Saturday, April 22, 2006

An anti-spam solution

My preferred solution to the spam problem is "Store on server" email. When an email is sent, only the sender information, subject, and location of the full email would be sent. When this header hits the recipient's mailbox, it is checked against a whitelist, and if it's there the email is downloaded (from the location given) immediately. If it doesn't appear on the whitelist, it is then checked against a blacklist, and if it appears there it is deleted without confirmation.

If it isn't on either list, the originating server has to wait for approval by the recipient before the complete email is sent. This would ensure four things: the recipient expresses interest based on the subject and who it's from, the incoming mail server is not spam flooded by thousands of huge emails at once, the sender gives a valid location for the completed email, and the server is still accessible when the recipient asks for it. This prevents bogus return addresses (since there would be no way to see if a response was received) and IP hopping to keep ahead of spam blockers. It would also move much of the network burden from spam from people who receive emails to the people who send them.

I received a response to my suggestion on Slashdot, so I wrote a response (I think the quoted text is "fair use" to show what I'm replying to):

The one giant problem that your idea (and others like it) fail to address is non-support for bulk sending. One of my clients regularly sends about 60,000 copies of his monthly newsletter to opt-in customers.

If it's opt-in, the return address should already be in the whitelist. If it isn't, then the full message would only be downloaded if a person expressed interest in it.

The current system allows him to spool out mail at a pace his system can handle. Your system encourages his server to ignite at 8:15 AM whenever all his recipients get to work, check their mail, and simultaneously attempt to download the message.

This assumes that 60,000 people forget to whitelist the email, yet want to download it simultaneously. It is trivial to set up a filter to whitelist all email addresses you write to (and a simple "respond to the confirmation email" would work for that), so if it's truly "opt in" and not "oops, I forgot to uncheck a hidden box," the email would be downloaded in its entirety as soon as the header hits the mailbox.

In addition, one bit of information that can be included in the subject/sender/header info is an email expiration. If you get hammered every day at 8:15 am because many of your opt-in customers have no clue what they are doing, just set the expiration to 8 am. They would see a message that says "not on whitelist/expired" when attempting to download the message, and they can choose at that point to whitelist, blacklist, or keep current settings for future communications.


Post a Comment

<< Home