Small change in IMAP Protocol could help reduce SPAM

Published on November 28th, 2007

A small addition to the IMAP/POP email protocols could significantly reduce spam if adopted. IMAP and POP are used to get email from email servers and download it to your computer. IMAP is far more advanced than POP in that it allows you to create server side folders and store email there. So IMAP can both download and upload email.

Since IMAP can upload email then why not let IMAP be the transport for sending email out from the client instead of using SMTP? The email user would be able to upload the outgoing email over the same connection that it receives incoming email. This eliminates the need for a separate connection and a separate setup for outgoing mail.

The way it would work is the IMAP server would receive the outgoing message and then hand it off to the outgoing SMTP server that would send it to the recipient’s email server. Mail would just go out over the existing connection rather than having to establish a different connection using a different setup and a different protocol. Advantages would include:

Half the setup time. The incoming email setting would also be your outgoing email settings.
Verification – outgoing email could be certified by the server that it came from a person who could read the email address that they were sending from. This would reduce email spoofing.
Eventually SMTP protocol could be eliminated from consumers making SMTP a server to server protocol only.

One of the problems with detecting spam is that the SMTP protocol is the same whether you are an end user sending email or an email server sending email. Thus virus infected spam zombies look like consumers sending email and servers sending email. If SMTP were limited eventually to servers only then spambots would go away as ISPs closed port 25 to the public and forced end users to use outgoing IMAP or submission protocol on port 587. If computer viruses are isolated then they can’t spread and the virus problem will, for the most part, go away.

17 users responded in " Small change in IMAP Protocol could help reduce SPAM "

Subscribe to this post comment rss or trackback url

# 1 Mike said, on November 28th, 2007 at 8:23 am

What does the picture of this woman have to do with any story? has this website adopted the techtv theory that more cleavage is better for any story? I have no problem with gratuitous sex if it at least has some connection to the story. is this really John’s wife?

# 2 amby72 said, on November 28th, 2007 at 8:26 am

well, it is actually a really tight firefox shirt she is wearing. so that is ridiculously hot. I want.

# 3 Greg Allen said, on November 28th, 2007 at 8:29 am

Let’s get’er done! Do it, tech guys.

I think I got my first spam about fifteen years ago and it’s crazy that the problem hasn’t been solved yet.

# 4 Uncle Ben said, on November 28th, 2007 at 8:32 am

Oh ‘comon, Mike, the relevance of the image is obvious! The girl is wearing a Firefox shirt, and Firefox also make Thunderbird, an email client, is often used to connect to SMTP servers …. okay, maybe its not that obvious…. still, she has a kindly face, and besides, surely if that young lady ask you close port 25 in favour of port 587, you’d agree….

# 5 BlackCat40 said, on November 28th, 2007 at 8:32 am

#1
I agree. If it were a really tight Thunderbird shirt then it would make sense.

# 6 Greg Allen said, on November 28th, 2007 at 9:05 am

See… that’s a problem with this blog’s habit of using any excuse to put a “blog babe” up on any post possible.

Now we’re talking about the picture, instead of the issue.

The open-source community reminds me of my Democratic leadership. They carp and whine but they don’t solve the problems when they have some power.

Finally with Linux, Apache, Thunderbird, etc the Open Source community could be a real agent for change — and FINALLY fix the crazy openness of Internet communications, leading to spam, spoofing, scams, fraud, etc.

C’mon Geeks! This is your chance to save the world! Step up!

For starters, encrypt and sign all our email, by default, transparently. Seems like this proposals here is a good tool for the signing.

# 7 Phillep said, on November 28th, 2007 at 9:44 am

Hey, hot chicks are the reason for coming here! MORE MORE MORE. (Bouncy moving gifs work too).

# 8 magicmarkers said, on November 28th, 2007 at 9:58 am

postfix ftw

smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_hostname, reject_unknown_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_multi_recipient_bounce, reject_non_fqdn_recipient, reject_unknown_recipient_domain

# 9 jdm said, on November 28th, 2007 at 10:05 am

A good start, but it doesn’t go far enough. Don’t just isolate SMTTP to servers; all ISPs should switch to Web browser-based email and get rid of POP3 altogether too. The real problem will be the burden on the ISP’s tech support for all the customers whose POP3 email will temporarily break before they change their email client configuration.

The POP3 and SMTP protocols should have been abandoned years ago for a newer version of IMAP that supports true authentication of the sender and verification of the receiver. POP3 and SMTP will never die, but they can fall into grave disuse as so many other outdated Internet protocols have.

# 10 johns said, on November 28th, 2007 at 10:09 am

Don’t you dare reduce… oh spam, ok.

# 11 Mac Guy said, on November 28th, 2007 at 10:36 am

Am I the only geek here who thinks this rant is overly-simplistic and lacking a million details? Am I the only geek here who thinks this won’t do a damn thing to the amount of spam being sent?

Four REAL solutions:
1 – Keep your sendmail patched.
2 – Get good filtering on incoming messages. RTBL is the way to go. I get a couple hundred spam messages hitting my server every day, but only 1 or 2 actually make it to my inbox, if that.
3 – Turn off relaying on sendmail, for god’s sake. You don’t need it.
4 – Require authentication on your SMTP server.

I get no spam, and I don’t pay someone like John does.

# 12 Ben said, on November 28th, 2007 at 11:53 am

The article is pretty bogus and very narrow minded in how the internet works.

What about those of us who buy DSL connectivity and host our own servers? Should we be filtered and now be forced to do some odd imap connection up to our ISP?

@Mac Guy – I’m glad you don’t get spam. I barely get spam, but I get 20,000 to 100,000 of “bounce back” mail because someone has taken to using my email address to spam. And all those wonderful “Non-Validating Mailsevers” out there are returning errors to me, and not to the botnet clients. (Note it was bad enough and killing my connection at one point I had to move to postini to filter my mail. So I only see maybe 2,000 slip through, and I have procmail rules to filter the rest of the mail. Your fancy RBL wouldn’t resolve this issue. =)

Having folks fix their mailservers so it validates accounts BEFORE accepting mail would go a long ways.

As for stopping spam…. That is impossible without reimplementing everything into a closed/trusted network where spammers can’t hide behind their botnets.

Sadly, the best we can do is filter via RBL, procmail or 3rd party services like postini or whatever John uses.

- Ben

# 13 pjakobs said, on November 28th, 2007 at 12:41 pm

what the message of this image? Firefox: it’s about content!

scnr

ps: what was the article about?

# 14 emeryjay said, on November 28th, 2007 at 4:40 pm

She reminds me of booth babes John usta talk about. Let’s ask the blog babe. She’s wearing a tight firefox shirt, so she’s bound to be smart.

IMAP?

SMTP?

Personally I think she will favor the IMAP strategy…

# 15 mike_c said, on November 29th, 2007 at 3:09 am

I agree that the idea posted here is flawed.

But more to the point, that Firefox top is a fake I am afraid. Its a nice bit of Photoshopping.

# 16 Marc said, on November 29th, 2007 at 9:58 am

The idea may be weak if reasonable at all, but to kill the botnets and virus emails by taking out their ‘current’ primary protocol is something worth shooting for. End users, or even network admins, shouldn’t HAVE to have thousands of spam messages hitting their systems. The problem is the botnets not the recipients. Thus far much of the work has been done on the recipient end, that’s a band-aid.

# 17 badcam said, on November 30th, 2007 at 3:12 am

After looking at her, I seem to be building up quite a lot of Spam. No, wait a minute, it seems to be going now…ahhhh…hold on….wait just one more minute…..it’s going!…yes, it’ going now….the Spam is going….going…going……going….Ahhh…GONE…no more spam…Argh!!!……..I feel so much more relaxed now….much better…NO MORE SPAM…

Leave Your Reply Below...

Comment Moderation is Active, so if your comment doesn't
show up immediately, please don't submit it again.

Special Deals 4U

25% off eHarmony subscription with code EHTECH
12-percent discount forever with code TECH
10-percent discount and free month using TECH10
10-percent or 30 dollars off weekly car rental!
Get 10-percent discount on car rental!
Get 10% off rental cars!
Get 10% off Dollar rentals!
Discounts on domain names!