Topic awaiting preservation: Spam Problem: Maybe Require a Handshake

Topic awaiting preservation: Spam Problem: Maybe Require a Handshake (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=6370" title="Pages that link to Topic awaiting preservation: Spam Problem: Maybe Require a Handshake (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Spam Problem: Maybe Require a Handshake <span class="small">(Page 1 of 1)</span>\$

WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 06-08-2003 18:14 I have been doing a ton of thinking lately, as well as a good deal of research, on a very broad area of topics. One of the things I have been thinking about breifly is spam, as it is one of the "biggest" inconvieniences through the use of the internet. I have seen figures and numbers that rate spam in the bounds of between 25 and up to 50% of all sent email. I am sure for some people on differing accounts this number could be far higher. I have also been looking at reports that place the majority of the distributed spam on the shoulders of a few individuals, who run large scale spam houses. These spam houses are able to exploit email as email is a technology that can be unreliable in that the sender does not require confirmation that an email has been recieved by the intended recipient. In that fashion a million emails could be sent out by the spammer to a million different accounts, and even if half of those accounts were invalid the spammer would not be aware, nor care about the lose. Now say that email would be handled through a handshake process. The spammer would no longer be able to simply broadcast a message, the spammer would have to make a connection for each attempted send. Failed two way communication would result in a failure of the message to be delivered. With the prevelance of distributed systems, DNS, being a powerful example, would it be feasible to require email to follow the same rules? Along the lines of DNS we might be able to set up distributed systems of address distrabution, which would validate potential messages being sent. This could be initiated at the Email Relays, an additional network layer could be implemented that would handle the handshake, and even distribute the handshake down the line. I see this as a very big technical hurdle, in order to change the fundamental operations of email, but I can also see some potential gains. The spammer for instance would require millions of handshakes, which would require a far greater amount of computing power, on the part of the spammer. This would make the feasability of sending millions of messages impossible, and could even be handled at the relay stage of creating flood like situations, where if a huge number of handshakes from a source be recieved to immediately block the source for flooding the server. This would make automating the blocking process far easier. Forging IP addresses would be mute since a handshake with the originator would be required, or the email that is attempting to be sent would be disreguarded, if an initial handshake could not be made. Seeing as the way in which email is handled as a distrubuted system, it would not be possible for a handshake to occure with the intended recipient. But the handshake could be implemented down the line. MailCircuit provides a service that is similar to what I am suggesting but is handled in a human fashion and is not automated. If the protocal were updated to require such a handshake would spam be more managable? Many of you might remember the olden days of AOL. When you would use AOL version 2.7 it was possible to send instant messages without recieving the message back. You could for instance send a bunch of separate instant messages to a recipient without getting a message window back to yourself. Using this, you could perform a DOS attack against anyone, and ultimately kick them off of AOL, with hardly any overhead to yourself. When version 2.8 came out, as soon as you would send a message, the IM window would pop back to you, showing the message you sent to the recipient to yourself. This in essance deleted the ability for DOS attacks to kick a user from AOL unless you had a more powerful machine than the user, where your computer could handle the same barage of messages that you were sending. Before AOL version 2.8 it would be possible to attack hundred or thousands of people in this fashion, kicking numerous people off of AOL, but after version 2.8's release it was far more infeasable. You might be able to kick 1 person offline, but attempt to do the same to 2 or 3 users would result in the sender being denied service and being kicked off AOL, which the 3 people who the attempt was made towards would only face annoyance. I am thinking that if the same thing could be achomplished through email we might be able to stem the tide of spam. Could a single sender handle the barage of millions of handshake requests coming back to their computer before a message would be accepted. I am doubting this. The spammer would face a DOS attack created by (him/her)self, which would limit the possability of an individual to launch a spam campaign. I post this because I am sure there are many of you here in the know about such things. Maybe you run your own email relay and have ideas of your own about this. Maybe you have far better technical knowledge about such things. Is this a posability? Is it feasible? I for one would be willing to waste a handshake on an email or many emails if the handshake could improve the reliablity of the email holding valid information. What are your ideas? Me
butcher Paranoid (IV) Inmate From: New Jersey, USA Insane since: Oct 2000	posted 06-08-2003 21:37 That's an awesome thought Warmage!! I just had to wonder as I read your handshake senario how hard it would be for the spammer to write a script to just continually churn out one mail at a time (on multiple machines maybe) that sends a mail from the list waits for the handshake to be completed and then sends the next. While this would inconvienence the spammer, and maybe slow them down a tad, I don't know if it would be enough to stop them. I'll be very interested to see this thread develop as I too was just reading an article the other day on the different coding methods for telling the difference between spam and ham and the pitfalls of knowing that your going to loose some of your real mails to automate the process of rejecting the spam. -Butcher-
Taobaybee Maniac (V) Inmate From: The Pool Of Life Insane since: Feb 2003	posted 06-08-2003 23:21 I despair also at the amount of Nasty Spam I receive, On one of my hotmail accounts about 20 per day! . The only answer I have found is to close that account, and mail the ppl I want to keep on of the change.
docilebob Maniac (V) Mad Scientist From: buttcrack of the midwest Insane since: Oct 2000	posted 06-09-2003 02:11 Good thought, Mage. Even slowing them down would be a plus. I have one account that gets up to 80/day that make it past the filters. It`s getting out of hand. On the other side, implementing/standardizing new protocol layers would be a huge undertaking. You better get started.

I have been doing a ton of thinking lately, as well as a good deal of research, on a very broad area of topics. One of the things I have been thinking about breifly is spam, as it is one of the "biggest" inconvieniences through the use of the internet. I have seen figures and numbers that rate spam in the bounds of between 25 and up to 50% of all sent email. I am sure for some people on differing accounts this number could be far higher. I have also been looking at reports that place the majority of the distributed spam on the shoulders of a few individuals, who run large scale spam houses.

These spam houses are able to exploit email as email is a technology that can be unreliable in that the sender does not require confirmation that an email has been recieved by the intended recipient. In that fashion a million emails could be sent out by the spammer to a million different accounts, and even if half of those accounts were invalid the spammer would not be aware, nor care about the lose.

Now say that email would be handled through a handshake process. The spammer would no longer be able to simply broadcast a message, the spammer would have to make a connection for each attempted send. Failed two way communication would result in a failure of the message to be delivered.

With the prevelance of distributed systems, DNS, being a powerful example, would it be feasible to require email to follow the same rules? Along the lines of DNS we might be able to set up distributed systems of address distrabution, which would validate potential messages being sent. This could be initiated at the Email Relays, an additional network layer could be implemented that would handle the handshake, and even distribute the handshake down the line.

I see this as a very big technical hurdle, in order to change the fundamental operations of email, but I can also see some potential gains.

The spammer for instance would require millions of handshakes, which would require a far greater amount of computing power, on the part of the spammer. This would make the feasability of sending millions of messages impossible, and could even be handled at the relay stage of creating flood like situations, where if a huge number of handshakes from a source be recieved to immediately block the source for flooding the server. This would make automating the blocking process far easier. Forging IP addresses would be mute since a handshake with the originator would be required, or the email that is attempting to be sent would be disreguarded, if an initial handshake could not be made.

Seeing as the way in which email is handled as a distrubuted system, it would not be possible for a handshake to occure with the intended recipient. But the handshake could be implemented down the line. MailCircuit provides a service that is similar to what I am suggesting but is handled in a human fashion and is not automated. If the protocal were updated to require such a handshake would spam be more managable?

Many of you might remember the olden days of AOL. When you would use AOL version 2.7 it was possible to send instant messages without recieving the message back. You could for instance send a bunch of separate instant messages to a recipient without getting a message window back to yourself. Using this, you could perform a DOS attack against anyone, and ultimately kick them off of AOL, with hardly any overhead to yourself. When version 2.8 came out, as soon as you would send a message, the IM window would pop back to you, showing the message you sent to the recipient to yourself. This in essance deleted the ability for DOS attacks to kick a user from AOL unless you had a more powerful machine than the user, where your computer could handle the same barage of messages that you were sending.

Before AOL version 2.8 it would be possible to attack hundred or thousands of people in this fashion, kicking numerous people off of AOL, but after version 2.8's release it was far more infeasable. You might be able to kick 1 person offline, but attempt to do the same to 2 or 3 users would result in the sender being denied service and being kicked off AOL, which the 3 people who the attempt was made towards would only face annoyance.

I am thinking that if the same thing could be achomplished through email we might be able to stem the tide of spam. Could a single sender handle the barage of millions of handshake requests coming back to their computer before a message would be accepted. I am doubting this. The spammer would face a DOS attack created by (him/her)self, which would limit the possability of an individual to launch a spam campaign.

I post this because I am sure there are many of you here in the know about such things. Maybe you run your own email relay and have ideas of your own about this. Maybe you have far better technical knowledge about such things. Is this a posability? Is it feasible? I for one would be willing to waste a handshake on an email or many emails if the handshake could improve the reliablity of the email holding valid information.

What are your ideas?

Me

Topic awaiting preservation: Spam Problem: Maybe Require a Handshake (Page 1 of 1)