Major ISPs unite in spam fight

TalkBack 16 of 16:

« Previous

• Thread View
• Flat View

stopping spam is easy if

Here's "THE" solution for spamming:

This requires a new feature to be added to mail servers and clients to implement this functionality, but it should be relatively straightforward and is 100% backwards compatible with non-conforming servers and clients.

Basically how it should work is if johnny@aol.com sends me a message at andy@att.com, the mail server at aol.com (the sending server) will store a list of recently sent emails.

All it stores is the sender email address (johnny@aol.com) and a unique id for the email, maybe a CRC number (see explanation at the very end) derived from the message contents and all attachments.

When the receiving mail server (that's Andy's server at ATT) gets the message, it contacts the server at aol.com (derived from the 'from' field) and queries to see if a message from such a person was actually sent.

It sends the email address (johnny@aol.com) together with its own generated CRC number.

The sending server (which was aol.com) now checks its list of recently sent email and either returns a yes or no based on the test to see if the address/CRC pair is on the list.

I'm sure a time-stamp check will be done in this process, maybe to a 60th of a second, then the spammers will be stopped.

Once the user (Andy) downloads the message and removes it from the server the receiving server (Andy's at ATT) sends a message to the originating server (Johnny's AOL) that it's ok to remove the message record from the recently sent email list.

This method makes it impossible to spoof the "from" field.

If spammers can't spoof the ?from? field they lose their anonymous/fake cover.

It's possible to trace them back to the originating ISP and that ISP will have records of whom that account belongs to or will simply shut down the account if it's a free mail service.

Basically spam can be traced back to its source (and maybe even viruses).

Of course, not all servers will implement such functionality right away.

The end user can set up their mail client to simply filter email from servers that don't support this feature into a special folder that will contain "unverified" email, but this folder will get less and less email as this feature gets implemented more and more.

If the server does support this feature, and the sender is not verified, you KNOW its spam.

If AOL, Hotmail, Yahoo implemented this feature, and you have a client that supports this feature, you KNOW you won't get spam from any of those servers anymore.

------------
CRC

Short for cyclic redundancy check, a common technique for detecting data transmission errors.

Transmitted messages are divided into predetermined lengths that are divided by a fixed divisor.

According to the calculation, the remainder number is appended onto and sent with the message.

When the message is received, the computer recalculates the remainder and compares it to the transmitted remainder. If the numbers do not match, an error is detected.

Posted by: capojim1   Posted on: 03/23/04 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Open Standards Technologies Provide the Ingredients for Delivering Security Across the Papa Gino's Enterprise Dell Papa Gino's Holdings Corporation founded by the entrepreneur operates one ... Download Now
• Rethink Endpoint Security Trend Micro Watch this informative video on endpoint security solutions straight from ... Download Now
• Dell on OpenManage Dell Dell Computer Corporation runs its business on thousands of Dell PowerEdge ... Download Now