Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:The simple way to end phishing. (Score 1) 436

Agreed. You have to fight the problem at the source. take the profit out of spamming & phishing and it will be drastically reduced. what we do now is like pouring perfume in the sewer because is smells so bad.

First thing you've got to do is recognize that email is broken. we need an "smtp 2.0" which eliminates the spoofable "feature" of smtp mail, and ensures positive id for the sending and receiving servers. There are many ways to do this, but a place to start is to require DomainKeys on smtp 2.0 servers, which goes a long way towards this end.

Once we know who is talking to us, and who we're talking to, we can finally address the real issue. It costs almost nothing to send a billion emails, but it costs plenty to sort through a billion spams. If I can't spoof my source domain, then it becomes much more expensive to send spam if I have to authenticate when claiming to be a legitimate e-mail domain like yahoo, gmail or hotmail.

Also devise a scheme where it is computationally expensive to send an email, but is trivial to receive one. It wouldn't be expensive to send 1000 outgoing messages an hour, but 1000(or more) a minute will require serious hardware. The harder I make the challenge, the fewer emails a bogus (a small server is unlikely to be legitimately sending millions of messages) server can try to deliver.

smtp 2.0 servers would be set to favor established domains to which we frequently send & receive messages, also to set a hard limit for the number of messages an unknown domain can send to us. Since nobody will accept more than a handfull of emails from my newly registered domain, I have to drop a lot more money on bogus domains which i can't even use for a year or two. you can protect legitimate new domains by following a "certified SSL" protocol for validating the identity of a domain owner. anybody without a certified domain or an established domain will have a really hard time getting their spam delivered.

Of course the attackers will find weaknesses in the processes and protocols, but we can simply ensure that servers are ready to migrate to the rules of mail 2.1, which fills in the gaps of smtp 2.0. If your servers aren't updated to a recent smtp version, I can stop "preferring" your mail.

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.