I have been doing a ton of thinking lately, as well as a good deal of research, on a very broad area of topics. One of the things I have been thinking about breifly is spam, as it is one of the "biggest" inconvieniences through the use of the internet. I have seen figures and numbers that rate spam in the bounds of between 25 and up to 50% of all sent email. I am sure for some people on differing accounts this number could be far higher. I have also been looking at reports that place the majority of the distributed spam on the shoulders of a few individuals, who run large scale spam houses.
These spam houses are able to exploit email as email is a technology that can be unreliable in that the sender does not require confirmation that an email has been recieved by the intended recipient. In that fashion a million emails could be sent out by the spammer to a million different accounts, and even if half of those accounts were invalid the spammer would not be aware, nor care about the lose.
Now say that email would be handled through a handshake process. The spammer would no longer be able to simply broadcast a message, the spammer would have to make a connection for each attempted send. Failed two way communication would result in a failure of the message to be delivered.
With the prevelance of distributed systems, DNS, being a powerful example, would it be feasible to require email to follow the same rules? Along the lines of DNS we might be able to set up distributed systems of address distrabution, which would validate potential messages being sent. This could be initiated at the Email Relays, an additional network layer could be implemented that would handle the handshake, and even distribute the handshake down the line.
I see this as a very big technical hurdle, in order to change the fundamental operations of email, but I can also see some potential gains.
The spammer for instance would require millions of handshakes, which would require a far greater amount of computing power, on the part of the spammer. This would make the feasability of sending millions of messages impossible, and could even be handled at the relay stage of creating flood like situations, where if a huge number of handshakes from a source be recieved to immediately block the source for flooding the server. This would make automating the blocking process far easier. Forging IP addresses would be mute since a handshake with the originator would be required, or the email that is attempting to be sent would be disreguarded, if an initial handshake could not be made.
Seeing as the way in which email is handled as a distrubuted system, it would not be possible for a handshake to occure with the intended recipient. But the handshake could be implemented down the line. MailCircuit provides a service that is similar to what I am suggesting but is handled in a human fashion and is not automated. If the protocal were updated to require such a handshake would spam be more managable?
Many of you might remember the olden days of AOL. When you would use AOL version 2.7 it was possible to send instant messages without recieving the message back. You could for instance send a bunch of separate instant messages to a recipient without getting a message window back to yourself. Using this, you could perform a DOS attack against anyone, and ultimately kick them off of AOL, with hardly any overhead to yourself. When version 2.8 came out, as soon as you would send a message, the IM window would pop back to you, showing the message you sent to the recipient to yourself. This in essance deleted the ability for DOS attacks to kick a user from AOL unless you had a more powerful machine than the user, where your computer could handle the same barage of messages that you were sending.
Before AOL version 2.8 it would be possible to attack hundred or thousands of people in this fashion, kicking numerous people off of AOL, but after version 2.8's release it was far more infeasable. You might be able to kick 1 person offline, but attempt to do the same to 2 or 3 users would result in the sender being denied service and being kicked off AOL, which the 3 people who the attempt was made towards would only face annoyance.
I am thinking that if the same thing could be achomplished through email we might be able to stem the tide of spam. Could a single sender handle the barage of millions of handshake requests coming back to their computer before a message would be accepted. I am doubting this. The spammer would face a DOS attack created by (him/her)self, which would limit the possability of an individual to launch a spam campaign.
I post this because I am sure there are many of you here in the know about such things. Maybe you run your own email relay and have ideas of your own about this. Maybe you have far better technical knowledge about such things. Is this a posability? Is it feasible? I for one would be willing to waste a handshake on an email or many emails if the handshake could improve the reliablity of the email holding valid information.
What are your ideas?
Me