Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Replacing SMTP?

Cliff posted more than 11 years ago | from the redesigning-the-protocol dept.

Security 539

dousette asks: "In reading over one of the RFC's governing the SMTP protocol, and other RFC's as well, it's interesting to note that you see some big names and big companies from time to time. With all the loopholes in the current SMTP specification, is it possible for the Slashdot collective to come up with another one? Would it stand a chance in making it into a standard, or do they just listen to Cisco, AT&T, etc? I realize that a lot of people have a lot of ideas how things should be done (and they haven't been shy about posting them to Slashdot), but has anyone tried to write the RFC for a replacement protocol? As a side note (where I won't be shy about posting how things should be done), if there were a replacement trusted protocol, one could have mail received via that protocol bypass spam filtering, id checking, or whatever checks might be in place (saving processor cycles, etc). The regular checks could still be done on other mail received via the 'older' SMTP protocol. If more and more ISP's make use of this, SMTP could be gradually phased out... or if you are one for a sudden cut-over, just cut to the new one at the same time as the IPv6 upgrade!"

cancel ×

539 comments

Sorry! There are no comments related to the filter you selected.

Check out Internet Mail 2000 (5, Informative)

Bryan Ischo (893) | more than 11 years ago | (#6610355)

D. J. Bernstein, the author of the supremely reliable and secure qmail mail server, wrote a proposal for a new Internet mail system a couple of years ago. It's called Internet Mail 2000. Check it out at:

http://cr.yp.to/im2000.html [cr.yp.to]

The basic premise is this:

"IM2000 is a project to design a new Internet mail infrastructure around the following concept: Mail storage is the sender's responsibility."

It's an interesting concept and worth a read.

Unfortunately it doesn't look like it would do much to stop spamming, which is the major problem with the current internet mail infrastructure. For that, we need some way to make sending bulk email costly to spammers. Actually I'd say that this could be done already with current technologies, it's just that ISPs and large network providers are not being responsible in ensuring that the users of their networks pay the appropriate price for sending out SPAM.

Maybe ISP's should charge users for each outbound SMTP connection they make? I'd happily pay 10 cents per email I sent if it would reduce the amount of SPAM I received. It would only cost me a couple of bucks a month too at the rate that I send email ...

Re:Check out Internet Mail 2000 (5, Insightful)

letxa2000 (215841) | more than 11 years ago | (#6610436)

Maybe ISP's should charge users for each outbound SMTP connection they make? I'd happily pay 10 cents per email I sent if it would reduce the amount of SPAM I received. It would only cost me a couple of bucks a month too at the rate that I send email ...

I wish people would stop inviting rate increases or new charges as an answer to spam. It's not the answer. It might be inexpensive for you, but many of us DO send a lot of email and it'd get expensive really quick. You'd get rid of a lot of good and valid email communication along with the spam.

I'm even opposed to the "pay a dime, but I'll give it back if I wanted to hear from you" approach. Those of us running a mailing list would run the risk of having some idiot sign-up a bunch of accounts only to have that person say "No, I didn't want that" and collect the money.

I believe we need a trusted protocol. This might be as simple as having all emails PGP signed and everything else being sent to the bit-bucket (if you want to be aggressive) or only passed through to the user if the unsigned message had an extremely low spam score.

But if everyone were to use Bayesian I swear we wouldn't even have to propose a new protocol, talk about new legislation, etc.

*SIGH*

Re:Check out Internet Mail 2000 (2, Interesting)

aardvarkjoe (156801) | more than 11 years ago | (#6610478)

The "pay for email" approach would only work if it was possible to whitelist addresses who would then not have to pay. The mailing list problem then would not exist -- you simply require that anyone who signs up whitelists the mailing list address.

not the answer - you got that right! (4, Interesting)

Tumbleweed (3706) | more than 11 years ago | (#6610539)

> I wish people would stop inviting rate increases or new charges as an answer to spam. It's not the answer.

And the perfect example is regular junk snail mail. It costs them to send it, yet even in the Internet Age(tm), I still get a ton of it. Obviously that's NOT the answer, so "Don't Go There"(tm). :)

I think locking down SMTP servers and requiring verified & correct return addresses would go a long way toward curbing spam. Then when you disallow someone to send you mail, it could really work.

A combination of white lists/black lists, and Baysian filtering stops so close to 100% of spam that it's really silly for anyone to be bitching about spam these days. I don't GET any spam anymore - 0. Not 0.001%, 0 - the integer 0, as in none. If I ever get another piece of spam, then I'll change my email address (I can do that more easily than most as I have my own domain.), though this isn't the answer for everyone - lots of people have e-mail addresses printed up on lots of expensive cards & letterhead, etc. For them, the white list / black list / Baysian filtering solution should suffice way more than anyone should practically need.

Stop yer bitchin', people, and implement the technologies that are already out there and work great. Plus use yer freakin' brains for a change, and don't spew out your real e-mail address to everybody who asks for it. Use your friend's! :)

Re:not the answer - you got that right! (0)

Anonymous Coward | more than 11 years ago | (#6610649)

sure thing tumbleweed@tumbleweed.net [mailto] . Just a reminder to watch that web site of yours. Web crawlers are great at snagging email addresses. But I assume this is not your primary, no?

Re:not the answer - you got that right! (2, Interesting)

Xformer (595973) | more than 11 years ago | (#6610658)

I think locking down SMTP servers and requiring verified & correct return addresses would go a long way toward curbing spam. Then when you disallow someone to send you mail, it could really work.

In that case, who would define "correct" addresses, the ISP? And how would they be defined? I have at least 1-2 email accounts that I retrieve mail from with POP3, but send outgoing mail with the same domain through my ISPs mail server because there is currently no other way. I own (or, more correctly, lease) the domains myself, so no one can legally tell me tell me that I can't send email using those domains. The fact that I send outgoing mail through my ISPs mail server happens to be a necessary evil.

On the other hand, my mail server is definitely locked down. The failed open relay probe that someone tried last night proves that. That's the part that needs to (and can easily) be done, but the few that I've contacted about open relays won't respond or do anything with that information.

Re:Check out Internet Mail 2000 (1)

innosent (618233) | more than 11 years ago | (#6610558)

But if everyone were to use Bayesian I swear we wouldn't even have to propose a new protocol, talk about new legislation, etc.

Agreed, people often seem to miss the point. Spammers only exist for one reason, because some morons actually bought something advertised in spam. If people stop paying attention to them, nobody would pay for spam to be sent, and the problem would just go away. It does cost spammers money (not much, I know) to operate, and if they have to lower their rates, or can't attract enough customers because most people just ignore spam, they'll go out of business. But as long as your grandmother keeps buying every crappy photo frame she sees, and you keep looking at porn, spam will probably be here to stay. I don't like it, so I filter it.

Re:Check out Internet Mail 2000 (1)

necio_online (260138) | more than 11 years ago | (#6610448)

>It would only cost me a couple of bucks a month too at the rate that I send email ...

Sure... what if you wanted to run the Linux Kernel Mailing List in your server?

Re:Check out Internet Mail 2000 (2, Insightful)

edrugtrader (442064) | more than 11 years ago | (#6610459)

YOU CAN'T RUN A PAY BY THE EMAIL SYSTEM UNLESS THERE IS *1* EMAIL SERVER (or network of servers run by the same entity) FOR THE WORLD.

you don't realize that IM is a form of email? you are just sending packets of text... the second someone charges for SMTP, i'll just run my own. you could just charge the end users for data transfered instead of flat monthly fee, but most wouldn't go for that.

Re:Check out Internet Mail 2000 (0, Interesting)

Anonymous Coward | more than 11 years ago | (#6610461)

While I would gladly pay for a (reasonably priced) email system, I'm not sure the outbound payment scheme would work. In my daily use of email, i don't send more than 5 or 6 *internet* messages per day. Of course, lan messages to coworkers is quite different. Obviously this would impact telecommuters and independant contractors.

Where my main cause for concern is, is the use of email by corporations for notifications and account issues. Every time i make a purchase from amazon.com, i don't want to have a $0.30 or so in hidden costs factored into my shopping experience for the order confirmation and shipping notification messages i should get. When you factor the number of sales (and thus, the number of emails they send out) it can really eat into amazon's bottom line, which affects me.

I totally agree that the system needs to punish and prevent spammers though. I just think doing harm to a section of home and legitimate email users is not the answer.

Re:Check out Internet Mail 2000 (4, Insightful)

gid (5195) | more than 11 years ago | (#6610532)

Hrm, never seen that before, im2000 has some good idea for simplifiying things, but it seems like it would just be unreliable and unfeasible.

With the current system, an smtp server can go down, and no one would notice because no one was received their email yet, but with im2000, if the sending machine goes down, then no one can read their mail from there. This would create a lot of unknowns, "why can't I read my email?". Also what about people that don't have a full on connection, you don't want to require those people to be connected just to read their mail. Sure you can queue it for downloading offline somehow, but that's going to be much slower than normal because you have to connect to say 30 different servers where your email is hosted.

Also there's the case of somesmallcompany.com sending out a mailer/advertisement to millions of people, because the email is hosted on their machine, their connection/server might become overwhelmed, causing heaches for everyone wanting to read their mail. "Why does my mail load so slow?"

It's a nice try, but it'll never work.

Another thing, what happens when the message is done being read? Is it deleted on the sender's machine? If so, then how will the user remember that they sent the email to check if it's been read. If not, when will the message get deleted? Obviously it can't stay there forever.

The great thing about the current system, is that you just send and forget. If it bounces, you get a new email message saying hey, something went wrong. But with im2000, if the message hasn't been read yet, WHY? Did the user just not check their mail yet? Is there connection/routing problem where they suddenly occurred after the hosting server sent the notification, etc.

Re:Check out Internet Mail 2000 (1)

Anonym0us Cow Herd (231084) | more than 11 years ago | (#6610535)

Maybe ISP's should charge users for each outbound SMTP connection they make? I'd happily pay 10 cents per email I sent if it would reduce the amount of SPAM I received. It would only cost me a couple of bucks a month too at the rate that I send email ..

Do you suppose the ISP that is owned by SpamCo, Inc. would actually charge its users the fee?

Re:Check out Internet Mail 2000 (0)

Anonymous Coward | more than 11 years ago | (#6610613)

Yea, and the spammers would get the bulk rate of .001 per email.

Re:Check out Internet Mail 2000 (1)

rootyard (694538) | more than 11 years ago | (#6610627)

I think coming up with a new way (protocols and the like) to handle email traffic is a noble idea. However, as long as there are people trying to devise a solution to the problem, there will be others (spammers) finding holes in the solutions. The only way I believe to take care of this is through ISP enforcement. There is no other way. Unfortunately, no one likes the idea of having any more freedoms taken away by ISP's and the police.

I would not like to have to pay any extra amount for any email that I send out. (I only send out around 10 a day on the average-- @ 10cents per each that would cost me an extra $30 a month! $360 a year) A solution may be to charge a tax (millage, fee, what have you) whenever a sender decides to send more than a certain amount of emails in a certain time period. Unfortunately, there will be ways around even this.

What it boils down to is freedom vs security and/or convenience. Personally, I don't see spam as a threat to me (I can delete them rather quickly--and I am getting many daily). I'd rather not see any new laws concerning internetworking if at all possible. Things look scary enough with the Patriot Act and those that are willing to give away freedoms for security and conveniences.

Re:Check out Internet Mail 2000 (4, Interesting)

bryanthompson (627923) | more than 11 years ago | (#6610629)

For that, we need some way to make sending bulk email costly to spammers
This argument has been used over and over again, and it's just plain wrong. Think about it. Telemarketers have the cost of using the phone, fax-spammers (network marketers) use phone lines also. Bulk snail-mailers pay postage. For some reason, they're all still surviving. Why?

Because the cost becomes built in to their business model. it won't stop, it will only hurt regular users to charge for email/services. Sure, their profits may be cut a little bit, but that's not going to stop them. if anything, they'll do it more, because if their profit margin is smaller, they'll have to spam harder... right?

Text in Case of Slashdotting (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#6610356)

"In reading over one of the RFC's governing the SMTP protocol, and other RFC's as well, it's interesting to note that you see some big names and big companies from time to time. With all the loopholes in the current SMTP specification, is it possible for the Slashdot collective to come up with another one? Would it stand a chance in making it into a standard, or do they just listen to Cisco, AT&T, etc? I realize that a lot of people have a lot of ideas how things should be done (and they haven't been shy about posting them to Slashdot), but has anyone tried to write the RFC for a replacement protocol? As a side note (where I won't be shy about posting how things should be done), if there were a replacement trusted protocol, one could have mail received via that protocol bypass spam filtering, id checking, or whatever checks might be in place (saving processor cycles, etc). The regular checks could still be done on other mail received via the 'older' SMTP protocol. If more and more ISP's make use of this, SMTP could be gradually phased out... or if you are one for a sudden cut-over, just cut to the new one at the same time as the IPv6 upgrade!"

could it be? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6610358)

second post

fp (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6610365)

fp bizzatch

Still Need Spam Filtering (1)

Roger W Moore (538166) | more than 11 years ago | (#6610368)

one could have mail received via that protocol bypass spam filtering

This would work until the spammers start using the new protocol.

Re:Still Need Spam Filtering (1)

Sloppy (14984) | more than 11 years ago | (#6610600)

If you choose the protocol wisely, spammers will never (or only very rarely) get around it, whether they use the new protocol or not. The key is this: all mail that bypasses filtering, should be authenticated to be from someone (I recommend OpenPGP) who has a reputation to lose.

If the spammers want to use the new protocol and sign their mails to avoid the content filters, fine. But they will never get through the reputation filters, unless someone who used to be a "good guy" betrays the world and blows their rep in doing it.

Re:Still Need Spam Filtering (1)

bryanthompson (627923) | more than 11 years ago | (#6610640)

What is the price for someone's integrity these days? Last I checked... it wasn't a whole lot.

Nothing wrong with SMTP (0)

Anonymous Coward | more than 11 years ago | (#6610370)

It's the implementations and default configurations that suck.

djb again (1)

phUnBalanced (128965) | more than 11 years ago | (#6610371)

im2000 [cr.yp.to]

Interesting idea (0, Flamebait)

Eudial (590661) | more than 11 years ago | (#6610375)

But there are protocols that needs upgrading aswell.
For an instance HTTP, it could use some on the fly compression (which would speed up things a bit).

Re:Interesting idea (3, Informative)

Anonymous Coward | more than 11 years ago | (#6610422)

I suppose you've never heard of mod_gzip before, then?

Re:Interesting idea (1)

sfire (175775) | more than 11 years ago | (#6610453)

Mod parent up. Makes mention of mod_gzip. Which does EXACTLY what the root post wants for http.

Re:Interesting idea (1)

skookum (598945) | more than 11 years ago | (#6610443)

What? Have you never heard of mod_gzip [schroepl.net] ? Do you have any idea how http works?

Re:Interesting idea (1)

dietz (553239) | more than 11 years ago | (#6610452)

or an instance HTTP, it could use some on the fly compression (which would speed up things a bit).

HTTP supports on-the-fly compression. Your browser can specify which compression types it accepts with the Accept-Encoding [w3.org] header.

Your web server can support it by sending a Content-Encoding [w3.org] header.

For apache support, see mod_deflate [apache.org] .

Re:Interesting idea (0)

Anonymous Coward | more than 11 years ago | (#6610491)

Are you trolling? HTTP already supports compression with the Content-Encoding header.

Built in white-listing? (1)

Thinkit3 (671998) | more than 11 years ago | (#6610379)

Option to not even let e-mails that aren't on the list get in. White-listing is going to be very important.

Re:Built in white-listing? (1)

sfire (175775) | more than 11 years ago | (#6610429)

There are tons of systems that support white listing of e-mails. The one my dad came up with uses procmail and does white listing along with black listing with regular expressions for any header. It is called spamgard [panix.com]

That is fucking retarded (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6610382)

Yeah, lets just cut over to IPv6 and whipe out SMTP in one quick swipe...no big shit. That is fucking stupid. You know what a goddamn headache that would be? And to what end? What could you really acomplish?

What about the evil bit :P (2, Funny)

QLNESS (524995) | more than 11 years ago | (#6610383)

Why doesnt the new implementation use the evil bit. It the server is written by m$, or running on an m$ platform it sets the evil bit. If its running under linux it doesnt set it and ignores all mail comming in using evil bit! :P Simple really :P

Re:What about the evil bit :P (1)

meme_police (645420) | more than 11 years ago | (#6610624)

s/linux/OpenBSD/g and I'd agree with your sentiment. Your post was very funny nonetheless!

New Protocol Name (5, Funny)

liam193 (571414) | more than 11 years ago | (#6610385)

This sounds like a great idea. Let's present a new protocol. I suggest we name it Slashdot Mail Transfer Protocol. We could use the shortened form SMTP. hmmm well... on second thought maybe the name needs more work.

Re:New Protocol Name (2, Funny)

error502 (694533) | more than 11 years ago | (#6610438)

I don't think the name needs more work. We can just call the new one SMTP Hi-Speed and the old one SMTP Full-Speed. If the USB people can do it, so can we.

Jabber (2, Interesting)

erat (2665) | more than 11 years ago | (#6610386)

Can't Jabber do a lot of what you're asking for?

Imagine, (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6610387)

if SMTP was replaced, we couldn't have a BEOWULF cluster of SMTP servers.

*ducks

I've been slandered! (-1)

Anonymous Coward | more than 11 years ago | (#6610651)

Modding me as off-topic? What part of on-topic do you not understand?

I mentioned SMTP - this is relating to the topic
I mentioned a BEOWULF cluster - networked computing is synonymous with using BEOWULF cluster technology

I was not off-topic, and I dare to ask for a metamod recognizing such. Slashdot is the persona governing this post, thus it is not freedom of speech, and I hereby petition slashdot meta-moderators for a redress of grievances!

*QUACK QUACK

What a silly article. (1, Insightful)

mkozlows (21830) | more than 11 years ago | (#6610390)

No, the "Slashdot collective" has no realistic chance of replacing SMTP. But then, neither does Cisco or Microsoft or Sun. Not with umpteen trillion SMTP servers out there, all of which would need to be replaced en masse.

Re:What a silly article. (4, Insightful)

leerpm (570963) | more than 11 years ago | (#6610489)

I agree, any solution to spam that relies on replacing the SMTP protocol is bound to fail for this reason. The current issues with IPv6 migration should prove to everyone that the strategy of rip-out and replace does not work. I think what needs to be explored are added backwards-compatitable extensions to the protocol. Perhaps adding a few commands for whereby some sort of public key exchange is involved.

Re:What a silly article. (1)

3rd_Floo (443611) | more than 11 years ago | (#6610551)

You could always just exploit their version of sendmail or Exchange if they dont want to upgrade. Its done weekly as it is, might as well put it to use.

Costs (5, Interesting)

$exyNerdie (683214) | more than 11 years ago | (#6610401)


A lot of research and ideas and papers have been thrown around to replace SMTP with a better protocol but the costs involved are a major discouraging factor and people don't want to install a system when there is no guarantee that all the recipients have it too.

Maybe servers using a new mail protocol should be designed such that they first attempt to use the new protocol and if connect fails, try the good old SMTP

Re:Costs (2, Interesting)

jc42 (318812) | more than 11 years ago | (#6610623)

This scheme is an important part of the old UUCP package. Part of its handshake protocol is a message that lists all the protocols that the caller understands, in the order the caller would prefer to use them. The recipient goes through the list, picks its favorite, and sends back a message saying "Let's use X."

The advantage to this is that you can introduce new protocols completely painlessly. You pick a new name (after asking around on the newsgroup if anyone is using it), link your new protocol module into the protocol tables on the systems where you want to use it, and start using it. If you connect to a machine that doesn't have your protocol, it will simply tell you to use one of the others on your list. If your protocol is good, it will spread and will be early in the table for a lot of software. It can then slowly supplant the older protocols.

And you stay compatible with older systems by merely keeping the old protocol modules in your tables.

This is 1970's technology. So I suppose we'll soon read that Microsoft has just patented it.

Do we really need a new standard? (1, Insightful)

Cosmos_7 (128549) | more than 11 years ago | (#6610402)

SMTP certainly isn't perfect, but I'm not sure what improvements need to made to the protocol. Mail *should* be open and unrestricted. While I realize many people have issues with the current system (such as spam), I think most of these should be corrected at the server or client level rather than at the protocol.

Re:Do we really need a new standard? (0)

Anonymous Coward | more than 11 years ago | (#6610570)

Indeed email's success as a new means of communication undoubtedly stems from its being open and unrestricted, pretty much like snail mail. This openness has to be preserved for the sake of diversity.

SDTP (4, Funny)

thenextpresident (559469) | more than 11 years ago | (#6610404)

"is it possible for the Slashdot collective to come up with another one?"

SlashDot Transfer Protocol - Essentially, the way it works, is the information is posted on one single, easily crashed server. Then, this information is linked to by Slashdot. Then, said server is taken down. However, 1,000 other posters will have mirrored it by then, therby helping in the "transfer" of the information.

Re:SDTP (1)

barzok (26681) | more than 11 years ago | (#6610415)

Sounds more like Bittorrent to me.

Re:SDTP (1)

thenextpresident (559469) | more than 11 years ago | (#6610462)

Bittorrent is more organized (controlled more or less by a program), whereas SDTP is simply human controlled.

Of course, SDTP also utilizes GCIP (Google Copyright Infringing Protocol) often. =)

*Preemptive Note: GCIP is not meant to be taken seriously in any way. Seeing that this is Slashdot, I am sure there are people that would read more into it then was meant.

Re:SDTP (0)

Anonymous Coward | more than 11 years ago | (#6610547)

I hear they tested it with a marriage proposal... Was quite a while ago, though.

Re:SDTP (0)

tool462 (677306) | more than 11 years ago | (#6610554)

It should also include the modding system to reduce spam. Not only would it eliminate the corporate garbage, it would get rid of those obnoxious urban-legend-chain-mail forwards that I get from my Grandma.

"Sigh. No, Nana. Nobody is going to try to harvest your kidneys for sale on the black market... I don't care what the Beta Email Tracking Application told you."

QMTP (1)

jwork (571047) | more than 11 years ago | (#6610409)

Dan Bernstein also created QMTP protocol for fast mail delivery. Check it out at http://cr.yp.to/proto/qmtp.txt

GNAA SMTP (Semen to Male Transfer Protocol) (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6610413)

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [tux.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it.

Second, you need to succeed in posting a GNAA "first post" on slashdot.org [slashdot.org] , a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here [nero-online.org] .

If you have mod points and would like to support GNAA, please moderate this post up.

This post brought to you by Penisbird [nero-online.org] , a proud member of the GNAA

G_____________________________________naann_______ ________G
N_____________________________nnnaa__nanaaa_______ ________A
A____________________aanana__nannaa_nna_an________ ________Y
A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
G__________ana_naa__an___nnn______________________ ________E
N__________ananan___nn___aan_IGGER________________ ________R
A__________nnna____naa____________________________ ________S
A________nnaa_____anan____________________________ ________*
G________anaannana________________________________ ________A
N________ananaannn_AY_____________________________ ________S
A________ana____nn_________IRC-EFNET-#GNAA________ ________S
A_______nn_____na_________________________________ ________O
*_______aaaan_____________________________________ ________C
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aliquam mollis, libero non facilisis vehicula, quam sem fermentum urna, at porttitor neque odio nec purus. Morbi felis. Mauris arcu turpis, dignissim sed, tristique sit amet, euismod ac, tellus. Pellentesque sit amet nulla. Vestibulum volutpat. Fusce viverra mattis orci. Phasellus sed ante. Vivamus nunc sapien, tristique in, sollicitudin ut, blandit vitae, purus. Cras nonummy facilisis leo. Donec ultricies. Integer eu lacus ac dui consectetuer placerat. Duis nonummy dui id wisi. Nam ullamcorper feugiat eros. Quisque iaculis ligula id elit. Aenean mattis. Proin ut massa vitae ante tempor imperdiet. Donec elit libero, imperdiet ac, pellentesque et, mattis et, diam. Pellentesque venenatis, ipsum vel mollis fermentum, ligula felis elementum ante, sit amet euismod diam pede eu mi. Phasellus tellus est, pharetra ac, placerat ut, vehicula et, quam. Sed tempor posuere lectus. Donec eget libero. Nullam tincidunt mauris et nibh. Phasellus tempus fermentum diam. Morbi at mauris dapibus lacus malesuada molestie. Morbi vehicula, elit quis posuere mattis, arcu tellus ultrices ante, sit amet rhoncus dolor neque eget lacus. Integer in odio. Ut malesuada mi et nibh. Vestibulum wisi justo, vestibulum a, pretium sit amet, euismod a, augue. Aliquam vitae nisl eu metus dignissim eleifend. In hac habitasse platea dictumst. Praesent faucibus tempor tortor. Suspendisse dignissim eleifend dui. Duis adipiscing tellus at nulla. Vivamus mollis, dolor sit amet ornare egestas, risus augue mollis lorem, eget tempus augue augue in libero. Sed tincidunt vestibulum ligula. Vestibulum ut libero eu erat sagittis nonummy. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Sed ut libero. In hac habitasse platea dictumst. Cras convallis urna sed enim. Nullam tortor ante, consectetuer eget, nonummy eu, congue a, metus. Mauris ante. Nulla sed sapien et wisi condimentum feugiat. Curabitur id augue sed nulla accumsan sollicitudin. Nam ornare justo vitae ante. Donec ligula. Donec felis augue, lacinia ut, vestibulum sit amet, ultricies vestibulum, dolor. Nunc nec nisl. Phasellus blandit tempor augue. Donec arcu orci, adipiscing ac, interdum a, tempus nec, enim. Phasellus placerat iaculis orci. Cras sit amet quam. Sed enim quam, porta quis, aliquet quis, hendrerit ut, sem. Etiam felis tellus, suscipit et, consequat quis, pharetra sit amet, nisl. Aenean arcu massa, lacinia in, dictum eu, pulvinar ac, orci. Mauris at diam tempor ante ullamcorper molestie. Ut dapibus eleifend ipsum. Nam dignissim. Donec eContrary to popular belief, Lipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source. Lipsum comes from sections 1.10.32 and 1.10.33 of "de Finibus Bonorum et Malorum" (The Extremes of Good and Evil) by Cicero, written in 45 BC. This book is a treatise on the theory of ethics, very popular during the Renaissance. The first line of Lipsum, "Lorem ipsum dolor sit get libero. Nullam tincidunt mauris et nibh. Phasellus tempus fermentum diam. Morbi at mauris dapibus lacus malesuada molestie. Morbi vehicula, elit quis posuere mattis, arcu tellus ultrices ante, sit amet rhoncus dolor neque eget lacus. Integer in odio. Ut malesuada mi et nibh. Vestibulum wisi justo, vestibulum a, pretium sit amet, euismod a, augue. Aliquam vitae nisl eu metus dignissim eleifend. In hac habitasse platea dictumst. PrDonec eget libero. Nullam tincidunt mauris et nibh. Phasellus tempus fermentum diam. Morbi at mauris dapibus lacus malesuada molestie. Morbi vehicula, elit quis posuere mattis, arcu tellus ultrices ante, sit amet rhoncus dolor neque eget lacus. Integer in odio. Ut malesuada mi et nibh. Vestibulum wisi justo, vestibulum a, pretium sit amet, euismod a, augue. Aliquam vitae nisl eu metus dignissim eleifend. In hac habitasse platea dictumst. Praesent faucibus tempor tortor. Suspendisse dignissim eleifend dui. Duis adipiscing tellus at nulla. Vivamus mollis, dolor sit amet ornare egestas, risus augue mollis lorem, eget tempus augue augue in libero. Sed tincidunt vestibulum ligula. Vestibulum ut libero eu erat sagittis nonummy. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Sed ut libero. In hac habitasse platea dictumst. Cras convallis urna sed enim. Nullam tortor ante, consectetuer eget, nonummy eu, congue a, metus. Mauris ante. Nulla sed sapien et wisi condimentum feugiat. Curabitur id augue sed nulla accumsan sollicitudin. Nam ornare justo vitae ante. Donec ligula. Donec felis augue, lacinia ut, vestibulum sit amet, ultricies vestibulum, dolor. Nunc nec nisl. Phasellus blandit tempor augue. Donec arcu orci, adipiscing ac, interdum a, tempus nec, enim. Phasellus placerat iaculis orci. Cras sit amet quam. Sed enim quam, porta quis, aliquet quis, hendrerit ut, sem. Etiam felis tellus, suscipit et, consequat quis, pharetra sit amet, nisl. Aenean arcu massa, lacinia in, dictum eu, pulvinar ac, orci. Mauris at diam tempor ante ullamcorper molestie. Ut dapibus eleifend ipsum. Nam dignissim. onec eget libero. Nullam tincidunt mauris et nibh. Phasellus tempus fermentum diam. Morbi at mauris dapibus lacus malesuada molestie. Morbi vehicula, elit quis posuere mattis, arcu tellus ultrices ante, sit amet rhoncus dolor neque eget lacus. Integer in odio. Ut malesuada mi et nibh. Vestibulum wisi justo, vestibulum a, pretium sit amet, euismod a, augue. Aliquam vitae nisl eu metus dignissim eleifend. In hac habitasse platea dictumst. Praesent faucibus tempor tortor. Suspendisse dignissim eleifend dui. Duis adipiscing tellus at nulla. Vivamus mollis, dolor sit amet ornare egestas, risus augue mollis lorem, eget tempus augue augue in libero. Sed tincidunt vestibulum ligula. Vestibulum ut libero eu erat sagittis nonummy. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Sed ut libero. In hac habitasse platea dictumst. Cras convallis urna sed enim. Nullam tortor ante, consectetuer eget, nonummy eu, congue a, metus. Mauris ante. Nulla sed sapien et wisi condimentum feugiat. Curabitur id augue sed nulla accumsan sollicitudin. Nam ornare justo vitae ante. Donec ligula. Donec felis augue, lacinia ut, vestibulum sit amet, ultricies vestibulum, dolor. Nunc nec nisl. Phasellus blandit tempor augue. Donec arcu orci, adipiscing ac, interdum a, tempus nec, enim. Phasellus placerat iaculis orci. Cras sit amet quam. Sed enim quam, porta quis, aliquet quis, hendrerit ut, sem. Etiam felis tellus, suscipit et, consequat quis, pharetra sit amet, nisl. Aenean arcu massa, lacinia in, dictum eu, pulvinar ac, orci. Mauris at diam tempor ante ullamcorper molestie. Ut dapibus eleifend ipsum. Nam dignissim.

What loopholes in SMTP? (1)

Dr. Evil (3501) | more than 11 years ago | (#6610418)

SPAM is a problem, but I think it can be fixed above SMTP by whitelisting or webs of trust. What are these "loopholes" in SMTP?

Re:What loopholes in SMTP? (4, Interesting)

pbur (88030) | more than 11 years ago | (#6610498)

To me a big problem with SMTP is that is never authenticated. There's no way you can verify anyone actually sent you an email, short of PGP keys.

At least if some one had to authenticate to send as joe@bar.com, some spammer would have to hack your password before they used your email address as the "From:" in a mailing...which just happened to me.

Re:What loopholes in SMTP? (1, Informative)

Anonymous Coward | more than 11 years ago | (#6610589)

White listing is not a solution. It just means that the spammer has to collect address pairs instead of a single address: ie his lists contain my address and the address of someone on my white list, which he can use to spoof his From address with. It is quite easy to obtain this info. Mailing-lists would be a good place to start. MS Outlook viruses would also work great at collecting address lists.

Basically the 'loopholes' in SMTP are that any field the metatags can be spoofed and no authentication is done. So the only real solution to SPAM is to add an authentication layer on top of it (like PGP-signatures letters). A application-based tool will never happen, because most users don't care enough to sign their letters. A server-based layer on top of SMTP would be no different in terms of compatibility as creating a new protocal that backed down to SMTP if the peer server didn't have the new protocal.

slashdot (5, Insightful)

Anonymous Coward | more than 11 years ago | (#6610420)

is it possible for the Slashdot collective to come up with another one?

Not a chance. The slashdot collective taken as a whole, is a very stupid group of people. Even the few intelligent people wouldn't be able to get anything useful done because they'd be shouted down by the teaming masses of idiots.

We hate Sony's recording arm, but we'll sell our souls to them for the next cool gadget. We hate MS, but 90% of us use windows on our main home machine. No to mention all the idiots who use words like boxen.

QWERTY!!! (2, Flamebait)

litewoheat (179018) | more than 11 years ago | (#6610427)

You're probably typing on a QWERTY keyboard, right? Why? Its function is to slow you down so that you don't jam the typewriter.

Moral: Just because one design is better than an already widespread yet inferior design does not mean that it can and will replace the current one. Change is not easy in the least.

QWERTY speeds typing. QWERTY 4ever! (4, Informative)

tempshill (413165) | more than 11 years ago | (#6610496)

The QWERTY-slow typewriter story has been debunked. [straightdope.com] QWERTY forever!

Re:QWERTY speeds typing. QWERTY 4ever! (2, Informative)

aardvarkjoe (156801) | more than 11 years ago | (#6610526)

Mod the parent up. Another link about the qwerty myth is here. [independent.org]

Re:QWERTY speeds typing. QWERTY 4ever! (1)

dzelenka (630044) | more than 11 years ago | (#6610580)

You're an idiot. The article that you pointed to substanciates the story. I'd type more but this qwerty keyboard is hurting my hands...

Re:QWERTY!!! (1)

ZorinLynx (31751) | more than 11 years ago | (#6610519)

Isn't this an urban legend? I remember reading that QWERTY isn't really meant to slow you down, but rather to spread commonly used letters to fingers that are further apart, or on opposite hands, so that the hammers in old typewriters don't strike each other as often?

Perhaps this resulted in a sub-optimal layout so that one can't type as fast on QWERTY as on other layouts, but were the engineers really thinking "Let's slow the typist down", rather than "Let's spread the keys around to minimize collisions"? Somehow I doubt it.

Re:QWERTY!!! (0)

Anonymous Coward | more than 11 years ago | (#6610534)

You mean that I've been typing on this [ualberta.ca] binary keyboard, and a better, if not superior design has been around since the invention of the typewriter?!

I don't know how to feel just now..

Re:QWERTY!!! (0)

Anonymous Coward | more than 11 years ago | (#6610615)

Bzzt!!! Check out the straight dope:

http://www.straightdope.com/classics/a1_248.html

Mirror (0)

Anonymous Coward | more than 11 years ago | (#6610430)

In case the site (or routes to the site) get slashdotted. Here [martin-studio.com] is a mirror. The mirror is HTTP, while the original link is FTP. So if you're browser isn't handling FTP so well, this mirror will work in pinch. It's a pretty big file: > 192k

--
Martin Studio Slashdot Effect Mirror Policy [martin-studio.com]

Form a working group (0)

Anonymous Coward | more than 11 years ago | (#6610437)

Go to the ietf's [ietf.org] application protocol division, and request a working group be formed. I'm pretty sure they'd be willing to let you form one. And i'm also pretty sure that alot of people would be interested. Or if you prefer; form an ID and submit it for approval. I personally prefer the working group approach, because it may take a bit longer, but allows for a broader range of input.

IPv6 support (1)

SkoZombie (562582) | more than 11 years ago | (#6610439)

The latest revision of the SMTP protocol (rfc2821.txt [rfc-editor.org] ) has support for IPv6.

If security is an issue, you can always use SMTP over SSL, and there is some support to allow authentication.

In a nutshell? I dont think SMTP is going anywhere in the next few years.

Think how many devices (4, Insightful)

dspyder (563303) | more than 11 years ago | (#6610440)

SMTP is so deep-rooted and pervasive already it will be a long, hard change to implement. Every little cellphone that comes with a mail-client. Every router that has smtp alerting. Every application that uses it for various tasks... they would all have to be updated!

Doesn't mean it shouldn't be done, but don't be fooled into thinking it's just a "propose a new spec, step 2?, profit" type of deal....

--D

Re:Think how many devices (1)

valkraider (611225) | more than 11 years ago | (#6610581)

Like Y2K only different....

well... ok... (5, Funny)

Ninja Master Gara (602359) | more than 11 years ago | (#6610454)

As long as SMTP continues to the be the friendly protocol.

HELO imamailserver.com
250 Hello imamailserver.com [127.0.0.1] nice to meet you!

Do we really need to replace SMTP? (1)

joebok (457904) | more than 11 years ago | (#6610456)

I mean, it would be nice to not have spam an all - but I've been having great success with POPFile [sourceforge.net] so 100+ spams a day don't bug me anymore. And there are other programs and services that give other people similar relief. I like the idea of having a "wilderness" sort of Internet - it promotes innovation and new ideas (I use Baysean filtering for a lot more than just Spam now). We are losing this wilderness everyday - RIAA, Homeland Security, etc. Let's not kill off our electronic diversity!

SPF (4, Interesting)

Karl J. Smith (184) | more than 11 years ago | (#6610457)

http://spf.pobox.com [pobox.com] describes an elegant anti spam solution that uses dns, and can be phased in gradually. The basic ideas:
  • cuts spam and
  • stops email address forgery
  • when domain owners designate sending mail exchangers in DNS, so that
  • SMTP servers can distinguish legitimate mail from spam
  • by verifying sender domain against client IP
  • before any message data is transmitted.

Will receive email for work. (4, Interesting)

dex22 (239643) | more than 11 years ago | (#6610469)

I'd like to simply see SMTP updated to require work. On establishing a connection, a recipient should be able to give the sender a task to complete that takes a second or two. The recipient will only accept the mail once the work unit has been done.
This would make it too slow to send spam, by making it simply too processor intensive. Legitimate users would be unaffected.

Re:Will receive email for work. (2, Insightful)

cant_get_a_good_nick (172131) | more than 11 years ago | (#6610569)

It doesn't make it slow to send spam, makes it slow to send bulk email, of which SPAM is the best known and most annoying subset. Mailing lists are also a subset.

Most examples of "takes a second or two" are very processor dependent. You'd then also have the problem of running code on another machine, DOS attacks, all that fun.

Re:Will receive email for work. (1)

sfire (175775) | more than 11 years ago | (#6610631)

Would you be willing to help pay for the cluster to do the processing for the linux kernel mailing list?

My big contribution (1)

Entropy248 (588290) | more than 11 years ago | (#6610475)

IANAProgrammer, but my idea about the spam situation is relatively simple. Scan the text of all incoming mail and compare them. If more than $x ppl are receiving mail that is similar to within $y characters, block that e-mail. You'd probably want to mess with some numbers to come up with optimal values of $x and $y. This would definately increase delivery time though...

So, combine it with a whitelist of trusted senders. This trusted senders list could be implemented by using the receiver's address book and list of most recent received (int z;) messages from unique senders.

Now, the big problem is still false positives on valid e-mails. But, there should not be many of these, simply because of the first comparison check.

It is my understanding that IMAP(?) implements server-side mailboxes, so I believe this idea is possible.

Re:My big contribution (1)

eric76 (679787) | more than 11 years ago | (#6610598)

No more mailing lists?

All a spammer would have to do is insert a few lines of random garbage that is different for each message.

Re:My big contribution (1)

Entropy248 (588290) | more than 11 years ago | (#6610647)

That's why I suggested a whitelist too. Read the entire comment before replying, please.

Difficult Problem (2, Interesting)

4of12 (97621) | more than 11 years ago | (#6610476)


I agree that something ought to be done to cut down on the huge volume of spam that clogs most SMTP traffic.

On the surface of it, a white-listing system, perhaps based on public-key cryptography and endorsements might work.

But, as someone who values freedom and anonymity, I'd hate to have a system that closes off completely the opportunity for more anonymous communication via email.

Whistleblowers in the government and in the corporate sector, dissidents under a repressive political regime are some of the use cases for email that I'm not really inclined to sacrifice merely to eliminate spam.

My 2 cents (check bounced) (1)

radiumhahn (631215) | more than 11 years ago | (#6610484)

I got so tired of sending my bank account info to sons of exiled African presidents that want to put $35 Million (US) in my account that I just set up an auto-responder. Perhaps the new protocol could handle this for me.

RFC2549 a suitable alternative? (1, Funny)

GillBates0 (664202) | more than 11 years ago | (#6610486)

With all the loopholes in the current SMTP specification,is it possible for the Slashdot collective to come up with another one?

To start with, I would suggest a detailed look at RFC 2549 [isi.edu] .

The Standard for the Transmission of IP Datagrams on Avian Carriers described therein is fairly broad and could prove a feasible alternative to current email delivery mechanisms, specifically SMTP.

The reason I think it hasn't taken off since 1999 is that it proposes to completely replace IPv4 (like IPv6). Maybe it would be easier to first phaseout SMTP over IPv4 for now, rather than the whole IP layer.

Anyone can help to create an RFC! (1, Informative)

Anonymous Coward | more than 11 years ago | (#6610503)

This is a rather silly article. If you want to create a new protocol - do it. If you want to create an RFC - do it. The IETF publishes instructions on the steps that must be followed to create an RFC - see RFC 2418 [ietf.org] . There is nothing stopping you and you don't need Slashdot approval to accomplish it.

Re:Anyone can help to create an RFC! (0)

Anonymous Coward | more than 11 years ago | (#6610597)

There is nothing stopping you and you don't need Slashdot approval to accomplish it. B...b...b.b..u..t......MOMMY!!!

Yeah right... (4, Funny)

Dark Lord Seth (584963) | more than 11 years ago | (#6610508)

If more and more ISP's make use of this, SMTP could be gradually phased out...

Like IPv6? You mean most things will already be there but no one will support it, no one will care apart from a few and no one will implement regardless of how hopeless and disastrous the current implementation is?

or if you are one for a sudden cut-over, just cut to the new one at the same time as the IPv6 upgrade!

Ah yes, like IPv6 indeed. You know, I'll send a shiny mail delivered by SMTP2* over an IPv6* internet about the release of Duke Nukem Forever* to my gaming-addicted girlfriend* on the day SCO coughs up some evidence*

Note:
* = May or may not require divine intervention.

Can we build it? Yes we can! (1)

Wumpus (9548) | more than 11 years ago | (#6610515)

With all the loopholes in the current SMTP specification, is it possible for the Slashdot collective to come up with another one?

Yes, I'm sure that Slashdot is up to the task of coming up with another loophole.

Why invent a new standard? (1)

Xyde (415798) | more than 11 years ago | (#6610518)

What's wrong with SMTP AUTH? If people would just enable that instead...

Never underestimate the Slashdot collective (0)

Anonymous Coward | more than 11 years ago | (#6610523)

With all the loopholes in the current SMTP specification, is it possible for the Slashdot collective to come up with another one?

I'm sure the Slashdot collective will come up with another loophole in no time.

Answer: No. (1, Insightful)

Anonymous Coward | more than 11 years ago | (#6610536)

What a lame question.

Can we, as a community, do that? No. Why not? Because it's really, really hard.

The IETF, as a community, is not dumb or lazy. (Some of us individuals are.) Many contributors to the IETF read Slashdot, as a matter of fact. But the reason spam is a problem is not that SMTP is flawed; it's because Internet email is successful. It's successful because it ignores the problems of authentication and authorization and just lets anyone send mail to anyone else.

Would a new protocol (or an SMTP extension) fix the problem? Of course not. Spam happens because you typically want people you don't know, with whom you don't have a relationship, to be able to send email. It's easy to solve the spam problem: it's a trivial special case of either a public key system, general text classification algorithms, or micropayments. We've been waiting for each of these for decades, but I'll leave it up to you as to which one you want to solve first.

The ideas mentioned for a "trusted" protocol do not require a new protocol. SMTP, perhaps with extensions, can be used to handle the vague ideas in this story.

SMTP over TLS (4, Insightful)

NearlyHeadless (110901) | more than 11 years ago | (#6610548)

There is already a protocol that can ensure the identity of the sending SMTP server: RFC2487: SMTP Service Extension for Secure SMTP over TLS [faqs.org] . With the right certificate policy you could make sure that all spammers could be tracked down. I have suggested that people transition to SMTP over TLS and use a challenge-response system (such as TMDA [tmda.net] ) for backward compatibility.

Working out the details of an appropriate certificate policy is not trivial, though.

... at the same time as the IPv6 upgrade! ??? (4, Interesting)

jc42 (318812) | more than 11 years ago | (#6610549)


C'mon now; the IPv6 upgrade will be spread out over at least several decades. And both Microsoft systems and many US Government installations will still be using it a century from now, because it's "standard".

After all, it's now past the death of typewriters, and we're still using the typewriter keyboard from nearly two centuries ago. And we use a ridiculous rail gauge, because the standard was set centuries ago.

And here in the US, we're still using inches and feet, measurements based on the lengths of the thumb and foot of a long-dead king. And we call them "standard".

We will be stuck with IPv4 for long past the final download of anyone reading this.

SMTP will probably be around even longer. But that's OK; it's fun to impress friends by a "telnet 25", followed by typing in a message directly to the server. I like to use "MAIL From: dubya@whitehouse.gov", and ask them if they'd be interested in a nice job in the TIA program. Then I challenge them to prove from the message they get who actually sent it.

Waste of time and effort. (2, Insightful)

Malach (25852) | more than 11 years ago | (#6610552)

Technological fix to a social problem.

It's simple. Don't bother.

The problem will remain, it will just shift tactics. By 'fixing' SMTP you're not addressing the problem, you're addressing a symptom of the problem.

Anything we do on the technology side to fix this problem will ultimately do nothing.

That's not to say that SMTP can't be improved on... but improving on it purely to 'stop spam' is a waste.

IP6 is "sudden" (0, Offtopic)

briancnorton (586947) | more than 11 years ago | (#6610561)

IPv6 is going to be about as "sudden" of an occurance as the production of Duke Nukem 4ever.

ditching smtp best idea I've heard all day (1)

planetzeos (664652) | more than 11 years ago | (#6610562)

An IPv6 like protocal for SMTP would be fantastic. Completely tracking and accountability..

I have been working on another one (4, Insightful)

Omnifarious (11933) | more than 11 years ago | (#6610564)

Actually, I've been working on a broader based piece of infrastructure than a new mail protocol, but the first problem I intend to attack is mail.

RFC 822 is fine for messages, but the transport needs a big upgrade. Also, envelope senders and receivers are non-verifiable, and therefor broken. One day, spammers are going to start using mailing lists and message boards to construct a profile of people you talk to, and send you mail that appears to come from them, thereby making whitelists useless.

The basic premise of my general transport is that all messages are addressed to a public key and come from a public key. All messages are signed by their supposed source ID, and most messages are encrypted to the destination ID.

A public key ID plays a similar role to an IP address in an IP packet. There will be distributed databases that hold (signed) mappings between public key IDs and their locations using other networking mechanisms.

I'm trying to design this protocol and its implementation so its easy to encapsulate it in almost anything. My first connection to an outside protocol will be IMAP/SMTP.

It's far from being ready for even a public alpha yet, but I do have preliminary code for creating certain kinds of messages at https://svn.generalpresence.com:5131/repos/trunk/C ++/pract_crypto/ [generalpresence.com] . I'm borrowing heavily from Bruce Shcneier and Niels Ferguson's latest book, Practical Cryptography. The initial implementation is in a mix of Python and C++. It requires Swig and the GMP library. I haven't designed the implementation itself to be in the least robust against attacks by someone who has root on your machine.

I am calling the protocol 'CAKE' for now. CAKE stands for Key Addressed Crypto Encapsulation. It is a layered protocol, since I intend it to be layered on top of any other protocol you can think of. :-)

One intention of mine is to publish a hash collision problem along with information mapping a public key to a mailbox. First time senders will have to solve the hash collision problem to avoid having the mail thrown away. I'm planning on simply wrapping an RFC 822 message in a CAKE shell.

Well time to start with an Internet Draft (1)

MerlynEmrys67 (583469) | more than 11 years ago | (#6610566)

If you want a new protocol, write an internet draft and submit it to internet-drafts@ietf.org.

From there it can be evaluated, a Working Group created to push it through engineering review to Last Call, to proposed standard.

Sounds easy, well you can expect to spend aproximately 20 hrs/wk on it for 3 years, and that is if it is a non-controversial idea. For something controversial like changing the SMTP protocol, expect it to effectively never happen, why you might ask... Well lets say the first problem is to define SPAM, we will move on from there (Do I have to mention the ANTI-SPAM BOF held in San Fransisco that was a complete waste of time)

It's not going to happen (1)

eric76 (679787) | more than 11 years ago | (#6610579)

I thought SMTP was Spam Mail Transfer Protocol!

Just kidding.

Seriously, because of spam issues, there have been many proposals for ways to replace SMTP or to modify it. Some of them are downright comical.

But it's going to take something a lot bigger than that to change anything.

Any replacement would have to be completely backwards compatible with SMTP for years to come. Many people would never switch. Others would switch only after seeing it in operation for a long time.

Since it would have to be completely backwards compatible for years, any spam getting through now would still get through for years to come.

I think that what might prod most to change would be if one of those crazy schemes of having the Post Office charge postage on e-mail were to be enacted. Then, you would see the creation of something else designed to skirt the definition of e-mail under the scheme.

What you can do is to come up with an optional private method that would not break SMTP. That way, those who didn't want to use it could get along just fine without it.

Such a scheme would probably work best if it were adopted by a large percentage of the Internet. For that reason, it should be usable for everything form small personal SMTP servers up to very large SMTP servers that handle millions of people.

For what it's worth, I've considered the idea of just rejecting all incoming e-mail to my accounts that is not encrypted.

P2P email (1)

geek (5680) | more than 11 years ago | (#6610596)

Why not P2P email? Then all mail is on the senders machine until the recipient comes online to check it. It seems P2P is perfect for such a system.

Slashdot Collective? (0, Troll)

LS (57954) | more than 11 years ago | (#6610601)

Is it possible for the "Slashdot collective" to come up with anything but a bunch of trolls, whiners, masturbators, and goat secx? What cave was I in when the "Slashdot collective" turned into a productive development community???

Are you sure the problem is primarily with SMTP? (4, Interesting)

MemRaven (39601) | more than 11 years ago | (#6610648)

It seems like the issue that you're trying to solve, implicit from your original post, is that SMTP allows a lot of spam. Are you sure that this is a problem with SMTP? In other words, is this a protocol problem or an application problem?

Non-email messaging systems have been thinking about virtually the same problem quite a bit, and have come up with a set of solutions that try to solve what are fundamentally the same issues: message integrity, message non-repudiation, and message authentication. And the surprising part of this is that nobody really focused on the protocol, because it doesn't provide the path to a meaningful solution to the problem.

Case in point: web services. While initially the people who were playing iwth web services started out doing security at the transport level (i.e. with SSL and various derivatives thereof), but realized that something like WS-Security (where the security of a message is a part of the message itself) is the more optimal approach.

Why not just force the issue into the realm of S/MIME (and similar extensions to rfc822) and handle it at MUA space? You can cover virtually all the problems with SPAM by following the example of the reliable messaging systems and doing more with the contents of the message itself, rather than trying to say that messages have to transmit over a particular protocol. For example, depending on your trust environment, S/MIME signatures solve the authentication, non-repudiation, and integrity problems perfectly. What more do you need/want?

Certs (1)

skinfitz (564041) | more than 11 years ago | (#6610655)

Why not have a system where to send mail, you HAVE to have a digital certificate issued by a trusted third party. The certs expire, and you have to provide legit details to get one. All mail sent is signed with your cert. Get too many complaints, and your cert is revoked. Servers only accept mail with valid certs. Allow cert blocking to block all mail from the same company regardless of route.

What do others think? Could it work?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>