I saw a very nice tool http://tmda.net It spools the e-mail and ask the sender to acknowledge he sent the e-mail. It is only after the acknowldegement is received that the e-mail is finally distributed. I think this system coupled with other anti-spam techniques (like open-relays blockers,...) is very effective. Finally if mail servers were not open relays out of the box, we would be in a better world... Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: franck@sopac.org <mailto:franck@sopac.org> Web site: http://www.sopac.org/ <http://www.sopac.org/> Support FMaps: http://fmaps.sourceforge.net/ <http://fmaps.sourceforge.net/> Certificate: https://www.sopac.org/ssl/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -----Original Message----- From: Christian Huitema [mailto:huitema@windows.microsoft.com] Sent: Wednesday, 14 August 2002 2:20 To: Perry E. Metzger; Keith Moore Cc: ietf@ietf.org Subject: RE: Why spam is a problem. > Keith Moore <moore@cs.utk.edu> writes: > > it's much more difficult to filter spam in general. one person's spam > > might be another person's life-changing investment opportunity... > > I understand the "free speech!" attitude and such, but unfortunately > it isn't reasonable. They're making me pay for their free speech. The free speech of the spammers is not really the issue. The real problem is, devising a system that still let's third parties send you e-mail, even if you have never met them before. You want to curb down the mass mailing, you don't want to stop "unsolicited mail". There are clearly two approaches. One is to pass laws outlawing spam. It may be useful, but usefulness is limited. I live in Washington State, where a state law actually prohibits spam. Does not seem to have much practical impact so far. The other approach is technical. As Bob Braden says, this is what the IETF does, so that what we should look at. We all have ideas -- request authentication of messages, run a distributed system that detects and block spam as soon as a campaign starts, etc. My favorite would be to automatically challenge the sender of messages -- send a message back, "do you really want me to read that", with a nonce of some kind. But, hey, we also know that there is an escalation game going on, and that there will be some form of countermeasures... So we better find a really good solution! -- Christian Huitema
Attachment:
smime.p7s
Description: application/pkcs7-signature