Changes to mail standards
Fighting spam at a standards level will require changes to both SMTP and DNS, as well as an added layer of authentication to the messaging infrastructure
Extension of SMTP
MX protocols provide a way for MX systems to block communications
from co-opted clients and servers; would require new mail systems
and an authentication system for DNS
C/R MIME extensions enable MIME to support authentication required
by C/R systems; simplify C/R systems; do not prevent mail harvesting
Changes to DNS
DomainKeys system authenticates outbound mail against domains
to ensure mail is coming from a valid domain, reducing spam from
co-opted addresses and enabling blacklisting; requires key authentication
system and increases network traffic
Internal mail exchanger DNS record type validates mail coming
from systems within the firewall; requires updating DNS systems
In addition, DMP (Designated Mailers Protocol), a draft proposal in front of the IETF, provides a way for mail transfer agents to determine if a system sending mail is authorized to do so by storing sender permission in a form. At the core of DMP is a record of systems in the DNS that are authorized to send e-mail. Rather than performing an address look-up every time a mail transfer agent receives a message, the agent checks the DMP record to verify that the sender is an authorized system. Unauthorized traffic is blocked.
An effort is also under way to make anti-spam systems handle C/R in a standard way. The IETFs Challenge/ Response Interworking Framework creates a set of rules for establishing interoperability among C/R systems. The basic model is designed to simplify C/R interworking by allowing a sender running a C/R system to automatically respond to the challenge message from the recipient. If the sender does not have a C/R system, the message from the recipients C/R system would specify actions required to respond to the challenge manually.
A standard model would help manage C/R systems, but they would still be subject to abuses such as e-mail address harvesting.
Another idea involves charging for e-mail sent over the Internet. One such project, Microsoft Corp.s Penny Black, suggests that ticket costs or CPU cycle costs should be added to the process of sending e-mail. (No "charge-for-e-mail" proposals have been submitted to the Anti-Spam Research Group.)
This would make it expensive for spammers to hawk their wares, but it would also add cost for everyone to what has been up until now an inexpensive communications medium. More information on Penny Black can be found here
Technical Analyst Michael Caton can be reached at firstname.lastname@example.org.