Spam Solution - Verifying the Sending Mail Server

One of the problems with spam is that many spammers fake the headers on the mail, so that even if a recipient wants to complain, it is almost impossible to discover who to complain about. One way of countering this is to modify the mail server to verify that the last mail server is legitimate.

If the last mail server is known to be legitimate, then a determined user is guaranteed at least one point of contact. If a mail server is used as a source for spam and refuses to act on complaints, then the receiving site can consider harsher action, such as blocking all mail from that particular sender.

This can be accomplished by changing the receiving mail server. When the receiving mail server gets a connection, it knows the IP address of the sending mail server and it knows who the sending mail server claims to be. With this, the receiving mail server can simply perform a name lookup on the claimed name and compare the results to the known IP address of the connection.

The only connections which will not get through are those using a faked sending address, or those which do not correctly identify themselves. It means that any legitimate sender would need to use a registered name and use the address associated with that name. A mail server modified like this would complain about any sending mail server which identifies itself with a name which does not match the address, or which identifies itself by address only, or which fails to identify itself. Most mail servers already refuse to connect to another mail server if it refuses to identify itself.

To minimize the impact on the use of mail on the Internet, the modified mail server does not need to actually delete the mail. It can simply add a header to the incoming mail, like the "Received from" header it already receives. If it were to add something like an "X-SpamWarning" header indicating that it thought the message was spam because it appears to have a faked sending address, then the users could add a user filter to remove all messages with that header.

Users who want to receive everything and do their own filtering would simply not set up a filter. This is a solution that only requires changes on the receiving end (at the site's mail server) and will not interfere with any users who do not want filtered mail.


This page maintained by Rob (at ewan dot com, of course).