How to stop spam - A new approach.
Can we all finally agree that
filtering spam does not work? We need a new approach.
Think of your e-mail address as a door
with no lock. Until we can lock the door these vile time thieves
will continue to walk right in.
There is a problem with this approach.
I want people who don't know me to be able to send me e-mail. What
can we do?
The solution is very simple. Since we
can't easily change our e-mail address, we have to have a lock with a
key that is easy to find and change. The idea is to make it as hard
for these vile time thieves to use automation as it is for us to
change our e-mail address. We have to take the automation out of
spam.
How can we do that?
Here is the answer I propose. What we
need is an added field in our e-mail protocol. We need a password
that we can change at whim.
This is the system I envision. Let's
say that I have an e-mail address and a password. If the e-mail
server receives an e-mail with no password or the wrong password,
it sends an automated response telling the sender that the password
is missing or wrong and tells the sender what the correct password
is.
If the IP address of the sender is
forged, the spammer will not receive the correct password. That's
the end of the problem with the spammers with forged return
addresses. Even if they have your password, they can only get
through until you change your password. Now, at least, they will
have to spend all of their time updating their data base with the
correct passwords from your website. Even then, it will only work
once or twice until you change your password. It will also end virus
generated spam.
For the spammers using a legitimate
return address, they will receive an automated response telling them
that the password is wrong or missing. If nothing else it will bog
down their e-mail server so that they can only send a fraction of the
e-mails that they were sending before.
Now, what would happen if you could
not only change your e-mail password at whim, but could also change
the automated response to a personalized message? Some people will
have automated responses that are easy to decode by automation.
Some people might send a response that says the correct password is -
with a picture of a pear or a skunk. Some may even send a list of
words and say to use the 3rd or 5th word in the
list. The point is that with so many different responses coming back
the spammer's automation will be defeated. Now, the same tricks they
are using to defeat the current spam filters will work to defeat the
spammers.
If the spammers are using a captured
machine to send out their spam, now, all of a sudden, you will know
that someone has captured your machine because you will be receiving
returned mail that you did not send. You will now know that
corrective action must be taken. (Wouldn't it be nice if Windows was
at least as secure as Linux?)
A person who is legitimately trying to
reach you on a one to one basis (as e-mail is supposed to be) who
does not have your password will receive a return telling them what
the correct password is. All they have to do is add the correct
password and resend. That has got to be less trouble than deleting
the thousands of junk e-mails we are now receiving.
During the transition to keep backward compatibility I suggest that we put the password as a separate field and also as the first word on the subject line. Most e-mail programs can currently sort based on the subject line. I still want you to be able to reach me no matter how old your computer or e-mail program is.
Think about it.
One last point. I find it almost
impossible to believe that the people who control the backbones of
the Internet don't know who and where the spammers are. I have seen
them trace a virus back to one machine. Do you really think that
they can't trace millions of e-mails to one server? But, then again,
if spam were eliminated, the Internet providers wouldn't have a
justification to run your e-mail though their e-mail server and
read your e-mails. E-mails could then be peer to peer or at least peer to end server.
Am I paranoid? Yes, and with good
reason. If you're not paranoid you should go to The Beacon of The Circle
of Light Church.
You will see that I am not paranoid without good reason. The proof
is there for all to see.
Just because your paranoid doesn't mean
that they are not out to get you.
If there is proof of a conspiracy, are you still a conspiracy nut? Or, have conspiracies become extinct like the dinosaurs? Was 9/11 just a fabrication of conspiracy nuts? Was there only one person on the planes? There was no conspiracy. The bullet just turned twice in mid air. In that large organization Madoff was the only one who knew people were being cheated. The credit card companies are not in cahoots, it was just one thief with a credit card who caused all of this trouble. Ditto with that one home owner who collapsed the housing market. We just can't stop that one person who is stealing identities. One lawyer has corrupted our whole legal system. Need I go on? TOP
|
