On Aug 1, 2006, at 12:56, Marc Perkel wrote:
I'm writing a paper that I'm submitting to an Internet Governance
Forum of the United Nations. Keeping in mind that free speech and
freedom is important, what would you change in the world to stop spam?
I'm looking for things that are actually possible and practical.
Suggestions can be anthing. My thoughts include things like requiring
ISPs to provide better firewalls for end users, requiring Microsoft to
provide more hack protection even for pirated versions of windows,
ways to keep people from impersonating other users, evolving the SMTP
protocol ....
Looking for more ideas. Paper is due tomorrow.
Not directly stopping spam, but helping to close holes that are
manipulated by spammers, and make it easier to track them:
1) Require Virus Scanning on all SMTP transactions, on the recipient's
side of the transaction (ie. the "Server") (to help minimize zombie
PCs). Any SMTP server which accepts a virus laden email, for which
their anti-virus engine already had an update for that virus, should be
held accountable on every level for any damage done by that virus
instance. Any SMTP server which doesn't run a virus scanner would be
accountable for every virus that passes through their system.
2) Require Domain Keys on all messages
3) Require accurate reverse DNS records for all IP addresses in use by
a given IP block
4) Require matching PTR and A records, require that ISPs allow PTR
records that match custom domains (if they offer a custom domain
service)
4a) maybe generalize #4 to include various other RFC issues (matching
PTR and A records is an RFC requirement, after all), such as the things
tracked at RFC-Ignorant
5) Require ISP's to channel their customer's email through their own
mail servers (which will have some impact upon SPF tracking as well)
and not allow any non-business customers, nor any dynamic customers
(business or commercial), to directly connect to other mail servers.
6) establish a global RBL that has 4 aspects: DNSBL (like Spamhaus),
URIBL (like SURBL), a Domain Key blacklist, an RFC-Ignorant type black
list (covering items 3, 4, and 4a above, as well as what RFC-Ignorant
covers now), and a blacklist of servers which don't maintain anti-virus
filters.
6a) to go with #6, an international body for reporting spam incidents,
which would be used to feed the RBL
6b) to go with #6a, a requirement that email clients make it "user
friendly" to forward messages with full/raw headers to the body in #6a
7) establish fines and sanctions for ISPs that allow spam to leave
their servers, or that don't keep up to date virus filters on their
mail servers (ie. don't comply with #1). Perhaps require use of the
RBL in #6, if not for blocking, then at least for marking in headers.
Escalate the fines as incidents go uncorrected.
8) establish similar fines/sanctions for countries that allow their
ISPs to do #7, or countries that harbor attackers that commit DOS
attacks against the RBL in #6.
