(I've Bcc'd you but otherwise left your name off as this was private
mail, but I figured if I typed this all in maybe it should be shared.)
So what, technically, do you think we should do that we aren't already
doing? Or are you suggesting that us technical people start becoming
more active in the policy side of things?
At Usenix last week I ran a Spam BOF, the room was packed tho it
wasn't a huge room.
There was an interesting technical proposal which arose and went
something like this:
1. We all (it doesn't have to be all) agree to start using an
additional port for SMTP, say port 52.
(25 backwards, the number doesn't really matter just so long as it's
available and agreed upon and a so-called privileged port.)
2. We form a not-for-profit shell corporation whose name is something
catchy, The Spam Protestors Alliance Matrix (SPAM). It exists for two
reasons: To have a name (SPAM) which can be trademarked, and to have a
charter which basically forbids spam (in more formal words.) This
costs maybe $1,000 to set up and some volunteer work.
(yes it can't really be "SPAM" because Hormel might rightfully
protest, but something, The People's Unsolicited Commercial Email
Action Committee and Koalition, PUCE, ACK!.)
3. In order for an email message to pass over port 52 it must have a
header which reads:
X-SPAM-CHARTER: This message conforms to the SPAM Charter
or similar (X-PUCE-CHARTER:). Otherwise, it's just dropped on the
floor. Remember that this is the new port.
4. Abuse of that header is a litigable trademark violation (we get
this set up with lawyers, but akin to DC comics or the Good
Perhaps some membership dues are raised to help pursue violators, that
would be a good idea, if most every ISP kicked in $100/year that'd be
on the order of a coupla hundred thousand dollars/year.
5. Over time, perhaps a year or two, the community is warned that port
25 will also become subject to these rules.
After, say, 6 months or so a warning is returned if the header is not
present, after a year or so the mail to port 25 will just be dropped
if it doesn't contain the header. Maybe two years or three, whatever.
Obviously every site can continue to do what they like, they can
ignore all this entirely if they prefer and accept everything, no one
is being forced to do anything other than if you want your email to be
seen at sites which conform to this you'll have to conform to the
rules. They can simply filter into folders based on whether a msg
conforms or not, etc.
6. Mail should be marked by the MTA (another header) as to whether it
came in via port 25 or 52 for the interim so MUAs (mail reader
programs) can, if they prefer, just drop those messages or sort them
separately or whatever.
7. Other rules could be introduced, such as allowing commercial email
if and only if it conforms to certain rules, such as some header
present for sorting and filtering, and a license number which
identifies the sender positively, whatever seems reasonable.
(Again, fraud is a crime, and now there's an organization with some
bucks to help pursue such crimes, I'd charge at least some nominal fee
for a license number to help pay for enforcement, maybe another
The basic trademark idea was Brad Templeton's (Clarinet founder and
principal), the dual port idea came up more spontaneously, others
added details though I don't know if they'd want to be credited here
or not. I threw in some details and fleshed it out here.