As spam keeps increasing in volume and complexity we will eventually
lose the war on spam if we don't change the standards. I'd like to open
a discussion about what needs to be done and how to go about doing that.
So I'll start.
Any changes to the standard needs to be evolutionary. If we add a new
feature to the standard that is so compelling that people give up the
old standard and it is phased out.
First - I see bot nets as the biggest culprit. Not just as spammers but
as sources for DDOS attacks. In the early days of email only the
sharpest people had access to it. Now that consumers are using it they
need some protection and we need protection from them. How do we isolate
end users so that they can't get viruses as easily and spread them as
easily?
By default all consumers should be behind a NAT to protect them from the
outside world. Like many of you. I'm someone who works from home and
provides so service from home. So I would not want to be prohibited from
running an email server from home. But if I had to got to a web panel
that my ISP provided to open up ports that would be fine with me.
All outgoing email from consumers should by default be required to use
authenticated SMTP or some new authenticated protocol. At least force
consumers to use the submission port and block off port 25 for outgoing
SMTP by default. If consumers were forced by default to send mail on a
different port then servers could determine if they were talking to a
consumer or if they were talking to another server. And outgoing email
would require a password to send, So the virus wouldn't know the
password and the virus wouldn't be able to send email. You could also
have the operating system register apps that are allowed to send email
and block all apps that aren't specifically allowed.
The idea here is that if you can reduce the mechanisms that allow
viruses to spread then there comes a point where viruses go away. All we
have to do is get the spreading down to that threshold.
I believe that if we do it right that the bot army threat can be beaten.
And if we got to that point the rest would be manageable.
We can talk about other things but I'll stop here to focus on the bot army.