Sunday, March 20, 2005

Saving the Internet?

I was reading this article over at Ars Technica which refers to a article that speaks about the Internet being crushed under its own weight. Both articles address the problems, so I am not going to repeat the discussion. There are various really bad solutions suggested, but it is a growing problem that needs to be addressed.

In my opinion, e-mail is the crux of the problem. Spyware and viruses are installed to send mail for spammers, phishers start their con with an e-mail message. Some have suggested a pay-as-you-go solution. I think you can add a payment function and keep it free as well. We don't need a tax, or a permanent 'per-use' charge, but a pay-rebate system. E-mail is popular because perceptually it is 'free'. Yes, this sounds like having your cake and eating it too, but I think this is a viable solution.

SMTP must be changed or modified. It's just too easy to abuse. Those who want to stick with SMTP can, but will still be subject to the avalanche of spam and phishing. I'm going to call the 'new' type PMTP for Protected Mail Transport Protocol. (AMTP, QMTP, and VMTP were taken)

How it works is something like this:

Company A registers their mail-server in the similar way that one registers a Domain Name. It would be something like the way DNS is currently handled by a centralized system. You put X dollars into each of your servers' account, and you do get charged Y amount for each e-mail you send out. When you run out of money in your account, the mail is stored on YOUR server waiting for funds to be available. When someone opens and reads your mail with their client program, you are credited back the Y amount to your account. Therefore, if you send nothing but e-mail to those who want it, you get 100% of your money back, and still use e-mail for free. Individual users would buy e-mail accounts from their ISPs, and this way if a user gets infected with a remailer virus or spam, their account would soon deplete, (because they wouldn't have to keep much money in it), they would know they have a problem with their computer, and spammers might quit trying to take over as many systems. Those who break spam laws would soon find their servers de-authorized.

How would we authorize mail? After all, a spammer could simply bypass the central server and use the PMTP protocol to send you an e-mail. Well, the central servers are going to have to store some sort of identifier and delivery status for each e-mail sent (not the whole e-mail, just an identifier). When someone sends your server an e-mail, it would include the unique mail identifier for that message. Your e-mail server would then query the 'root' e-mail servers to see if that identifier was valid, and if the mail had been delivered yet or not. The mail identifiers could be quite long, so as to be almost impossible to spoof or forge.

Of course, there'd have to be modifications to current systems to allow for this. I don't think it would require entirely new e-mail client or server software. Microsoft Exchange and other e-mail systems have supported various 'connectors' that allow for support of many different types of e-mail, whether SMTP, X.400, or others. Sendmail, Postfix, and other Open Source SMTP programs could be modified and could have included in their config files lines to enable or disable SMTP and/or PMTP services. Outlook, Eudora, Thunderbird, Evolution, and other e-mail client programs could be modified to support PMTP along with SMTP. Yes, it would take time and testing - but I think it could be a paid-for enhancement. Would you pay $5 to practically eliminate spam from your mailbox by purchasing an enhancement for your software? I've seen people spend more. This approach could be taken over time, SMTP and PMTP would be run in tandem, until such a time as PMTP was prevalent enough to start allowing organizations to stop supporting SMTP.

The hardest part would be deciding who would be the 'keeper' of the authorized PMTP server lists, accounts, and data and what compensation they would receive - as well as setting up the databases. You'd want thousands of root e-mail servers to handle the massive amount of data and traffic.