Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
We don't have enough art & classy shit around here.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                   

Please log in.
Before you can vote, you need to register. Please log in or create an account.

Spam Verifier

The truth will set us free
 
(+2, -2)
  [vote for,
against]

It is possible that the following contains a misconception on my part, about how the email process works. If this description is "close enough", though, then the proposed spam filter should work nicely.

1. First, somebody writes an email and does a Send.
2. The Internet Service Provider receives the email at its Mail Server.
3. The Mail Server sends the email to a destination Mail Server.
4. The data transmission process may involve a number of Relay Servers, in-between the origin and destination Mail Servers.
5. The ISP that owns the receiving Mail Server saves the message for access by the intended recipient, who may either download it or access it with an on-line mail-access tool.

Given that the preceding is largely correct, then a spammer must do either of the following:
1. Send lots of ordinary emails.
2. Send lots of specially crafted emails that are "forgeries" in that some other person (not the spammer) is declared to be originator of the message.

In Case 1 immediately above, the deluge of emails coming from a particular ordinary email address is already well-filtered by existing techniques. It is Case 2 that poses the primary problem for which a good solution is being sought, and for which this Idea may help.

OK, the part of any email that contains information about the origin and destination is called "the header". The data-packet that contains this information is usually separate from the rest of the data in the email. For the First Stage of this proposed email filter, it is suggested that all email headers (and ONLY the header packets!) be copied/retained by the Mail Servers for a couple of days (probably never need it longer than two days).

The next part of this proposed email filter is to ensure that EVERY Mail Server always send its emails to an intermediary Relay Server. Never do we want the Mail Servers to directly talk to each other, because it is the Relay Servers we want to do this filtering. If possible, we want ONLY ONE Relay Server in-between any pair of Mail Servers (the relay would be able to work with multiple pairs of mailers, of course).

The next part of this proposed email filter is for the Relay Server, upon receiving an email from a Mail Server, place it in a temporary HOLD bin, and inspect the header packet and pull out the email address of the originator (whether forged or not). The Relay Server now constructs a very simple one-packet message and sends it to the Mail Server associated with the email address of the "originator".

That is, if the email is actually from spammer@spamming.com, and the forged "originator" INSIDE the email is qwerty@typos.net, then the simple one-packet message is sent to typos.net, asking if that Mail Server actually sent a message from qwerty, and sent it to the destination that was also specified in the original email header.

If the simple message is undeliverable (say because typos.net does not exist), then the Relay Server knows that the email message it placed in temporary hold is forged, and can be deleted (not relayed). Some tolerance should be built into the spam filter here, since sometimes messages are only temporarily undeliverable. Hourly retries might be adequate, for the couple-day limit in which a Mail Server retains email message headers.

If there is a Mail Server at typos.net, well, since that Mail Server would have retained the header from any email actually sent from qwerty to the specified destination, it can tell the Relay Server yea or nay, and the Relay Server can pass on the on-hold email, or delete it, as appropriate.

Note that if the email placed in Hold had actually contained spammer@spamming.com as the originator, then that mail server would be able to tell the Relay Server that, yes, spammer had indeed sent the message. In this case, the already existing spam filtering techniques can be used (usually done at a Mail Server, which basically automatically deletes everything a Mail Server receives from spamming.com). It is to "share the load" of filtering spam that this Idea specifies that Relay Servers should always be involved.

Now, I'm aware that if a spammer has control of multiple mail servers, the spammer can forge "saved headers" just as easily as the spammer can forge headers inside of spam emails. However, all such can be blocked by ordinary spam filters. This Idea is about ME and MY email address, and YOU and YOUR email address, not artificial addresses. I don't want spammers forging emails with my address on them! As long as my ISP (and your ISP) controls its Mail Servers, and not a spammer, then this Idea will mean that any spammer forging my or your email address, in spam, will always get those message deleted, because none will be verifiable as actually orginating from me. Or from you.

Vernon, May 28 2009

Microsoft's "Caller-ID" anti-spam technology http://www.microsof.../02-24callerid.mspx
[imho, May 31 2009]

[link]






       Two things (glossing over the baked-ness of the idea)
1) Who pays for the relay servers, and
2) Why do you think doubling the amount of mail traffic is a good thing (not counting the additional DNS lookups)?
phoenix, May 29 2009
  

       [phoenix], I was under the impression that the relay servers already existed. And as for "doubling the number of messages", that is a faulty way of looking at the process described. How many data-packets of spam messages will be put on Hold, while just one data-packet goes from the Holder to the Verifying Mail Server, and a second data-packet comes back? All those packets of each spam message will be deleted, in exchange for the two packets needed for verification. And, remember, spam emails currently account for something like 90% of all emails on the Internet....
Vernon, May 29 2009
  

       So, a kind of handshake protocol that identifies kosher headers.   

       It's the easy spoofability of email headers that makes spam possible (and email so easy) and so any kind of call-back type verification would definitely help counter spam.   

       The hard part would be getting everyone (or at least a critical mass of server owners) to sign up, join in and upgrade their servers.
zen_tom, May 29 2009
  

       I think the hard part would be getting people to confirm that they had sent the emails they had sent. I know a lot of folks who send out one or two emails, then log off their account for months at a time.   

       Consider this: An average human will send some average number of messages to some average number of recipients in an average length of time... Say, three messages to five people in a day.   

       An average spammer will also send some average number of messages to some average number of recipients in an average length of time... say, ten messages to two billion people in a second.   

       The human must send the email, then go back, and confirm the email by hand. The spammer would probably develop a way to automate the process, and to remain largely anonymous while doing so.   

       I've found a number of spam filtering methods to be largely reliable in their own right:   

       1: Do not forward messages, and ask people not to forward messages to you. This prevents the long chain jokes, on which your email address becomes distributed to vast numbers of anonymous individuals.   

       2: Do not respond to spam, EVER. This keeps spammers from spotting your active email account, and adding it to other spam lists.   

       3: Do not give your email address to shifty individuals. If you must verrify your existence by providing an email address, have one (such as a free, limitless yahoo account) just for that purpose.   

       4: Use whatever spam filters you have.   

       5: Create a special folder into which all emails which do not show YOUR EMAIL ADDRESS will go. This will remove the bulk of spam for marking. However, email sent to lists will also be caught in here.   

       6: Create a special folder into which emails discussing watches, viagra, drugs, "enhancement," and pornographic key words will go. For most individuals, the bulk of spam not caught in traditional fashion will fall into this domain.
ye_river_xiv, May 30 2009
  

       I think the whole spam filter idea, however implemented, is a mistake. I haven't had time yet to look at Google Wave, so I'm not sure which direction it's going, but I'm realizing that whether I use Outlook or Gmail, regardless of how many filters I'm using, I use search to find the entry I need. Brute force, and all, but if I can rely on a search engine to find the one page I need,on the internet, I can rely on a good search UI to find the piece of communication that is relevant to me, and to also "organize" the data within the set of incoming/outgoing electronic communications I'm engaging in.
theircompetitor, May 30 2009
  

       [ye_river_xiv], the PERSON who sent an email does not need to verify it, under this scheme. It is the email server, through which that person sent an email, that will do the verifying. Also, as specified in the main text, the email server does it by having temporarily saved part of the email (it only needs the "header packet" that contains the sender/recipient information) --that data is all it needs, to say to any other server, that, yes, there was a message sent through this server From so-and-so To someone else (or to say, nope, the email being asked about is a forgery).
Vernon, May 31 2009
  

       Unfortunately, this idea is largely baked (see Microsoft's "Caller-ID" anti-spam technology, circa 2004). There are many variants of this technology, however the way spammers circumvent them all is by using farms of tens of thousands of "zombie" computers.   

       These "zombie" computers are "legitimate" computers of people like you and me, which have been hacked into (usually through a virus or trojan), and are instructed to send out the spammers spam emails whenever their not busy. That way your computer might be spamming without you even knowing about it. Creepy, isn't it.
imho, May 31 2009
  

       [imho], a side-benefit of Mail Servers holding onto header-packets is that the ISP can notice spam-sending activity from zombified customer computers, and inform the customers. Obviously the customers would benefit by removing malware from their machines. Any who are actually in knowing cahoots with spammers, of course, can find all their emails blocked by the ISP....
Vernon, Jun 01 2009
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle