Spam is possible thanks to oversights in the design of SMTP (Simple Message Transfer Protocol). It was too simple. So why after all these years is it still being used? Why is it still possible to forge "from" addresses? Why haven't the major players fixed the problems?
It is very easy to design a system that makes it impossible to send out spam without identifying the sender's computer. Sure, a spammer could still take over another system and use it to send spam, but the millions of bounce messages the owner of that system would receive would certainly alert them that something is amiss. By positively identifying the source of spam the offending computers could be blocked.
Transitioning to the new protocol (call it EMTP for Enhanced Message Transfer Protocol) would be easy: Have the mail programs start using EMTP and add an option to allow receipt of SMTP messages. If that option is not used, a bounce message could optionally be sent back saying, "Get with it and update your mail program."
Why oh why has no one done this yet?
Subscribe to:
Post Comments (Atom)
14 years later, nothing has changed.
ReplyDelete