Brad Templeton Home

Brad Ideas
(My Blog)

ClariNet

Interviews

EFF

Jokes / RHF

Photo Pages

Panoramic Photos

SF Publishing

Software

Articles & Essays

Spam

DNS

Jesus
The Book

Dot!

Packages

Interests

RHF Home

Ty Templeton Home

Stig's Inferno

Copyright Myths

Emily Postnews

Africa

Burning Man

Phone Booth

Alice Pascal

The Rules for Guys

Bill Gates
 

Non-Accountable-User bulk-mail throttling as a solution to Spam

Non-Accountable-User bulk-mail throttling as a solution to Spam

One technical solution to junk E-mail (Spam) that can be implemented today involves the use of contracts to control people's behaviour in using E-mail, and special servers for those who have not yet agreed to the contract.

The real goal is to make sure that people don't send bulk e-mail unless they can be held accountable for abuse of it, while not blocking individual mail in any way.

Almost all ISPs today have their users agree to what they call a "terms of service" or TOS. And almost all these TOS include an agreement not to abuse bulk E-mail in one form or another.

Contracts are just one way to hold users of bulk mail accountable for abuse. For example, companies like Zero Knowledge sell anonymous net access, but delete accounts when they are abused. This puts a financial cost on abuse. If people who bulk mail can be held accountable if they abuse it, by mailing to people who don't know them and never requested the mail, a cost can be put on spam, helping to solve the problem.

Free Trial

Most ISPs market by offering "free trial" accounts to any and all comers. These free trial accounts often can be signed up for online, and the ISP has no way to enforce any TOS over free trial users, short of disconnecting them. However, after disconnection, they can just get another free trial, at that ISP or another one.

In most cases the ISP doesn't even have real contact info on a free trial user. While most require a credit card, stolen numbers can be used as the trial is only for a month.

The answer is to place limitations on the use of bulk E-mail by free trial users and other users who haven't signed a no-spam TOS or can't otherwise be held accountable for misuse of bulk E-mail.

To do this, non-accountable users (such as free trials) must be identified (perhaps by a bit in their RADIUS data) and their routers programmed to either forbid the use of the SMTP port (port 25) other than to a "throttle server" or to redirect any use of that port to such a server.

Most dialup users already always use one SMTP server for outgoing mail, since they are unable to function as a full mail sender on their own. Such users can either be given access only to the throttle server, or be redirected to it.

Throttle

The key is that these relay servers, either present at the ISP or just out on the net, put a "throttle" on E-mail volume. They would only allow a low volume of messages for each user, IP address or network of addresses. That volume would be enough to handle the needs of people sending ordinary person to person E-mail, but bulk E-mail would not work, since the throttle would slow down, or eventually stop, any mass sendings from a machine or network.

A small volume of Spam could get through, but not enough to truly cause a bother to the net. Mathematically it's just not possible to generate a volume of spam the network would notice if you're limited to the volume of an individual mailer.

The throttle server saves us from having to worry about "open relays" which are commonly used by spammers, since the throttle is based on the number of recipients of messages, rather than the number of message connections. A person attempting to mail a message to an open relay with 1,000 recipients would get cut off or throttled right away. As such the relays are no longer a threat, or at most have to follow the MX/whitelist scheme described below.

Parties wishing to send anonymous mail, through services called remailers would also relay through the throttle servers. They would not be able to send anonymous bulk mail -- instead, they would have to arrange with a 3rd party who would hide their identity and take responsibility for any E-mail abuse.

They could send anonymous bulk mail if they sent up some form of accountability for it. There are services which have offered anonymous E-mail for a small fee. If you abuse them, they cancel the access, costing you the fee.

ISPs that don't throttle

If an ISP can't or won't put a throttle on the users that can't be held accountable, sites that wish to can put a throttle on the entire site.

There are a few technical ways to do this. One could redirect all traffic from such ISPs (or from their dial-up address blocks) to a set of connected throttle servers. Instead of blocking all access from those ISPs or dial-ups, you block only the bulk mail access.

MX Trick

One way to arrange this redirect is with a "MX" (Mail Exchanger) record trick.

(For those who don't know, the domain naming system allows any site that receives mail to specify a prioritized list of sites which accept mail for it. Senders of mail are expected to connect to the highest priority [lowest number] site which is up and running. Usually the highest priority site is the "real" site and others are backup sites.)

A site wishing to stop spam coming to it would create a special, lowest-score "MX" record for their mail domain, pointing to the throttle server. It would contain a special flag (or simply a special name for the throttle server) to indicate it is an MX to a throttle.

All sites that don't know bout MX trick, if they try to send mail to the site, would instead mail the throttle server. No big problem, at worst their person to person mail is delayed a few minutes.

If a sender is, however, part of the group who have agreed to be accountable for spam and deal with it, they don't have to go through the throttle server. They mail directly, they way they to today.

They can either do this by having a special mail sending agent (like Sendmail) which knows to skip any "MX" with the magic throttle server name. However, even that's not necessary, as the throttle server itself can simply refuse connections from them, and immediately they will try to send the mail to the 2nd tier, which is actually the real destination.

The low-accountability sites have to use the throttles -- they can't bypass them like high-accountability sites -- because the non-throttle sites won't take their traffic directly at all, using techniques like the current blacklists or whitelists. However, these blacklists don't actually block anybody legitimate, since you would only encounter them if you deliberately ignore the regular rules for an MX list.

Who runs these special servers? Well, there seems to be enough drive in the anti-spam community to make them happen, as long as the software can be written. It's not any more than other anti-spam efforts, and considerably less than that involved in systems like BrightMail, a company that gets large fees from ISPs to stop spam for them.

It's also possible a company could run them as a business, to provide spam blocking and mail load handing for their customers.

It's important to note that the throttle servers need not be fast. In fact, they can run on old hardware or spare capacity because it is their job to be slow. Certainly an unusual project specification! There are literally millions of old slow systems sitting in closets ready to be loaded with linux and the throttle software.

The throttle servers, as many as needed, would delay all mail at leat a minute or two in a queue, and would summarize mail volume from various sources on a multicast stream, itself pulsing out the data every minute so all throttles can know what all the others know. This stops spammers from trying to distribute their load among all the known throttle servers. The "live delay" on the queue would mean that if they hit the volume threshold, their mail would be stopped or slowed down.

In effect, like an operating system scheduling processes, we give high priority to short single messages and low priority to volume traffic that is overloading the servers.

Ideally, the system would detect duplicates (bulk mail) and deliver the first couple, and put the rest into a really slow queue and mail a warning (like the "unable to deliver mail, still trying" you sometimes get) back to the sender. That way non-duplicates would not be slowed down a great deal. Duplicate detection can be smart but it doesn't have to be. Mainly it has to look for an above normal volume of messages from any given IP address or address block.

(It can be smart about the content to battle the elite spammers who might try DDOS tricks to send a spam. Frankly, I suspect that's too much even for spammers.)

The Pros

This solves the spam problem well. It involves no new laws, only contracts. It works internationally, something laws can't do anyway. In many cases ISPs are already using relay servers for all users.

The relay servers do not need to be particularly fast or powerful. Their goal is to slow down mail. That means they can be cheap. If they are slow, it is a strong incentive for people to formally and bindingly agree to an anti-Spam TOS contract.

There are even tricks to make sure the relay servers are not overwhelmed with the mail volume. (Right now the tricks have been told to me in confidence by their develoeprs so I don't describe them here.)

By not dealing at all with individual mail, and allowing relay servers to be open again, this also has the huge benefit of not punishing the innocent and blocking legitimate mail to stop spam. For those who consider rights protection to be a fundamental requirement, this system is a huge step above both laws and existing blacklist schemes.

The Cons

It does mean you can't run a mailing list until you have agreed to the anti-Spam rules or are somehow accountable for abuse, and that mailing lists with a truly anonymous host (do any such exist?) will have a big problem operating. However, mailing lists run by a known user who protects the identity of the real sender can exist. This is almost universally the case anyway.

There do need to be several of these servers, in several nations, to avoid the risk that shutting down servers can interfere with people's mail. They must not be used as a censorship point.

The servers must talk to one another to exchange throttling data. IP multicast with encryption can do this efficiently. Since it is acceptable for these servers to delay all mail a few minutes, the communication does not have to be low latency. A resync of throttle volume data every few minutes is more than sufficient to stop abusers who attempt to round-robin around the throttle servers.

If an abuser breaks the security of a computer which has open E-mail access, they can of course use that to abuse. That's true of almost any method against E-mail abuse.

Cheap as they might be, somebody has to pay to operate those servers. I think volunteers will be found if it gets rid of the Spam problem. Or sites that get a lot of spam will pay. ISPs anxious to reduce their spam load would probably be more than happy to provide facilities.

The system does create a problem for users of ISPs that both won't sign the anti-spam pledge and are hosts for lots of spammers. Those ISPs will get their mail volume throttled. Their mail will get very slow. If the spam is particularly voluminous and the spammers use the same IP address as the ordinary users (ie. they are both using the ISP's mail relay), their mail will become unusably slow. They can, however, freely seek -- unless their ISP forbids them, which would be very odd in this case -- to sign up with another SMTP server, one that is not throttled and has signed the pledge.

Some will view it as a problem that this system doesn't stop mail sent in very small volumes. They see even a solitary advertisement as an affront worth punishing the innocent to stop. They won't be satisified with this, or perhaps any other system. Solo E-mails can annoy us but they can never fill our mailboxes to the point of unusability, or overload our servers.

Can this happen?

The ability of the net community to cooperate to stop the abuse problem has been exemplary. On USENET the fight has gone better than expected, and the fact that Sanford Wallace and his Cyberpromotions were kicked off the net, never to return, is a very positive sign.

Many ISPs already have all customers go via a relay server. So this is not an extra load on the trial accounts. If the spam problem can be solved, ISPs will be happy, and may well support the relay servers themselves. If not, I am sure I can raise the money to get them going personally, if the ISPs are willing to do the blocking. After all, these servers are supposed to be slow. It's their purpose. They can be old discarded 486 machines running Linux and still work fine. If ISPs will given them connectivity, I know they can be found. I can also get the money together for the modified mail server that throttles.

Sample Contract

Here's how I would word the terms of a standard TOS. It's a draft, I haven't had lawyers review it yet or made the final form, but it's a start.

  1. SUBSCRIBER (or any party given access via SUBSCRIBER's contract with ISP) will not use ISP's facilities to send a "mass E-mailing" to parties who have never had voluntary personal interaction with SUBSCRIBER. A "mass E-mailing" shall be the ordering of an E-mail message (or group of related messages) to more than 25 people who themselves have not had personal interaction with one another.
  2. SUBSCRIBER shall further not perform such a mailing through any facility so that replies will come to an E-mail address served by ISP, or refer to any web page, FTP site or other resource served directly by ISP.
  3. In the event that SUBSCRIBER violates the above clauses, SUBSCRIBER's internet service may be terminated immediately, without refund or further access to any associated services, such as received E-mail, files on ISPs machines or servers. In addition SUBSCRIBER shall be liable to ISP for the full costs, plus 200% incurred by ISP in dealing with the consequences of such a mass E-mailing, including but not limited to system loads, system failures, and staff time and overtime related to complaints and other problems. In addition, SUBSCRIBER shall be liable for a minimum of $10 per address in the mailing.
  4. SUBSCRIBER warrants that SUBSCRIBER, nor any party he or she represents or will allow access to ISP's facilities, is not at present nor has at any time in the past been subject to discipline from another internet service provider or related company for violation of contractual terms regulating bulk E-mailing. SUBSCRIBER agrees that a violation of this clause shall cause SUBSCRIBER to be liable to ISP for $10,000, plus court costs in obtaining payment of this liability.