Make spam wait

I respect the great thinkers devising anti-spam solutions based on intelligent protocols and brilliant mathematics. (And by spam I refer to all unpleasant e-mail such as worms.) I also believe that although this research will improve security for those who choose to apply it, science won’t be enough to eliminate spam. We need patient, diligent, and ruthless mail servers.

There are two spam-friendly tenets of the modern e-mail infrastructure that must be overturned. One is the expectation that all incoming e-mail is delivered to the recipient immediately and on the first try. The second is that active investigation of the validity of incoming connections and senders is poor Internet etiquette, wastes bandwidth, and delays message delivery. My back-of-the-napkin, spam-hostile mail server deals disappointment to those who hold these concepts as entitlements.

My server will return error responses to all first-time senders. It will take the time, as much as a full day, to verify the sender against databases of known spammers, IP range ownerships, and domain registrations. My server will cache these lookups for several days out of consideration for the hosts of these invaluable public databases. If your server looks clean, I’ll pass your message on to the user’s inbox but I’ll flag it as originating from an untrusted server and include an internal URL or mailbox that can refuse further connections.

If my server’s investigation yields something suspicious — such as finding that you’re sending from a dynamically assigned IP address — my server will send you and your postmaster a URL that explains why you’re blocked along with links to a form you can fill out to restore your good name.

In effect, my server will perform many of the duties of a public spam blacklist, but it’s under my control and accepts user contributions. It will make time for validations and stretch out the span and frequency of investigatory queries by amending the unrealistic tenets of modern e-mail. I don’t care if your message sits in my queue for a full day while I check out your server. It’s an inconvenience that you and my user must endure but once.

I think that the strongest element of my daydreamed mail server is that, through links to other services, the mail server knows everything and forgets nothing. If one of my users sends mail to your server, you’re trusted for a while and that trust is renewed when another message is sent. When my intrusion detection system spots a port scan, and my mail server sees an e-mail connection attempt from the same IP, that IP is in my permanent hall of shame. Suspicious Web sites flagged by my HTTP proxy/filter become suspicious mail senders as well. A user who submits e-mail addresses to a non-secure Web site raises a yellow flag — if the volume of the user’s e-mail from untrusted servers spikes following that, my server will leave the user a voicemail with his or her new e-mail address.

Once we accept that e-mail is not IM, we free our systems to patiently investigate the origins of messages. Once we accept that there is no universal right to connect to our mail servers, we don’t have to work so hard to figure out what is and isn’t spam, or to certify an individual sender or message. Every unknown sender can wait a day to have his or her first message checked out, and to have other services confer on whether an external server is naughty or nice. It’s not everything, just one way to break the backs of spammers.