So I woke up tonight like I always do, but this time with a possible solution for the growing spam problem.
It occurs to me that we don't really need to build any new technology if we leverage the existing protocols. The concept is simple, require that all SMTP communications be either :
a) authenticated ( like your isp already requires ), or
b) tunneled over SSL ( like https ).
By moving SMTP to SSL, we require the internet's email infrastructure to use Digitial Certificates that are tied to the originating machine and the company's D&B; number.
The reason that spam continues to build steam is that spammers have been branching out. Originally they sent the spam from machines at various ISP's. As their volume grew, they had to buy dedicated machinery. Then the internet responded with blacklists. Suddenly their boxes were worthless and their ISP's wanted to cut their contracts.
In order to keep their volume up, they had to decentralize. First they built worms and viruses ( actually just hacked existing ones ) to run DDOS attacks against the blacklist servers. More recently they are spreading viruses and worms that convert unsuspecting work and home pc's with broadband connections into anonymous SMTP relays. Now blacklists are worthless.
So here's why this solution works: When the upstream email infrastructure refuses to talk to these pc's, they'll be left with three options:
1) hack the already secured and well protected/managed email inftastructure -- good luck! This option is always available for all possible solutions, but since they'll be targeting a much smaller set of machines that are generally managed by professionals, the odds tilt back in our favor.
2) rework their virus/worms to use valid isp accounts to send the email -- but this will give away exactly which accounts and which machines are infected. Also, most isp's have volume limits on the amount of mail a single account can send, in addtion to restrictions on where an account can be used from.
3) include a mechanism for installing certificates in the virus/worm -- but that would involve getting a new certificate for each infected machine. Certificates cost money, generally around 250 USD. This is not only costly, but involves a fraus against verisign. THey could avoid the costly part by using stolen credit cards, but then they are talking about leaving a trail of fraud against verisign and VISA/MC/etc. This would also make the development of such a worm/virus diffucult to do without detection. THe credit card companies and verisign pretty much control commerce on the net if not in the real world. The certificate would be good for at best one billing cycle, but now there would be a real trail. The spams all end up with unforgable pointers to the infected boxes, and because of the amount of money used in a mass infection, the FBI/Homeland Sec/etc will be quite incented. Spammer freindly ISP's with mass would loose their ability to take money via the credit system. Are there any cash driven isps?
Blacklists would come back into vogue, only instead of blacklisting ip addresses or hostnames that can be dynamically generated, we'd blacklist certificates/companies. If sears.com wants to send me spam, they'd better make sure it is something I want, because once I black list their Dunn&Bradstreet; number tied to their certificate, they'll never be able to reach me again, no matter how many servers, how many new certificates they get, they'll never reach me again. I think that might make them think twice before sending spamming the public.
Feel free to poke holes in this.
Oh yeah, I almost forgot, -- I believe servercertificates are also tied to the server's ip address, so systems with dynamic ip's will only enjoy temporary use of fraudulently purchased certificates. Using DHCP, isp's could change subscriber addresses every 24 hours.
Howard Owens said on 2003-12-10 03:13:04:
How do you get all of the legitimate server administrators to buy certificates? It would have been great if this had been part of e-mail from the beginning, but I'm not sure it's backward compatible. There would be a huge transition time where a lot of servers wouldn't have certificates. Plus, as you point out, they're expensive. Small ISPs and other small, but legtimate businesses that run their own servers, might not be able to afford them. Otherwise, great idea. I would like to see some way for it to happen.
Dejuan Stokes said on 2003-12-09 14:41:14:
That would be a huge success, but is there a way that a company or a user could do this automatically? Because that is the biggest problem right now the ease of use, that is why it's not being done. But I think that you have a hot idea that could put a lot of stake on your plate for many nights to come.