Technology solution to slicing spam lags

TalkBack 11 of 12:

Next »

« Previous

• Thread View
• Flat View

easy to stop spam with help

Here's "THE" solution for spamming:

This requires a new feature to be added to mail servers and clients to implement this functionality, but it should be relatively straightforward and is 100% backwards compatible with non-conforming servers and clients.

Basically how it should work is if johnny@aol.com sends me a message at andy@att.com, the mail server at aol.com (the sending server) will store a list of recently sent emails.

All it stores is the sender email address (johnny@aol.com) and a unique id for the email, maybe a CRC number (see explanation at the very end) derived from the message contents and all attachments.

When the receiving mail server (that's Andy's server at ATT) gets the message, it contacts the server at aol.com (derived from the 'from' field) and queries to see if a message from such a person was actually sent.

It sends the email address (johnny@aol.com) together with its own generated CRC number.

The sending server (which was aol.com) now checks its list of recently sent email and either returns a yes or no based on the test to see if the address/CRC pair is on the list.

(I'm sure a time-stamp check will be done in this process, maybe to a 60th of a second, then the spammers will be stopped.)

Once the user (Andy) downloads the message and removes it from the server the receiving server (Andy's at ATT) sends a message to the originating server (Johnny's AOL) that it's ok to remove the message record from the recently sent email list.

This method makes it impossible to spoof the "from" field.

If spammers can't spoof the ?from? field they lose their anonymous/fake cover.

It's possible to trace them back to the originating ISP and that ISP will have records of whom that account belongs to or will simply shut down the account if it's a free mail service.

Basically spam can be traced back to its source (and maybe even viruses).

Of course, not all servers will implement such functionality right away.

The end user can set up their mail client to simply filter email from servers that don't support this feature into a special folder that will contain "unverified" email, but this folder will get less and less email as this feature gets implemented more and more.

If the server does support this feature, and the sender is not verified, you KNOW its spam.

If AOL, Hotmail, Yahoo implemented this feature, and you have a client that supports this feature, you KNOW you won't get spam from any of those servers anymore.

------------
CRC

Short for cyclic redundancy check, a common technique for detecting data transmission errors.

Transmitted messages are divided into predetermined lengths that are divided by a fixed divisor.

According to the calculation, the remainder number is appended onto and sent with the message.

When the message is received, the computer recalculates the remainder and compares it to the transmitted remainder. If the numbers do not match, an error is detected.

Posted by: capojim1   Posted on: 03/23/04 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• The Dell OEM Industry Solutions Group Beefs Up the ONE Unified Technology Platform Developed by MDI Security Systems Dell When engineers at MDI Security Systems design a global video surveillance ... Download Now
• Migrate Your Oracle Databases with Near-Zero Downtime Quest Software In today's economy, IT departments are asked to do more with less and stay ... Download Now
• Performance Analysis in Eclipse Quest Software When your Java applications aren't tested consistently - and correctly - ... Download Now