Mailshell, says that any new and better replacement for SMTP would have to have some sort of certification system to guarantee that senders are who they say they are. The obvious candidates would be certificate services like Verisign,

    Yes, just like what Verisign would want: $100/year from anybody who wants to send or receive mail. Thanks, but I'll stick with unauthenticated mail and spam.

    If that's the sort of thing you want, you can already run SMTP over SSL--you don't need a new protocol for that. Operating systems terminally incapable of building services out of modular building blocks can hard-code SSL into their mail servers. Reasonable operating systems can use something like stunnel [stunnel.org] for wrapping SMTP [octaldream.com]. Either way, you get authentication. There doesn't even need to be any complex interaction between the SSL authentication and the SMTP server because SSL can simply verify the identity of the connecting host, and SMTP can continue to use its regular host-based identification.

    The other important requirement, according to Yu, is a system for tracking resource usage per sender. Basically this means that profiles should be established for normal amounts of mail sending from different types of users. If you limited normal users to 100 messages per second and major companies to 10,000 messages a second it would be hard for legitimate users to complain, but spamming would be much harder.

    We don't need a new protocol for this. Per-user throttling of outgoing SMTP connections could be implemented by ISPs at the TCP level, and per-user throttling of incoming SMTP connections can be implemented by the SMTP server. The reason why this isn't done is because it's largely ineffective: many spammers are beyond such controls for outgoing connections anyway, and limits on incoming connections can be circumvented simply by posing as hundreds of different users.

    Solutions to the spam problem are things like CAPTCHAs [captcha.net], intelligent text analysis, and communications pattern analysis. Restrictions on who can send what to whom at the ISP level, or the imposition of authentication fees by ISPs or companies like Verisign, however, are thinly disguised attempts at squeezing money out of users. In addition to being ineffective and increasing the cost of E-mail, they also just threaten the openness of the Internet that has made it so successful in the first place.

  • Won't happen (Score:5, Insightful)

    by sfe_software ( 220870 ) on Monday April 21, 2003 @09:33PM (#5777774) Homepage
    SMTP being replace, that's a possibility. But with "trusted authorities" such as Verisign? Never. Those of us already having to deal with Verisign (or Microsoft or whoever) do NOT want something as important as email to be completely in someone else's hands.

    SMTP should be replaced by a protocol that requires authentication. That's the biggest probley (open relays) really. Going any further than that will be more of a pain than its worth.

    As for everything else (including IPv4), there are too many old clients out there (old meaning unsupported by the vendor). There are enough Windows 95 clients out there, not to mention other systems where upgrades are simply unnecessary otherwise, to where changing the underlying protocol simply won't happen.

    Incremental upgrates, sure. We'll probably end up replacing SMTP -- or updating it -- to support, or even require, authentication. In a few years. We may even supplant FTP with SFTP or some other more secure variant.

    But to try and simply replace a major, established protocol -- with no backward compatibility -- simply will not happen. There will be enough resistance and reluctance to make it infeasible; then the upgraders will have to begin supporting both "legacy" and new protocols, and we'll be in a bigger mess than before.

    So, my opinion is this: we'll slowly, with full backward compatibility, supplant older protocols with updated ones -- perhaps via adding extensions to them (like SMTP Authentication), allowing slow upgraders to catch up as needed. No revolutionary changes will happen, no forced upgrades...
  • by minas-beede ( 561803 ) on Monday April 21, 2003 @10:17PM (#5778052)
    OK, we've got DNSBLs, we've got filters, we've got DCC, we've got Razor. Why don't they stop spam?

    Let's take DNSBLs. They stop much spam but they don't end the spam problem. Why not?

    Possible answers:

    (1) Not enough mailboxes are protected by DNSBL

    (2) too many spam-source IPs escape listing for too long

    For (1) the answer would seem to be: get more mailboxes protected. Get enough protected so that the amount of spam that gets through is too little for the spammer to earn the cost of sending the spam.

    For (2) the answer would seem to be: recognize spam faster, get IPs listed faster. Automated recognition might be ideal. Razor, perhaps, feeding back to a good DNSBL?

    If it's filters then the problems include:

    (1) Not enough mailboxes protected by filters

    (2) Too much spam slip sthrough the filters

    For DCC and Razor:

    (1) Not enough mailboxes are protected.

    See a pattern here? I'd say there are solutions, they just aren't used widely enough. With the recent inititive at AOL to block spam there's been a big change: that's one whale of a lot of mailboxes at least partially protected by something that works. Those AOL lawsuits may do a lot as well.

    I favor relay spam honeypots and open proxy honeypots - throw them into the mix, too. To some extent these would help compensate for the "not enough mailboxes" problems - the honeypots might end up trapping spam for those unprotected mailboxes anyway (trapping spam that would be DNSBL blocked only helps in that it reduces some bandwidth costs - the spam is doomed form the start if the mailbox has good DNSBL protection.) But if we had universal (which might really mean 85 - 90%) usage of a good DNSBL then spam might die just from that. No change in protocol, just a bigger effort to use what already exists.

    Same for any really effective filter - get it used widely enough and the delivered spam falls below the self-sustaining level.

    Why not?
  • by Animats ( 122034 ) on Monday April 21, 2003 @11:40PM (#5778532) Homepage
    All that's really needed to stop forged spam is a few modest improvements to SMTP. I'd suggest this:
    • In order to send mail as "foo@bar.com" and get it delivered, there must be a mail agent for "bar.com" that knows enough about you to answer an SMTP VRFY.
    • Each message sent contains some random ID or digital signature, chosen by the sender.
    • Any mail agent wishing to verify the source of a message can query the senders's mail agent with SMTP and a VRFY, and obtain a reply that verifies the message, using a challenge/response or digital signature system.
    • Ultimately, mail messages that cannot be verified are bounced. During a transition period, some manual authentication scheme involving replying to a message is used.
    This is backwards-compatible, easy to implement, and implementable in stages. It would be implemeted primarily in ISP mail transfer agents, so deployment doesn't require end user software.

    Spammers can still spam, but at least they have to have a real domain name to send from.

  • by Erik Fish ( 106896 ) on Tuesday April 22, 2003 @02:40AM (#5779220) Journal
    Every time I watch the news, I see another story about all the wonderful things NASA is doing in outer space. I know, I know, it's all supposed to be very impressive and exciting. But to be honest, it just boils my blood. I mean, the federal government can put a man on the moon, but it can't build a killer robot police force to hunt down and execute all the spammers? What kind of priorities do we have in this country?

    Just the other day, there was a big article on the Security Supersite about how the internet might have to be rebuilt to save our children from pornographic spam. And then I read in USA Today how the government is spending $40 billion on outer-space surveillance satellites. Couldn't they put some of that satellite money to better use by constructing space-based laser cannons in geocentric orbit above all the ISPs to make sure our children are safe?

    And for a fraction of what NASA spends on all that Mars rover monkey business, I could have a radio-wave-controlled stun gun that would finally stop anyone I thought might be spamming from ever thinking about looking at me wrong again.

    It is painfully obvious that the government has the money and resources to build a high-energy force field around every single American, yet it doesn't. I mean, when I'm chasing after spammers with my stun gun it's darn near impossible to ensure my personal safety. Are a few measly cameras in the corners of the Foodland really going to deter an angry man who looks sort of like Alan Ralsky? What about my laptop? The pictures on my screen saver of little Kevin and Annie are irreplaceable! (I'm only going to be a grandmother once, you know! Unless, of course, the government finally gets on the ball with those cryogenic pods.)

    And that Hubble telescope, there's a real beaut. Who needs to know if there's life out in space trillions of light years away, anyway? As long as the spacemen don't start sending me special business deals, making me wonder when they will deposit the gold bars in my savings account like that nice man Chavez from Boca Raton, I don't care who they are! If only NASA had aimed that telescope at Boca Raton instead of Pluto, you can bet I'd know what Chavez had for breakfast this morning.

    It's shameful the way the internet has been allowed to degenerate, what with unsecure servers and protocols strewn everywhere. Just thinking about all the millions spent on that Mir station gets me in a dither when I check my e-mail and see donkey porn everywhere, with no donkey-porn-sensitive sunglasses to save my poor eyes.

    And it sure would cut down on those ill-mannered spammers who keep on spamming despite the ISP's strict anti-spam terms of service if their computers were destroyed by spam-sensitive cybernetic space bees. I only have time to write so many complaints, you know!

    If I can't demand killer robot police, then the least I can expect is a laser-powered servo-motored patrol-bot for my yard. How else will I know if it's a that Ralsky look-alike's lawyer trying to serve me court documents or just a raccoon rustling around out there late at night? I understand that in Sweden, every citizen is guaranteed a patrol-bot. But here in the world's richest nation, we go without! The sheer wastefulness of our government makes me sick!
  • by Sir Runcible Spoon ( 143210 ) on Tuesday April 22, 2003 @07:56AM (#5779930)
    The main problem as I see it is that we cannot identify the senders of most spam. Some do not hide their origin and could be identified but these are a small proportion and they are generally of a nature that is not offensive.

    If we don't know who they are, we cannot chase them with legal action. If they can be found, then laws stand a chance and the threat of legal action will reduce the numbers. Those who remain can be made an example of.

    You can argue that legal options are limited as spam is sent from outside of the country, and that filtering is the only real option. However, even filtering becomes more effective if you can identify where the spam is really coming from. To avoid being blacklisted the multi-million message spammer would have to keep moving domain name and that would prove expensive.

    Here is my solution to "Who sent the spam?".

    I originally thought that we should ditch SMTP. But now I don't think that is really the case. Besides that would be such a major change that it would probably stop the change happening. SMTP works, it gets the mail there, the only problem is you only have the sender's word for who sent it. We just need to extend the idea a little bit to check who sent the mail, and then wait until the whole world has adopted the extension.

    I suggest a new header which indicates that the sender's mail server supports verification. A receiver's mail server that also supports verification then has the option of sending a checksum of the mail (or some token sent with the header) back to the sending server, to ask "did you really send this mail?". Upon no reply or a denial the user settings can elect not to have the mail delivered.

    At first only some of your mail will be verified, but you will be certain who sent the verified ones. Later as most of the world begins to use the system, people will elect not to receive unverified mail.

    I like this idea because it does not break the existing infrastructure, it does not demand big new central servers, nor does it demand everyone gets a new mail reader. It's just the mail servers that need extending, and they can be done one at a time (or may be not at all) without anything breaking. Also there is nothing about it that will stop people receiving the unsolicited porn spam if they want it, they only have elect to receive unverified mail.
  • Dejavu (Score:3, Interesting)

    by saqmaster ( 522261 ) <<moc.liamtoh> <ta> <uts>> on Tuesday April 22, 2003 @09:23AM (#5780363) Homepage
    I suggested something similar to this to some friends a while back.

    How hard could it be to setup a few servers (just like the current DNS Root Servers, which seem to run just fine) to handle keys/certs to validate emails.

    It wouldn't be rocket science to get something like this running :-

    - User sends email
    - Client looks up keyservers, requests a new message ID, keyserver logs user key with new message id
    - mail gets sent, with key and id info

    And upon receiving, the client does the same in return. This is a very basic way of detailing it, but i'm sure you all know where i'm coming from. I'm suprised nothing like this already exists in the open sauce community (it probably does, i've just not checked).

    Hoorah.

    nb: if it's flawed, i don't care.

God may be subtle, but he isn't plain mean. -- Albert Einstein

Working...