I received the following idea via e-mail from Douglas Arndt following my MPR appearance the other day, talking spam.
“Perhaps I’m missing something, but SPAM seems to be a very easy to solve problem. It would be solved in two simple steps.
1) Individual SMTP server owners would change thier server to “authenticate” the sending and reply-to address when the message is received on port 25. This is to say that the server turns around and ensures that the sending and reply to address firstname.lastname@example.org is a valid user on mailserverb.com. This is simple and it could easily be implemented in today’s protocol. If the user is a real user, simply accept and deliver the message.
ISPs, like Visi, AOL, Hotmail, e.t.c. could get users onto this service by simply offering it as “registered e-mail”. I would think that users would flock to the registered service in droves. Most “normal” e-mail would simply pass through this service. This e-mail to you would pass through because doug is a valid user on the server reliablesites.com.
This would immediately close down open relays, intentional and unintentional.
2)To the extent I get spam from a valid user on a mail server AND I send a message to unsubscribe AND the user sends me another unsolicited message, I can send the evidence to the real-time black hole list and the server or netblock can be added.
This approach adds the right incentives in all the right places. A legitimate bulk e-mail sender is incented to remove you from their list, have valid send-to and reply-to addresses. The server provider is very incented to not have their IP or netblock added to the real time black hole list. Hosting providers are very incented to police their own community as
it would be a disaster to have your hosting center’s netblock added to the black hole list. Finally, users are incented to move to registered e-mail because they know it’s a real user that’s sending the message.
The government will simply make a disaster out of this if it gets more involved. The private sector can solve it if they want to. Perhaps the only role the government should have is over the black hole dispute/arbitration process. I’m unsure if this is even needed though. If Visi’s entire netblock is added improperly, and as a result Visi is shut down for a period of time, Visi would have a valid legal claim against the black hole administrators.
Just a thought.
Think he’s right? Will the government — say, in Lessig/Lofrgren‘s proposal — really just mess it up? (Could it be any more messed than it is at present)?