More on spamming..
Sebastian Andersson sa at hogia.net
Wed Oct 1 11:28:16 CEST 1997
On Wed, 1 Oct 1997, Stephan Hermann wrote: > One (technical) idea can be, to install two smtp server: > One, who can only receive mails for known domains and IPs. > This SMTP Server use second relay smtp server for delivering the mails to > the customers. This would require a way to distribute which domains belong to which IP number and this alone is a huge technical and administrative problem which would make it hard to be solved. Considering that each person wants their own domain these days to get a "cool" e-mail/webserver address you will have to have a list of more than 10 million domains and some domains use more than one outgoing mailserver so you will probably have to store at least 8 bytes of address info (in IPv4) per domain. If you also want fast lookups in this database you'll have to add space for some huge indexes (50% extra?). But while we are talking about fundamental technical changes to the SMTP standard, why not simply add an digital signature to each mail your SMTP server guarentees to be spamfree, your public key could be sent out via the DNS and it should be signed by a trusted third party (like RIPE). Each SMTP server that don't want to recieve spam, simply filters away all mail without a signature, with an incorrect signature or those that have a signature from an untrusted SMTP server. To get your public key signed by the trusted parties, you have to sign a contract there you guarentee not to send spam through this SMTP server. Those that use your SMTP server as a relay would obviously have to sign such a contract with you. Old SMTP clients (without spam protection) can still recieve all their mail (they'll not list the signature command in their EHLO response) but they will have to relay their mail via some new SMTP server. Most ISPs use sendmail today and if the support was added to sendmail most internet connected sites could relay their mail through their provider if the provider can authenticate their client. I am far from a legal expert but I don't think there are many countries there it is illegal to digitaly sign a message as long as the plaintext is provided with the encrypted data or it is known how to produce the plaintext and verify that the plaintext and the data is the same. Some facist countries prevent their citizens to export implementations of well known cryptoalgorithms (and to use some algorithms because of different patents) so the sendmail patch would probably have to be implemented in a free country where people are not prevented from exporting the patch or the patch could be based on one of the well known crypto programs like PGP or SSLeay, which in turn would have to be gotten from different places depending on the laws of the target language. > For the first smtp server anyone can use qmail (http://www.qmail.org/), > which has an anti-spam filter (checking some to:/from:/sender:-addresses, > so the first smtp server can be used as a filter for customer spamming and > don't function as relay for spammers. Even though I myself prefer qmail I must say that it can be added to sendmail quite easily (once you've banged your head against the batbook enough...). There are links to these rules from www.sendmail.org. /Sebastian See http://www.hogia.net/keys/sa-pgp.asc for public pgp key.
[ lir-wg Archives ]