SpamSpamReturn to Ryan's homepage Photo: David Anderson cooks up some yummy Spamwiches at work.
Defn: Unsolicited mass e-mail, some sources say that up to 80% of all e-mail is spam.
The Problem:
Many people receive over 30 unsolicited e-mails in a day, currently there are spam filters that work fairly well, but still many people get way too much spam even with these filters in place. Spammers use tricks such as spelling mistakes to get past key work filters (ie vilgara, or gro 3 1nches ), they change their email address so you cant block them by filtering email addresses, and some even register new domain names so you can't even filter by domain.
Ryan's Idea:
Use a User rating scheme similar to that on E-bay. A new user would have a rating of 0, for every e-mail that a recipient receives and believes is worth while, they would get a +1 on their rating, for every bad email they would get -1 from their rating. All mail servers would check the rating of the user against what the sender wishes to receive from, that way people using dial up wouldn't have to download e-mail that is just going to go to get deleted, and it could clear spam out of the internet more quickly.
sounds pretty simple, but it is much more complicated to realize. Here are the issues that I have thought of, and how they would be resolved
1) What if I just got an e-mail address .. how can I build up a rating if all the e-mail I send gets blocked?
As a new user to the system you would have a rating of 0, most users will probably allow ratings of 0 to be accepted, but their e-mail program may put it into an un trusted folder.
2) How would I give someone a +/- rating
Mail programs would be wise to the anti-spam system, there would be + and - rating buttons similar to the reply and forward buttons now. Until there are lots of people using spam-wise e-mail readers, the sender would provide web links in the electronic signature that would allow users to adjust the senders rating.
3) How would you know who sent the e-mail came from and what their rating is
All email would be private/public key encrypted, to verify the source. I might write something about private/public key encryption later, but for now assume that that allows you to verify the source of the email.
4) What would stop a spammer from creating a new account to spam from that has a 0 rating.
Spammers send millions of e-mail's per day, if a computer could only register a new e-mail address each day, Spammers would not be able to create new identities as fast as they would get identified as spammers. Special allowances would have to be made for systems like yahoo and hotmail where many requests would be made from one computer. Those places would in turn have to carefully watch what computers are registering e-mail addresses with the system to ensure that spammers aren't abusing their ability. If one of the special computers get compromised, and many spamming accounts get created on it the offending computer would be temporarily removed from the list until they can show that they are no longer a source of spam accounts.
5) What would stop a spammer from creating fake accounts to give their spamming accounts positive ratings?
Once again spammers send millions of spam messages that would immediately give them -1000000 ratings, they would have to really work to get one account still have a positive rating after one bulk spam message.
By limiting each email address to influence another user by a maximum of 3 points, the spammers would have to create millions of different identities to boost their rating .. this would take allot of time given the solution to problem 4, even then, the positive votes to the spammers e-mails would be traceable and put on a suspect list.6) What about people who operate mailing lists with thousands of interested receivers?
Hopefully more than half the people will leave positive votes. This will also force people to keep better tabs on who is in the mailing list. People that are no longer interested in the mailing list will get removed much more easily, or the system could receive to much negative votes.
7) Where will the system look to check a senders rating?
There would be a series of networks that contain the user ratings, recent votes and public keys for all users. The server would be Open Source so that anyone would be able to view how things are being done, and help patch any possible security holes. One problem is that if anyone could have their own server they may be able to modify the source to allow spammers to give themselves fake integrity ratings; The servers would have to be operated by trusted sources to ensure that spammers can't do that. Perhaps there may be a way to verify that the server was built from trusted source .. that way anyone would be able to set up a server and tie it into the network. When an e-mail is sent, it would have a header saying where it's integrity can be verified.
If you have any questions, see any possible loop-hole or security problem please send me e-mail at
*******Update Feb 24 2004, Microsoft and Sendmail are teaming up to provide the start of my system (I guess they read my page and thought it was cool) Read the Article and decide for yourself. *********************
ryanbiffard at shaw dot ca
Copyright Feb 7, 2004, Patent Pending on this process ;)