Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam The Internet

Revising the Internet Email Infrastructure 311

Lauren Weinstein writes "People For Internet Responsibility (PFIR) today released a white paper aimed at starting discussion and work to fundamentally revamp Internet e-mail systems to control spam, forgeries, and a range of other problems, while empowering e-mail users rather than ISPs." Excellent start.
This discussion has been archived. No new comments can be posted.

Revising the Internet Email Infrastructure

Comments Filter:
  • PGP (Score:5, Informative)

    by Richardsonke1 ( 612224 ) * on Thursday May 08, 2003 @02:45PM (#5912862)
    Until this comes out, PGP [pgp.com] is a great way to keep your email private and secure. It also deals with forged headers using email signing. MIT has a great client here [mit.edu]
    • Re:PGP (Score:5, Informative)

      by rtnz ( 207422 ) on Thursday May 08, 2003 @02:48PM (#5912896) Homepage
      I would suggest GnuPG, free as in free.

      GnuPG [gnupg.com]
  • by FreeLinux ( 555387 ) on Thursday May 08, 2003 @02:45PM (#5912870)
    They may well come up with some "standard" for a new internet email system but, nobody is going to use it. Hell ESMTP has been out for years and it still isn't supported by more than half the systems that are on the net.

    • by Hayzeus ( 596826 ) on Thursday May 08, 2003 @02:58PM (#5913023) Homepage
      But in fairness, ESMTP doesn't pretend to address any problems as urgent as the spam problem. The hope, presumably, would be that necessity would drive adoption. Still, I have my doubts about how certification authorities are going to be managed. (see my other post).
    • It seems to me that it depends on how badly the masses want to be rid of spam. The bit that worries me about the potential for adoption (let alone rapid implementation) is that it claims to put control in the hands of the user, not the ISPs. I can't imagine they'll be too keen on that.
      • by Xentax ( 201517 ) on Thursday May 08, 2003 @03:20PM (#5913252)
        I dunno -- when I read the paper, one big group of candidates that came to mind as potential PCAs are those very same end-user ISPs.

        That is, when you sign up for dialup, or broadband, or whatever services your ISP provides, you'd get access to their mail server, *including* Pits certified by that ISP for any messages you send via their mailservers (given that you authenticate with them, something POP3 and IMAP already support, right?). It certainly keeps a fair amount of control and influence in the hands of that ISP, but it doesn't *preclude* alternatives, and it WOULD make it easier for those ISPs to follow good/friendly practices.

        That way, any other ISP/mail provider who is willing to receive emails from *YOUR* ISP would deliver your mail. Should your ISP get a reputation for harboring spammers or other miscreants, any given mail provider can choose to simply reject your ISP as a valid certifier (or subscribe to a RBL-equivalent watchdogging the various PCAs, perhaps).

        Obviously an ISP as your (or one of) your PCAs wouldn't be for everyone. Obviously there'd be a bit of a setup challenge, as far as getting various ISPs and other mail providers to recognize each other as valid PCAs. But those aren't insurmountable problems.

        In fact, it sounds a lot like the SSL certification system (probably no coincidence). Hierarchical PCAs would certainly be one way to organize the solution...

        Xentax
        • Also needed... (Score:3, Interesting)

          by Richy_T ( 111409 )
          Is e-mail address portability. So that if your mail provider gets shut down for allowing spamming, you can transfer to another with minimal disruption

          Rich
    • Disregard this comment if ESMTP would eliminate spam (can't tell from its homepage if it has anything to do with authentication), but I think perhaps you should talk to AOL, Earthlink, The World, and various other ISP's head honchos before you claim no one would want to switch.

      In recent weeks all of these people have weighed in on the massive bandwidth drain spam generates, and given that they're pretty big in the industry, I don't see why a push like this would fail.


      • If all MTAs are not switched, all it will do is create a whitelist of ESMTP ISPs... you can't just blacklist everyone still using SMTP.

        So, yeah, AOLEarthlink traffic would be safer (if they both switched to ESMTP), but there are far more ISPs or just local businesses running their own MTA that it won't solve.
    • It is quite possible for comm programs to negotiate protocol. This means that newer programs can check to see if the newer safer features are available and use them if they are there. If not, they can fall back to older SMTP. There is certainly an incentive to upgrade, so I see no reason why it shouldn't happen.
      • by FreeLinux ( 555387 ) on Thursday May 08, 2003 @03:37PM (#5913427)
        Of course it is possible but, the probability is very low, in my opinion. It is already possible for most modern mail clients to automatically encrypt and decrypt mail, making them secure. Yet very few people use PGP or S/MIME. It is already possible for most MTAs to use SSL and/or TLS to encrypt their communications, yet most still do not use this feature. It is already possible for most POP3 and IMAP4 servers to encrypt their communications using SSL and/or TLS as well as having four or more secure authentication options available, yet most still do not use this feature.

        It is possible to redesign and rebuild the email infrastructure of the internet in such a way as to completely eliminate spam and forged addresses, it is howeber improbable that good old insecure and vulnerable SMTP will be abandoned. Prior to the internet and standardization on SMTP, there were many secure mail systems around the world. There was also an inability for them to communicate with each other. This is the problem with a new system. In order for it to work and for email to remain a useful tool, everyone will have to switch and everyone will have to do it at the same time. This is highly improbable.
    • Why would it fail? Look how quickly some existing protocols have been adopted.... Such as ICQ, AIM, Gnutella. Are there alternatives? Of course. You could use IRC instead of ICQ or AIM. You could use FTP instead of Gnutella.

      The people (sometimes just one person) who developed those protocols and standards didn't say "It will never happen".
      • LOTS of spam is passed through open relays. Closing Sendmail open relays has been easy for A LONG TIME now. Yet hundreds of open relays still exist. A new protocol is spiffy and all BUT WE CAN'T GET PEOPLE TO USE THE EXISTING TOOLS. A new 'magic bullet' ain't the answer, education is, boycott may be, and use of blacklists can help. Implementation of Tripoli is nice and all but if we can't get people to upgrade to a sendmail/qmail/... with closed relay support how do we get them to upgrade to Tripoli?
  • Yeah, Right (Score:4, Interesting)

    by sqlrob ( 173498 ) on Thursday May 08, 2003 @02:47PM (#5912884)
    So, how long has IPV6 been out? How much of the net is converted?
    • Re:Yeah, Right (Score:3, Insightful)

      Bad example, IMO. In my experience, IPv6 hasn't caught on because IPv4 still works, and there's no major incentive for most big networks to upgrade because there's no features they need that can't be done in 4.
      With spam, however, a new protocol for SMTP that could provide protection against virii and spam would provide a sufficient incentive for upgrading.
  • I thought (Score:3, Informative)

    by Enrico Pulatzo ( 536675 ) on Thursday May 08, 2003 @02:47PM (#5912886)
    that Public Key Encryption was the answer to email woes. PK just needs to be adopted across the board.

    I thought about writing more, but I really don't see the need to.
    • Re:I thought (Score:3, Informative)

      by axxackall ( 579006 )
      I absolutely support that PK is the way to protect email. However, the trick is in infrastrucure, PKI.

      What is the % of email users receives their MUA (email clients) with PKI support? Is there any PKI support in Yahoo and Hotmail free email hosting systems? How about AOL, Earthlink and other ISPs?

      OK, my friends have god Evolution and Outlook, both with PKI support. Is it right that they can sign email and read it? No problems between proprietary and open standards?

      Finally, what CA can they use? How ea

  • Site Quote (Score:3, Informative)

    by Anonymous Coward on Thursday May 08, 2003 @02:48PM (#5912891)

    PFIR - People For Internet Responsibility
    TRIPOLI Project Press Release
    May 8, 2003

    PFIR Home Page [pfir.org]

    PFIR Announces the "TRIPOLI" Project

    A Call to Arms to the Internet and Open-Source Communities!
    It's Time to Secure E-Mail, Control Spam, and Empower E-Mail Users!

    People For Internet Responsibility (PFIR) co-founders Lauren Weinstein and Peter G. Neumann today called on the Internet and Open-Source Communities to consider a proposal for the most significant and far-reaching changes to e-mail systems since the creation of the Internet and its ancestor ARPANET more than 30 years ago.

    PFIR today released a white paper describing a proposed project to consider the implementation and deployment of widespread encryption, authentication, anti-spam, and other advances directly into the fundamental structure of Internet, intranet, and local e-mail systems.

    The "TRIPOLI" project overview paper located at:

    http://www.pfir.org/tripoli-overview [pfir.org]

    describes the proposed new environment which focuses on ensuring that choices and power regarding e-mail are vested directly with e-mail users themselves, rather than with Internet Service Providers (ISPs) or government agencies.

    The changes described by the TRIPOLI proposal could be gradually implemented, largely based upon open-source software tools that already exist. Ultimately under TRIPOLI, the volumes of forgeries and spam (both received by users and traversing the Internet) would be drastically reduced, by default all e-mail would be encrypted, and e-mail users would have essentially complete control over how they individually choose to send and receive e-mail.

    "Current e-mail systems were not designed to deal with the kind of world we have today -- they've become a hopeless nightmare for users and ISPs alike," said Weinstein. "E-mail users are inundated with spam, forged mail, and other garbage, and unfortunately the actions many ISPs are taking to try control spam and other e-mail are shackling their honest customers with unreasonable restrictions and making matters even worse. Some of the proposed anti-spam laws may also exacerbate these problems without really controlling spam at all. Legitimate e-mail users need to be put back in the driver's seat, and there isn't a moment to lose."

    "These problems are getting more severe every day," said Neumann. "Not only are users and networks drowning under spam and other e-mail deficiencies, but basic matters of security and reliability on the Internet are being largely ignored under the current intolerable situation. These critical problems simply cannot be fixed without coordinated and major changes to the way e-mail is handled throughout the Internet. It's going to be a big job, but we have to get going on this right now."

    PFIR hopes that the TRIPOLI proposal can act as a starting point for discussion and implementation of systems to solve the many e-mail problems that exist today, in a manner that empowers users rather than unfairly restricting them. PFIR invites the participation of the open-source and Internet communities at large towards these crucial goals.

    Persons interested in participating or getting more information about the TRIPOLI project can send e-mail to:

    tripoli-info@pfir.org [mailto]

    or use the contacts listed below.

    - - -

    CONTACTS:

    Lauren Weinstein
    lauren@pfir.org [mailto]
    Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org [pfir.org]
    Moderator, PRIVACY Forum - http://www.vortex.com [vortex.com]
    Member, ACM Committee on Computers and Public Policy
    http://www.pfir.org/lauren [pfir.org]

    Peter G. Neumann
    neuma [mailto]

  • by gorbachev ( 512743 ) on Thursday May 08, 2003 @02:48PM (#5912894) Homepage
    SMTP is here to stay and it won't change within any reasonable time period. It's unfortunate that it's so unsecure, but that's just the way it is.

    Proletariat of the world, unite to kill spammers. Remember to shoot knees first so that they won't be able to run away while you slowly torture them to death.
    • They bother because it *is* insecure. SMTP is going to be around for a while, but that shouldn't stop a better MTA protocol from being developed. Kinda like ipv6, although thats takeing a lot longer than anticipated :)
      • by gorbachev ( 512743 ) on Thursday May 08, 2003 @03:53PM (#5913611) Homepage
        I think there's a fundamental difference between the problems IPV6 is trying to solve and what any "SMTP2" solution is trying to solve.

        IPV6 will solve the underlying problem of running out of IP space.

        "SMTP2" would NOT solve the spam problem, because it's not a technical problem, IMHO. Spammers would move over to "SMTP2" eventually. They'd just have to find that one little flaw or feature and they'd be back exploiting it like they're exploiting weaknesses in SMTP now.

        If widespread adoption of "SMTP2" takes anywhere near the amount IPV6 adoption is taken, it's not going to work. Spammers would have 5 years to study the new technology and develop solutions to get their crap across the new protocol.

        By the time "SMTP2" is in place and used by everybody, the spam problem would no longer be what it is now and we'd be back in the cat-and-mouse game with spammers and their spamware techniques.

        All the "SMTP2" solutions I've seen would make normal Email communication between non-spammers much more difficult. I think that's something that should be avoided, even at the cost of not solving the spam problem using technology solutions.

        Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death.
    • And gopher works fine for browsing documents online, so why would anyone use that stupid http thing...

      Considering how much spam is a problem for ISPs, I think you'd be suprised how widespread adoption of SMTP2 would be if it actually kill spam.
    • by Nutcase ( 86887 ) on Thursday May 08, 2003 @02:55PM (#5912991) Homepage Journal
      It's unfortunate that it's so unsecure, but that's just the way it is.

      I think it's great that it's not secure. Just like every other classic protocol that truly supports the net (tcp, ip, ftp, etc), it's not about what you put over it - it's about moving data as it's told. This distinction is what makes it so difficult to control or "own" the net. I don't believe we could build a "secure" protocol that retains the inbuilt freedom that we have today.

      Yes, people abuse that freedom just like they do any other, and yes, spam is so annoying that many who normally fight for freedom now beg to take it away in this instance, but there are solutions that don't involve removing freedom for everyone.

      The idea of challenge response is good.. as is baysian filtering.. as is pgp key signing, etc...

      And the solution to the abuse of bandwidth on the servers is not to recreate the protocol. it's to make sending spam pointless in the first place - and that happens at the ends. The middle needs to be stupid in order to be smart.

      And now my shameless (and probably inaccurate) retelling of "the world of ends [worldofends.com]" will itself end.
      • by Xentax ( 201517 ) on Thursday May 08, 2003 @03:31PM (#5913342)
        True, if everyone was filtering their email to where noone ever saw any spam, the problem would die off from lack of demand.

        But, IMHO, that's a pipe dream. There will always be a fair number of people who will receive spam against their will (with the current system), and there will always be a small (and idiotic) subset of those people who will fall for the scams and thus keep spamming alive as a business practice.

        The kind of solution Tripoli proposes would keep spam from being delivered in the first place, and make it easier to discourage ISPs from tolerating spamming customers for short-term financial gain. Both of these will (IMHO, naturally) go a lot farther in containing or even eliminating the "spam problem".

        Xentax
  • by grub ( 11606 ) <slashdot@grub.net> on Thursday May 08, 2003 @02:48PM (#5912897) Homepage Journal

    Have they passed their recommendations by Al Gore yet?
    • Re:Whoa, boys.. (Score:2, Informative)

      by DeltaSigma ( 583342 )
      That was really funny until I finally found out that Gore never said he created the internet, but rather suggested that many topics he tackled in politics directly benefitted the widespread adoption of the internet during its earlier stages of growth.
  • by zoobaby ( 583075 ) on Thursday May 08, 2003 @02:50PM (#5912923)
    I know very little about this so correct me if I am wrong. The only way to really let each user have complete control over email, would be for each user to have there own mail server and/or domain. This is why most people let their ISP's handle their mail. And you would still get crap from bulk mailers, spammers.
  • by Ars-Fartsica ( 166957 ) on Thursday May 08, 2003 @02:52PM (#5912954)
    You see this in software too. People think if they just "start over", everything will be okay. Wrong! You just get a new set of problems.

    SMTP is here to stay. We're going to have to live with it. Spam control filtering is getting better and there is a good chance that together with decent legislation, spam can be reigned in. A new system will ultimately just create new kinds of abuse, which wil lrequire the industry to take another two year cycle to address.

    • by FortKnox ( 169099 ) on Thursday May 08, 2003 @03:13PM (#5913170) Homepage Journal
      My thoughts exactly. And not only will it just introduce new problems, how do you plan on switching millions of international users to a new system?

      The best, cheapest, most efficient way to handle the issues with email is to fix email, not kill it and start again.
    • You see this in software too. People think if they just "start over", everything will be okay. Wrong! You just get a new set of problems.

      That's why I'm still using MS-DOS 1.0! All this silly "start over" crap Microsoft pulled with later DOS versions and then this Windows horseshit provides absolutely zero benefit to the user!!!

      Everything WON'T be okay forever if we migrate away from SMTP and something more securable, but it will be BETTER.
      • If you think the Windows path that lead up to Windows ME wasn't just a series of "fixes" to MS-DOS 1.0, you're kidding yourself.
      • Bad example (Score:3, Insightful)

        by AT ( 21754 )
        Your example is a bad one. Microsoft did its best to avoid starting over with its operating systems. And when it did, it did so very carefully with as much backwards compability as possible.

        Windows will still run MS-DOS binaries and Windows 1.0 through Windows ME all ran atop the MS-DOS code base in one way or another. They started over exactly once, when they build NT. And they gave it over 7 years to mature before they dumped the old MS-DOS/Windows code. And even with this one example, they ensured
    • Disagree (Score:3, Insightful)

      by Fastball ( 91927 )
      Legislation will NOT curb or stop spam. Politicians are the very last people you want working on the spam problem. Roughly ninety percent of incumbents win their elections (in 1998, 98% of U.S. Representatives won their elections [commoncause.org]). These people have nothing at stake. They have no incentive to fix this problem.

      Techies like you and I do, and I would rather cast my lot with fellow techies who share in my pain.

      Success comes from failure if you dare to try again, revise, adapt, and overcome. I don't see why

  • PIT/PCA Questions (Score:5, Interesting)

    by Hayzeus ( 596826 ) on Thursday May 08, 2003 @02:55PM (#5912978) Homepage
    I may be wrong, but what, exactly, is to keep spammers from becoming their own PCA? Why can't they simply generate PITs willy-nilly?

    Sure, ISPs can block PITS from unsavory PCAs, but what stops spammers from creating new, bogus PCAs as needed? If there are only a few "recognized" PCAs, doesn't this tend to concentrate power into a relatively small set of entities?

    • by Anonymous Coward
      It would seem so. Like any certification mechanism, you've got to trust the certifiers. And in practice, that means a few big ones.

      I found the point especially odd considering the polemic in the beginning about how individuals need to have their own MTAs that can negotiate around port restrictions lest the evil ISPs control them.

      A verbose article, which didn't seem very consistent. The kernel idea (don't allow forged headers) has been brought up a number of times. Not much value added here.
  • Finally (Score:3, Insightful)

    by Daimaou ( 97573 ) on Thursday May 08, 2003 @02:55PM (#5912993)
    A revamping of the email technology is what needs to take place. Not an internet tax (good crap we are taxed enough already). Along those lines (better technology instead of more bureaucracy) two great technologies that already exist, that help in the email realm, are GnuPG and Bogofilter.
  • by L. VeGas ( 580015 ) on Thursday May 08, 2003 @02:58PM (#5913026) Homepage Journal
    First thing is to rename it "i-mail".
  • No, No, No (Score:5, Insightful)

    by npcole ( 251514 ) on Thursday May 08, 2003 @03:00PM (#5913044)
    I'm sick of reading proposals (often from industry profit-seeking types) who want to put a paid-for "stamp" or similar "token" on email. (I'm talking generally, though---yes---I did read this paper)

    It looks attractive logic:

    1. Lots of people use email
    2. We offer a system which will beat spam at a cost---our 'trusted 3rd party' or whatever---but only if people who use it can't talk to anyone else, so everyone has to use it
    3. Profit.

    This is NOT the way forward on spam. Nor, realistically, is anything which re-writes the rules for email. People like editing headers. In fact, if it weren't for spam, people like email as it is---period.

    The way forward seems simple:

    smtp servers should start requiring genuine users to log in. (though rarely used, there are smtp systems which allow this, and most major clients---yes even the MS ones---already talk to these servers and have done for years)

    servers which don't should quickly find their way onto blacklists.

    (I shall leave the exact way these blacklists should be used as an exercise for the reader)

    Simple. Low cost. Not a business model; but a clear solution.

    Anyone want to start writing to ISPs?
    • Re:No, No, No (Score:2, Interesting)

      by RedHat Rocky ( 94208 )
      1. Blacklists already exist. Since they are optional, the problem still exists. Non-solution.

      2. Anyone (ANYONE) can setup a smtp server. How long it remains up depends on a lot of factors, but that basic fact is why spammers exist and why there are servers for spammers to use/exploit.

      3. If one could dictate how smtp servers are configured, then no more open relays. spam dies. But we can't, so spam lives.

      A radical stance is required to change. Many say SMTP is here to stay. Oh, remember the little UUCP th
    • The biggest reason why SMTP servers don't make users login is that it wouldn't matter. So long as *any* computer on the internet is authorized to send email as me, it doesn't matter if the one server that I actually use requires a login (particularly since most spam does not originate with a legitimate mail server; instead, it is sent by spam software using open relays and proxies).

      In order to make this work, we also have to come up with a way of verifying the server (blacklists aren't enough; open relays
    • Re:No, No, No (Score:5, Insightful)

      by cjpez ( 148000 ) on Thursday May 08, 2003 @03:32PM (#5913356) Homepage Journal
      Spammers running their own mailservers are still going to be able to send out spam, though, 'cause they're authenticating to their own servers properly. You could argue that servers with spam coming out of them could just get added to blacklists, but that happens already for open relays, and the whole open relay thing is steadily beoming less of a problem as more admins wise up to it.

      Other problems start when you have people using hotmail and yahoo, etc, to send out spam. They're authenticating correctly, they're just using the accounts to send the spam. Your solution makes a lot of sense if SMTP servers are scarce, but broadband being what it is, it's basically trivial to set up one of your own and use that. You no longer have the controls of forcing people to use well-known, trusted servers. (Again, you can play games with blacklisting, but this already happens today.)

  • Problems like the current state of e-mail always
    inspire me to consider the need to do things
    right the first time. There are many good systems
    that grow organically and work well but at some
    point it is realized that there are major holes.
    At that point the installed base is too big...

  • by stevens ( 84346 ) on Thursday May 08, 2003 @03:01PM (#5913061) Homepage
    ...it lives and dies by the efficacy of the CAs. If the CAs suck, then the credentials they send with email mean nothing.

    I like the idea, but I wonder which sort of orgs are going to be their "PCAs"? ISPs pretty much allow any comer onto their network, so giving all users a cert wouldn't stop people from making temporary accounts for spam.

    Perhaps the ease with which MTAs could cut off CAs (like cutting off domains) would help give incentive to ISPs (or whoever is the PCA) to crack down on their customer base, but that strategy is only marginally successful today. Why would creds make this strategy any better?

    Perhaps MTAs would be harder to config as open relays, because authn is required. But what percent of spam comes through open relays? If it's a big percentage, then this may help.

    Has anyone analyzed this scenario? I'd like to hear some informed thoughts on what sort of email regime we could expect if this were implemented.

    • The cut-off-domains strategy is not very successful today because it's done so very poorly. Many (or most?) spam fighting organizations believe in colateral damage above all else, and more importantly are not run responsibly, so a lot of admins are wary to use them.

      However, if the admins could easily turn on and off certain MTAs or CAs access to their mail servers, at will, that would be far more useful. The admins would have the tools to better be in control and to more easily manage the situation.

      A lot
  • Too Bad. (Score:3, Interesting)

    by dracocat ( 554744 ) on Thursday May 08, 2003 @03:03PM (#5913075)
    I disagree, migrating from SMTP would not be THAT difficult. Give it a 3 year phase in or whatever, and people WILL change.

    Would you change your e-mail system if it eliminated SPAM? Thats what I thought.

    Now... Its just too bad that this is being done by People For Internet Responsibility (PFIR). Can't a real organization tackle this? Wouldn't something like this have a much better chance for success if a standards board were doing the white paper? Who is going to implement a suggestion by PFIR. Really.

    Oh well...
    • Well After comming up with the protocall. And getting 1 working server to make sure the protocall actually works correctly. Then they should put a huge effort in getting all the major e-mail clients to start supporting it. Then when there is a critical mass of e-mail applications that work with it. Then do the push for all the servers to start using the proticall. That way when the servers switch the infrastructure is already in place.
    • Would you change your e-mail system if it eliminated SPAM? Thats what I thought.

      No, I wouldn't. The new system would have to offer other benifits also. My spam filters have had one false positive in the last two years, and have around 3-4 false negatives a week. That's solved as far as I'm concerned.

  • i read the paper, but i don't see what is so new with this. the suggestions it makes seem to be similar to methods for email encryption and spam filtering that are already in place.

    joe emailer hasn't taken the time to figure these existing methods out, that's why it seems as though they're not working. i don't know what tripoli is going to offer that will get joe off his butt and get him signed up with a "Pit Certificate Authority".
  • by Gothmolly ( 148874 ) on Thursday May 08, 2003 @03:07PM (#5913111)
    Those who would trade freedom for security will lose both, and deserve neither.

    The current "hysteria" over spam is going to lead the Joe Sixpacks and the Mothers-protecting-their-children crowd to accept, indeed to beg for, restrictions on their liberties, all in the name of "stopping those spammers". For the rest of us, for whom "WWW" is NOT synonymous with "The Internet", this could have dire consequences. What if I run my own server, and I'm not "blessed" by the current Official AntiSpam Policy Du Jour ? Do I lose out?

    Spammers suck, use your filters. DON'T give the government (and media giants, and Big ISPs) the authority to rewrite the way that the Internet works.
  • by rkhalloran ( 136467 ) on Thursday May 08, 2003 @03:08PM (#5913121) Homepage
    Lauren's rep is impeccable, but this is just a non-starter. It's basically a rehash of the 'whitelisted mailers' proposal that many anti-spam crusaders are pushing, with the [sarcasm mode on]MINOR CHANGE[/sarcasm] of replacing SMTP as the mail transport.

    As bad as the spam problem is, it's unlikely that you can get sufficient momentum in the community to displace one of the primal IP application protocols anytime soon. The solution, for better or worse, is probably going to be a combination of filtering technology, $$ legal judgements $$, and Ghu help us, legislation.

    (Though anyone taking up a collection to hire the Narn Bat Squad [aol.com] for re-educating spammers please let me know...)

  • New Spam! (Score:3, Funny)

    by Beatbyte ( 163694 ) on Thursday May 08, 2003 @03:12PM (#5913168) Homepage
    Increase your e-mail infrastructure size by inches!

    With our new herbal nutrient, you will have a larger, safe, naturaly enhanced e-mail infrastructure in days!!
  • If people would only use this RFC: http://www.faqs.org/ftp/rfc/rfc2549.txt (IP over Avian Carriers with Quality of Service, a modification of http://www.faqs.org/ftp/rfc/rfc1149.txt), there would be no spam, as the normal can of spam is MUCH too heavy for a carrier pigeon to carry.

    Maybe an African Swallow, however...

  • Too many goals (Score:5, Insightful)

    by Elentar ( 168685 ) <.su.teloivartlu. .ta. .todhsals.> on Thursday May 08, 2003 @03:16PM (#5913204)
    The problem with nearly every single encryption technology, or initiative for securing and improving Internet communication, is that it tries to solve too many problems at once. History has proven over and over again that it's the small, easy steps that move progress forward, not giant ones.

    PGP, HTTPS, S/MIME and countless other 'standards' have all made the same mistake in trying to force users to adopt multiple new rules. What's wrong with just providing encryption, without any of the additional burdens of establishing identity? Countless transfers are sent unencrypted every day because the cost of a web server certificate - which is only expensive because it establishes identity - is so high. Anyone can make a server that provides encryption, but such a server is useless with today's browsers. And yet, I'm supposed to have faith that the people Microsoft, AOL and Opera choose to trust are the people that I want to trust?

    It is obvious where email will change next, no matter how much money and time is spent on projects like this one. More and more people will use 'virtual receptionist' services that require you to return an auto-reply message to prove that you're real. Eventually, email clients will develop a way to autodetect and autoreply to these messages, until some sort of system is hammered out. You'll write your message, it will be delivered, the receiving server will connect back to you to verify that you're real, and your system will confirm it, all transparently. Someday, it'll happen in real-time, maybe. Spammers won't be able to use this, because of the increased load on a server that must stay online as long as they want their mail delivered.

    That's how change happens. Not because of a bunch of idealists get together and tell me to start PGP-signing my mail. You know what? I started doing that 3 years ago. I haven't once found a single person who even knew how to verify my messages. Not to mention the pathetic state that the keyservers are in, full of expired and forgotten keys, and easily corrupted (again, I know from experience - I corrupted my own keys in an attempt to remove them permanently).

    -Elentar
    • Re:Too many goals (Score:2, Informative)

      by Anonymous Coward

      What's wrong with just providing encryption, without any of the additional burdens of establishing identity?

      you mean apart from the fact that it doesn't buy you anything? if you don't know whose key you're encrypting a message for, it may turn out to be exactly the person you wanted to keep it secret from. conversely, if you aren't sure who sent that mail that purports to have come from Foo Barfly, the fact it was encrypted for your public key is no guarantee of anything useful.

      your "virtual reception

    • Just get openssl and use it to generate your CA cert and other encryption certs and keys. Then when you want to send encrypted info to other people you can. Of course, there will be all sorts warnings flying about saying "unverifiable certs" *unless* you put your CA cert on a floppy disk and give it to your partners to install in their CA database.

      In fact to be truly secure you'd delete all those existing certs from your own CA database (does paying Thawte a stack of cash prove somebody is trustworthy?)
    • There's nothing wrong with "just providing encryption", but that doesn't address the problem at hand. TRIPOLI uses encryption and identity-based authentication and TTP certificate issuers so that responsibility for sending email can be backtraced to a specific (though not necessarily meatspace-correlated) identity. This is the key to the whole system. To send mail, you must have an authenticatable identity. Spammers' authentications should have half-lives measured in seconds, assuming systems like Razor
    • Encryption & establishing identity go hand-in-hand. I work for one of the largest PPO's in the nation. It is of the upmost importance that identity can be established in addition to providing a secure means to get there.

      I need to know that not only can nobody but the recipient get my message, but that said recipient is who they claim to be.

      I am in the middle of discussions of trying to move us off of tumbleweed [tumbleweed.com] (a la hotmail type secure email) and on to pgp/gpg. I would like to hear more about your ex
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday May 08, 2003 @03:17PM (#5913210)
    Comment removed based on user account deletion
    • Agreed on SSL. Why should a web credit card transaction be "more secure" than a telephone credit card transaction. The likelyhood that someone is listening to my web transaction is about as likely that someone is listening to my phone call, when I order Chinese, and writing down my credit card number. Yes it happens, but that's why they make jails.

      It seems like people were so hell bent on making sure people felt comfortable spending money online that they threw out common sense in the process.

      As for em
  • So long credibility (Score:3, Interesting)

    by TedCheshireAcad ( 311748 ) <ted AT fc DOT rit DOT edu> on Thursday May 08, 2003 @03:19PM (#5913251) Homepage
    Credibility of idea has been lost due to usage of the word "empower".
  • by TomatoMan ( 93630 ) on Thursday May 08, 2003 @03:24PM (#5913284) Homepage Journal
    For all of you crying that SMTP will never die because everybody uses it even though it's broken, RTFA.
    The Tripoli environment visualizes a "parallel" e-mail system that could operate alongside the existing SMTP e-mail environment for the indefinite future.
    Just because SMTP can't be fixed (it can't) doesn't mean it has to die - just that a better alternative has to emerge. I'll keep my SMTP servers running indefinitely and I'll keep SMTP mail, but as better systems emerge I'll be telling people that the more reliable way to contact me is with methods that I know aren't going to give me the experience of picking through the trash when I check my mail. I'll still check my SMTP mail, but probably with decreasing frequency as time passes.

    For those of you saying "just improve your filters," (1) give me a filter that can parse an HTML message containing only an image to determine whether it's spam or not (no, you can't reject all HTML mail or mail with attachments, if my brother drags-n-drops a picture of my nephew and clicks "send," I want to receive it), and (2) figure a way to keep the message from being delivered until that determination is made. Post-delivery filtering doesn't solve the bandwidth/cost/traffic problems.

    Be courageous, people. Nobody screamed that we didn't need the telephone because the telegraph worked fine. Protocols emerge from changing circumstances. SMTP had its use over the last 30 years, but its time is waning with the onset of the global public internet full of untrusted senders seeking to abuse the system. It's time for a better protocol, and I applaud everyone involved in making a serious effort at developing one instead of trying to fix the unfixable.
  • How is this any different from having a global kerberos server that everyone authenticates to and then includes a signed checksum of the email message using ticket data.

    Almost sort of sounds like.... Passport!

    The rose doesn't smell so sweet when it bears the name Microsoft does it?

    Why is it that when some chick and dude get some stupid idea to make them famous, spend $50 bucks on a domain name, and post a website, /. has to carry it?

    Next
  • It is great that folks are taking this issue more seriously but how is improving the protocol for sending email going to deter spam? This seems analogous to discouraging annoying speech by changing languages.

    On a fundamental level. Economics drives SPAM. People send it because they are making money. The most efficient way to stop SPAM is probably just to render it unprofitable somehow.

    Developing a new solution is usually the best way to fix technical problems. But this is really a social/economic p

  • There are a number of problems with this idea, which may at first seem to be the ideal solution to problems plaguing e-mail. Some have suggested that something along these lines be done, and PFIR only seems to be the latest to make these kinds of suggestions. So what are the problems with it?
    • The whole idea of replacing e-mail protocols to solve this problem is nothing new. In fact, replacing protocols is something that has often been suggested, but it is not so easy to just replace them. For example, whe
    • Everyone keeps using IPv6 as the ugly poster child.

      Well guess what? I've heard more and more about IPv6 the last year. More and more projects are including support for IPv6. The ball has to at least be there before it can start rolling.

      "If you build it, they will come."
    • And won't spammers be able to circumvent whatever is in place for spam prevention?

      In this case, yes. The system described relies on downgrading people with certificates who abuse their privelege and send spam anyway. The gap in time between when they start sending spam, and when their certificate is downgraded presents the same problem that double spends do for e-cash, but in the case of spammers, nifty techniques for revealing the identity of the double spender are irrelevant; the merchandise (the del

  • No, stupid idea. And there's no need. The war on spam is being win, not lost. Spammers are increasingly desperate. They're now resorting to outright criminal cracking, writing worms to send spam through. They don't do that because open relay raping is working.
  • by radulovich ( 47127 ) on Thursday May 08, 2003 @03:36PM (#5913411) Homepage
    Is not to reinvent the protocol. Spammers will disappear if nobody reads their spam (because it will be too ineffective, even at a cheap price).

    The better solution is simple - let me rate the"trustworthiness" of the sender who sends me email and sort it appropriately. I can add all my family and friends to the "explicitly trusted" list. Then, the server can allow for an option such as "possibly trusted", which might include all emails from the same domain I'm in, or from domains I specify (e.g. *@mit.edu).

    All other email will be tagged as "untrusted". Now, I can set my email browser to color code them, simply ignore them, or set a rule for each category. Yahoo! already does this, showing a smiley face with the emails that come from people in my address book

    This can be done simply, and without rewriting any protocols. Beware people who want to reinvent the wheel to gain profit when there is no need. "Pit certification" is unnecessary, and too costly.

    -Mark Radulovich, CISSP
  • by sirket ( 60694 ) on Thursday May 08, 2003 @03:41PM (#5913488)
    -Begin Rant-

    The problem with spam is simple: the old rule that we should be forgiving about what we accept and strict about what we send.

    We could wipe spam out, or at least render it controllable, if we simple required proper DNS entries (A, MX, PTR) and proper server configuration (HELO information, etc.)

    Unfortunately, every Tom, Dick and Harry feels it is his god-given right to run a mail server despite having ABSOLUTELY NO IDEA what is required to run one. The sheer number of people without postmaster and abuse accounts is astonishing and both are required. The sheer number of people without matching forward and reverse DNS entries is astonishing. The number of people who call their server "Blah" and then put in a DNS entry for "mail" without an entry for "Blah" is amazing. Although this last part is not required by the RFC's, why on earth should I have to look through my logs and see "Blah" when there is no DNS entry for it? How am I supposed to troubleshoot?

    Oh well, I give up.

    -End Rant-
  • by D4C5CE ( 578304 ) on Thursday May 08, 2003 @03:43PM (#5913505)
    Last week at the FTC [slashdot.org], many of the "experts" advocated sticking our heads in the ground though the sandstorm of spam grows ever stronger.

    Now we are told once more that the best cure against spam should be to reinvent something to replace the tried-and-true eMail system of decade-old reliability, just because some sociopaths apparently cannot learn to behave without getting a spanking (or jail time) and U.S. privacy laws are still too weak [brook.edu] to stop the spam.

    And after all the years that spam has plagued the networks, that's quite a poor achievement for a nation that managed to outlaw junk faxes, and had confirmation from the courts that regulating advertising does pass constitutional muster perfectly well:

    "Nothing in the Constitution compels us to listen to or to view any unwanted communication, whatever its merit... We therefore categorically reject the argument that a vendor has the right under the Constitution or otherwise to send unwanted material into the home of another... We repeat, the right of a mailer stops at the outer boundary of every person's domain."

    Supreme Court
    Rowan v. U.S. Post Office
    397 U.S. 728

    Subsequently, numerous decisions have also made it crystal clear [slashdot.org], over and over again, that neither the First Amendment nor the Dormant Commerce Clause are an obstacle to outlawing electronic spam, by fax or any kind of eMail.
    Nor is it at the expense of any legitimate business. Industry itself can't stand the spam anymore.

    This is not about "lawmakers never knowing enough about the Internet to regulate any aspect of it in a meaningful way", it's about doing something to prevent imposing compulsory changes to technology that keep fighting the symptoms rather than the cause.
    Congress should get over such shameful cowardice and make the simple law that's needed and proven to work.

    There is no need to re-engineer the Internet.
    There is no justification for widespread surveillance and data retention under the poor excuse of trying to track down spammers.
    There is no risk of banning mailing lists or commercial eMail.
    There is no doubt what the sociopathic behavior is.

    All that is needed is mandatory opt-in for unsolicited bulk eMail (encompassing all kinds of electronic messaging).

    And yet some self-proclaimed "experts on electronic advertising" (whose only merit probably is that they know how to spam because they've done it a trillion times at everyone else's expense) keep pretending that opt-in wasn't legal, or feasible, or desirable.

    Opt-in works, and it does not hurt anyone but the spammers.

    Europe [slashdot.org] has adopted it, Australia [theage.com.au] is adopting it (how far behind do you want the U.S. to be, are we to wait for China to outlaw spam before the U.S. will?!), but most importantly the USA [clickability.com] have successfully adopted it themselves against junk faxes.

    There's probably something wrong in Washington D.C., and the news media in general, when the most insightful newspaper article on the issue comes from USA Today.
    Be sure to fax or eMail it to your congress(wo)man [archive.org] though.
    Don't spam them, but do attach some selected masterpieces of spam if you think they need an idea of what ends up in the inbox of their constituents, and of their children, 9 billion times, every single day.

  • by Neophytus ( 642863 ) on Thursday May 08, 2003 @03:46PM (#5913544)
    Have the SMTP amended so that MTAs perform a DNS check on the previous server, and if it doesnt match correct the header. With guarenteed un-forged headers then at least reporting will be a hell of alot easier.
    • My SMTP server has multiple DNS names pointing to it. If I send spam from name A, and it reverse-dns's to name B, then my mail doesn't work? Count me out.

      If you did it the other way around (looking up the IP from the DNS and seeing if they match) that would help, but what about joe random DSL customer running his own SMTP server? Can't stop that.
  • I'd prefer challenge response to that.
  • Spam cannot be destroyed. Spam is like AIDS, everytime we try to come up with an effective way to combat it, it mutates into another form and renders the previous mutation's antibody a moot point.

    We just have to accept the fact that we have lost the war with Spam and learn to live with it in our daily lives. I have, and am a lot better for it;

    I have learned over 400 ways to refinance my house, increased my penis size by 5 times, heard from lots of hot slutty girls that want to hang out with me, Cure

  • A better approach... (Score:3, Interesting)

    by .@. ( 21735 ) on Thursday May 08, 2003 @03:59PM (#5913663) Homepage
    is one based on peer-maintained and user-maintained trust. I have written the outlines for such an approach [bitshift.org].
  • ...blah...blah..."they've become a hopeless nightmare for users and ISPs alike," said Weinstein

    ...yiddy...yaddi..yadda..."These problems are getting more severe every day," said Neumann

    "Aren't these two people PFIR?? If so, why are they quoting themselves?!?!?" Said thrillbert.

    ---
    I often quote myself; it adds spice to my conversation.
    -- G. B. Shaw
  • by Greger47 ( 516305 ) on Thursday May 08, 2003 @04:11PM (#5913783)

    From their webpage:

    A key aspect of the Tripoli environment is the concept of a third-party certified, encrypted authentication token that would be cryptographically linked with every e-mail message. Within the Tripoli architecture, this token is referred to by the acronym "PIT" (Payload Identity Token, henceforth referred to as "Pit") and is at the core of Tripoli.

    It is anticipated that all Pits considered acceptable by the vast majority of all Tripoli-compliant software user would be digitally signed by one or more designated, trustworthy, third-pary authorities who would be delegated the power to certify the validity of identity and other relevant information within Pits.

    This doesn't add anything that S/MIME or PGP singed mail doesn't alrady do. And it will fail for the same reasons, putting the public key infrastructure in place is prohibitive.

    It worked for https at the expense of creating the VeriSign tax, but the number of https enabled websites are few compared to the number of people using e-mail.

    Ofcourse, if we bend over and hand over our e-mail to VeriSign we might finally de-throne Bill as the richest guy around...

  • The "SMTP Service Extension for Secure SMTP over TLS" (STARTTLS for short) defined by RFC 2487 [ietf.org] already provides the technical framework for Tripoli. And is today supported by Sendmail, Exchange, Postfix, Exim, etc.

    It normally runs over TCP port 25, the initial connection is normal SMTP, then the STARTTLS directive begins a TLS-encrypted session. STARTTLS can be configured to only accept mail sent with a trusted certificate, or to allow anyone to connect - it is compatible with existing SMTP.

    The one additi
  • Uninspired (Score:3, Interesting)

    by A non moose cow ( 610391 ) <slashdot@rilo.org> on Thursday May 08, 2003 @04:23PM (#5913888) Journal
    I think these ideas are on the right track in that they acknowledge the largest fault with the current email system to be lack of control over accounts by the owner of the accounts. However, the hazy ideas that are hinted at as solutions are not the right idea. They are overburdensome to implement, and I can still think of plenty of ways around them.

    As for getting people to begin moving to a new system, it will need to be more than just certificate additions and user controlled filters. It will need to be something that end users can immediately understand as "this is better and easier". With the given proposals, people will have no incentive to change. that attitude will be, "Sure, I'm told the new thingy is better, but I'd rather just deal with the spam than have to deal with something new that I dont understand." End users mostly have the attitude of, "If i do nothing, I can still get my emails. If I change to something new, I might break something and be without my daily communications".

    That will be where the big hurdle is.
  • first:
    "People For Internet Responsibility"
    They propose to interduce a standard to enforce responsibility? ludicrious, you can not standardize responsibility.

    The change they, and many others, propose to deal with spam takes away a lot of the freedom that legitimate user need.
    Perhaps I need to send an email to a coworker who isn't bathing? I would need to do it anonymously so as to prevent lawsuits, and lessen a hostile tone.
    What if I am fighting an oppressive government?
    Would there have ever benn a deep thr
  • by jmorris42 ( 1458 ) <jmorris@[ ]u.org ['bea' in gap]> on Thursday May 08, 2003 @07:06PM (#5915127)
    Depending on some signing authority to end spam is stupid. Spammers will just buy keys like they buy disposable AOL accounts unless the price is high enough to be a burden on small sites.

    Expecting laws to stop people who already make hiding their true identity and crossing as many jurisdictions as possible because they are usually selling ILLEGAL products is insane.

    In the end there is only ONE solution. It is the use of encryption/signing, but not the way most people think of using it. Mail User Agents need the following fixes, made so that the average AOL/Outlook user can handle it. By default they only accept mail from people already in the address book. All mail is sent GPG/PGP signed, with the public key attached and the clients grab keys automatically.

    When an mail arrives from someone that isn't in the address book it sends them a challenge that only a human can answer (more on this below). If that test passes it allows the original message through and sticks the public key in the addressbook. If the message was not signed it stores the address of the SMTP server it came from as a backwards compatible fallback. The end result is that legit senders only get challenged once if their client signs, otherwise they get challenged once each time they send from a different server. Spammers have to have a human involved for each spam for each user which kills the attraction of the practice.

    Now, about those challenge methods that only a human can solve. Make that a plugin architecture. Have modules that send a multiple choice question or two, some that send text as a graphic in some whacked way, etc. Allow people to express their personality through their choice of verification method.

    This suggestion would kill spam dead, put only a minimal burden on legit traffic and require no laws or centralization of the Internet. Which is why Outlook will never implement it and therefore the problem will continue to fester.... until enough people become willing to trade liberty for what? In this case, mere convenience.

UNIX enhancements aren't.

Working...