Todays stupid e-mail system and a solution!

[Joakim Christiansen]

I have an idea that is simple to implement and will help to stop most of the e-mail spam being sent!

Did you know that the current e-mail system doesn't do anything to really confirm that the message is sent from the e-mail address that it says it is sent from?

What I'm saying is that I can send an e-mail to a friend looking to be from bill.gates@microsoft.com if I want (for example with a server running PHP). Or I can send an e-mail to that friend looking to be from his girlfriend, etc (I will not get his reply though).

The big thing they did to stop spammers was for ISP's to block traffic to port 25 (SMTP), so people couldn't communicate to e-mail servers (send e-mail) from their home computers. But this is easy to overcome, for example if you own a domain or has access to computers with a connection which allows this traffic. So more and more people still keep sending spam!

So what should they do?
Well, one sentence: Reverse DNS lookup!
What that does is to find the domain name which belongs to an IP address.

And since most e-mails are sent from IP's belonging to the domain name behind its @ sign this shouldn't be any problem! (yes, when you use your e-mail client it sends the e-mail to a server at that domain which THEN sends it to the receiver for you)
EDIT: Ok, not every e-mail sent is from a IP belonging to the same domain, more info in my last post:
http://www.purebasic.fr/english/viewtop ... 89#p345189

When an e-mail server receives an e-mail from bill.gates@microsoft.com I think it should just do a reverse DNS lookup on the IP which sent it that e-mail! And if that IP actually belongs to microsoft.com then it should keep it of course, but if not then it should be marked as spam! And voilà, the end to a big problem today! (at least I think so)

Surely spammer@someDomain.com could send out spam, but he couldn't pretend to be someone from another domain. And it would be no problem to blacklist any IP's coming from his domain.

So I ask myself, why is this not already implemented in todays e-mail servers?
In theory it should work very good, of course maybe someone would have to do minor changes to their systems but this is a step toward a much better e-mail system!

So what are peoples thoughts about this?
How can we get people to change their servers?
At least I don't like getting e-mails pretending to be from paypal.com...

[LuCiFeR[SD]]

because IP spoofing exists...

[Trond]

So I ask myself, why is this not already implemented in todays e-mail servers?

Probably because a reverse dns lookup is relatively slow, and if every email server was to do that for every message it would probably cause global network molasses. And it would probably cause quite a lot of false positives.

[the.weavster]

The way to stop spam would be to introduce a small charge for sending an email.

[LuCiFeR[SD]]

The way to stop spam would be to introduce a small charge for sending an email.

To be honsest, I don't think that would work any better... doesn't stop Telephone or Postal mail spam and scams does it.

[C64]

Did you know that the current e-mail system doesn't do anything to really confirm that the message is sent from the e-mail address that it says it is sent from?

Good! Quite often I send emails from work and make it appear as though they came from my home address. I don't want that functionality stopped.

when you use your e-mail client it sends the e-mail to a server at that domain which THEN sends it to the receiver for you

And what about people (including spammers) who use their own SMTP server on their PC to send mail, which bypasses an ISP totally?

The way to stop spam would be to introduce a small charge for sending an email.

First, there's no way to "police" that. An email is just network traffic. No real way to determine when it's being sent. And second, even if there was a way, just wait until the first virus appears that sends a million spam emails out from someone's account, so that their ISP has to charge them (say) 1 cent per email = $10,000 for those fake emails, per month. So, nope, ain't gonna happen.

[Joakim Christiansen]

because IP spoofing exists...

You are able to send packets with a spoofed IP address yes.
But you can't open a TCP connection and send any data with such packets!
So no, IP spoofing can not be used to fake the senders IP of an e-mail.

Did you know that the current e-mail system doesn't do anything to really confirm that the message is sent from the e-mail address that it says it is sent from?

Good! Quite often I send emails from work and make it appear as though they came from my home address. I don't want that functionality stopped.

If you configure your e-mail client at work to use your home e-mail's SMPT server to send the message then you could keep doing this.

when you use your e-mail client it sends the e-mail to a server at that domain which THEN sends it to the receiver for you

And what about people (including spammers) who use their own SMTP server on their PC to send mail, which bypasses an ISP totally

This has already been blocked on a large scale by disallowing most home computers from connecting to port 25.
So very few uses this method and in my eyes it's good to keep the system strict and keep making this hard to do.

The way to stop spam would be to introduce a small charge for sending an email.

Would require much more work to implement though.

So I ask myself, why is this not already implemented in todays e-mail servers?

Probably because a reverse dns lookup is relatively slow, and if every email server was to do that for every message it would probably cause global network molasses.

"it would probably cause global network molasses"
Reverse DNS lookups is probably not cached the same way as normal lookups so you might have a point, but I guess neither of us can be sure how the internet would handle this.

Here is a speed test I made using real world IP addresses (uTorrent peer list).
(all of which probably have port 25 blocked by their ISP anyway)

Code: Select all

EnableExplicit

Global outputMutex = CreateMutex()
Define  i
Dim IP.s(49)

Procedure.s getHostname(IP$,IP=0) ;IP$ (string) or IP (int)
  Protected *pointer, result$
  If IP$: IP = inet_addr_(IP$): EndIf
  *pointer = gethostbyaddr_(@IP,4,#AF_INET)
  If *pointer: result$ = PeekS(PeekL(*pointer))
  Else: result$ = "#unable to resolve#": EndIf
  ProcedureReturn result$ ;in-addr.arpa may be returned if connection error
EndProcedure

Procedure debugHostname(IP.l)
  Protected host$ = getHostname("",IP)
  LockMutex(outputMutex)
  Debug host$
  UnlockMutex(outputMutex)
EndProcedure

;a list of real IP addresses (in use)
IP(0) = "190.160.2.51"
IP(1) = "174.89.108.198"
IP(2) = "206.75.203.113"
IP(3) = "94.219.5.77"
IP(4) = "86.157.100.61"
IP(5) = "84.255.247.249"
IP(6) = "201.250.121.13"
IP(7) = "75.155.79.252"
IP(8) = "174.6.237.14"
IP(9) = "196.214.41.50"
IP(10) = "96.54.59.64"
IP(11) = "96.50.79.238"
IP(12) = "118.173.76.238"
IP(13) = "142.161.209.11"
IP(14) = "24.19.25.144"
IP(15) = "118.100.123.20"
IP(16) = "115.21.53.175"
IP(17) = "110.159.157.144"
IP(18) = "70.241.240.2"
IP(19) = "124.183.94.145"
IP(20) = "92.17.9.35"
IP(21) = "86.61.57.130"
IP(22) = "86.138.163.191"
IP(23) = "90.199.102.251"
IP(24) = "81.56.25.174"
IP(25) = "99.252.240.177"
IP(26) = "78.175.66.166"
IP(27) = "123.237.38.189"
IP(28) = "68.61.120.218"
IP(29) = "83.245.229.81"
IP(30) = "94.69.94.101"
IP(31) = "154.20.36.64"
IP(32) = "94.172.112.132"
IP(33) = "122.108.99.168"
IP(34) = "174.129.137.180"
IP(35) = "190.174.157.78"
IP(36) = "96.55.44.169"
IP(37) = "76.170.151.76"
IP(38) = "66.45.159.63"
IP(39) = "24.84.50.163"
IP(40) = "142.167.77.94"
IP(41) = "58.33.78.205"
IP(42) = "87.110.169.195"
IP(43) = "99.228.190.4"
IP(44) = "189.60.244.7"
IP(45) = "71.87.119.117"
IP(46) = "121.98.124.141"
IP(47) = "195.0.169.231"
IP(48) = "196.213.196.154"
IP(49) = "117.198.163.210"

InitNetwork()
For i=0 To 49
  CreateThread(@debugHostname(),inet_addr_(IP(i)))
Next

Delay(100000) ;give time to complete

On my system it was quite fast! (my system allows unlimited half-open connections btw)
The ones that did not resolve took more time than the others, if this can be optimized or not I don't know, but using threading didn't make this a pain in the ass.

[Little John]

This has already been blocked on a large scale by disallowing most home computers from connecting to port 25.

Many people use a local mail server (such as Hamster) on their PC. Normally it is connectd to port 25.

Regards, Little John

[Joakim Christiansen]

This has already been blocked on a large scale by disallowing most home computers from connecting to port 25.

Many people use a local mail server (such as Hamster) on their PC. Normally it is connectd to port 25.

Regards, Little John

I have no experience with Hamster.

Hamster can collect mail and news from several servers and gathers them together locally

But from reading the help file and looking at the program it seems that to send e-mails with it you must first configure it to connect to a SMTP server on the internet (which is who will send the e-mail to the receiver). But that on your local network (LAN, where port 25 is not blocked) Hamster can be treated as a normal SMTP server by your e-mail client. It is similar to a proxy server I guess.

[C64]

If you configure your e-mail client at work to use your home e-mail's SMPT server to send the message then you could keep doing this.

Not an option. My workplace is locked down and the employees can't configure anything like that.

...by disallowing most home computers from connecting to port 25.

Are you serious? Most ISPs still use port 25 for sending emails. In fact, I've never seen an ISP that uses anything but. And I've set up a LOT of home email clients for people, with many different ISPs. Also, spammers using their own SMTP software can set it to use any port number they like, so blocking port 25 isn't going to stop them at all.

Your solution isn't going to work. Hence why it hasn't been done yet.

[Kukulkan]

Hi,

there are enough ways for smtp-server carrier to stop spam as an origin operator. Lets do some two second delay for normal smtp-accounts. Most people will never remark something but trojans will not be able to send such a great amount of mails. Or simply control the sender mailaddress against the smtp-account settings. All these solutions will not work, because there are allways smtp-servers and providers who allow this (I don't know if they have commercial interests or if they just dont care about).

Upon this, you need to stop spam at the receiving smtp-servers of the people. And currently, there is no good solution available. Remember, that in 2011 107 billion e-mails have been sent. Your reverse-dns solution would have made 107 billion reverse-dns requests. The traffic, cased by this, is enormous...

Kukulkan

[C64]

http://www.querycat.com/question/541cf1 ... 093b4e0daa says:

"Can a reverse DNS lookup stop the flow of spam into my network?
A normal DNS lookup is used to resolve a host name to an IP address. On the other hand, a reverse Domain Name System (DNS) lookup is used to resolve a message sender's IP address to a valid host name. While somewhat effective in the past, it has become clear that reverse DNS lookups alone provide little spam protection and may actually cause more false positives than positives."

Also, Microsoft Exchange Server 5.5 uses reverse DNS lookup for all connections, yet spam still exists on such servers. So, it doesn't work.

[Joakim Christiansen]

Remember, that in 2011 107 billion e-mails have been sent. Your reverse-dns solution would have made 107 billion reverse-dns requests. The traffic, cased by this, is enormous...

Actually I just noticed that most e-mail servers actually do store the reverse DNS lookup:

Received: from webmail-out2.b-one.net (webmail-out2.one.com [91.198.169.17])

So both your argument and Trond's argument about this "destroying the internet" are false!

Also, spammers using their own SMTP software can set it to use any port number they like

Surely your e-mail program can when uploading e-mail messages to a SMTP server (the one that will send your e-mail to the receiving SMTP server for you) use a custom port number for this, but a SMTP server can only receive incoming e-mails at port 25! So if your internet service provider blocks outgoing traffic to port 25 then no e-mails can be sent from your IP address directly.

...by disallowing most home computers from connecting to port 25.

Are you serious?

Yes, that many ISP's blocks this port is not something I'm making up:
http://sonic.net/support/faq/advanced/port_25.shtml

they allow port 25 traffic which is destined for their own mail servers only.

This could explain what you said about configuring clients to connect to that port... I'm not saying that EVERY ISP does this; just that many does. My client has to connect to the SMTP through 2525 for example.

Your solution isn't going to work. Hence why it hasn't been done yet.

Oh, I do appreciate the smiley at the end!
Without a stricter system for sending out e-mails my solution wouldn't work too well, I actually agree with that!

Because when sending e-mails from the SMTP server I use with my e-mail at jlc-software.com it actually sends that e-mail from an IP address which resolves to webmail-out2.one.com (I just tested).

So to verify that jlc-software.com has anything to do with one.com one could do a MX lookup to see that its receiving mail server is also at one.com (mx-cluster-b1.one.com). But then we talk about doing two lookups, so yes, maybe a bit messy.

So my idea is for ALL (many does this) SMTP servers to send e-mails from IP's that will resolve to the same domain used in the e-mail address (for example mail-out.jlc-software.com in my case).

If everyone did that then a reverse DNS lookup would help to verify that the e-mail was not sent from someone not belonging to that domain! But yes, this is a change that will take some time, but if everyone starts making such changes I think we could have a much better e-mail system in the future!

I didn't explain all this well enough I guess, but it was what I meant with:

of course maybe someone would have to do minor changes to their systems

But I was a little mistaken thinking e-mails sent from userAt@someDomain.com would resolve to someDomain.com, maybe just 50 percent does, I don't know.

But my idea isn't a bad one.

[Marlin]

So more and more people still keep sending spam!

I doubt, that the bulk of spam does originate from common people using their home computers...

Yet this notion seems to be used as justifications to taking away more of the common peoples chances and

The way to stop spam would be to introduce a small charge for sending an email.

money! --------------- (Where do you presume this money should/would go?)

So that more power and money be concentrated in the hands of big corporations.

Btw. isn't there a notion, that spam somehow does originate from corporations [too]?

While I do not like spam, such kinds of "solutions" seem to be much worse!

[LuCiFeR[SD]]

because IP spoofing exists...

You are able to send packets with a spoofed IP address yes.
But you can't open a TCP connection and send any data with such packets!
So no, IP spoofing can not be used to fake the senders IP of an e-mail.

I bow to your superior knowledge.