Yes, I've written smtp clients before, which is why I used it as an example of why the protocols are broken (hacking has nothing to do with it, it's just broken). I think I misread your initial statement - I thought you were refering to smtp as being a secure protocol, and now I see you were talking about something else.
The alternative you described is not allowed for in any of the current protocols, and therefore would require a new one (which is what I was suggesting in the first place!). Further, it would be a pain in the ass, as I would have to approve e-mails from all one-time contacts. Additionally, if I upgrade (or crashed) my computer, I would loose these filters and need to start the process again, which would be a hassle to all my friends. Or, if it's tied to the server, I would need to repeat the process if I changed e-mail addresses. That would be than needing to use a spam filter (which is usually done for me by the server). Finally, it simply wouldn't work. The spammer would simply re-generate the spam once approval was received. They wouldn't store every message they sent out, it wouldn't be practical.
A far simpler solution would be to require an identity check of all incoming emails by the server itself, so as to eliminate spoofing. Simply contact the server listed and ask if that person is a legitimate user, and if that e-mail actually originated from their servers. That would effectively kill spoofing, and ISPs could ban e-mail based on domain rather than IP. All without any sort of action on the part of the user. Spam could still occur, but it would be much easier to track and block.
Quote:
|
Originally Posted by DJMaze
Do you know all holes in smtp ???
Your question isn't of any matter while half the world can hack it.
The current protocal (IMAP/POP) doesn't tell exactely where mail is coming from and is forward immediatly thru SMTP.
The other invented protocol doesn't send the email but stays on the first server it reaches or just the sender his computer and includes the real details of the computer that send it.
You get somesort of notification that there's email with subject X from email Y and you approve/deny the email that is send.
If you deny the email it just stays on the computer waiting till the computer is full or a auto-prune deletes them after 1 month or something.
This way you don't get virusses, spam or anything else in your inbox untill you accept that the message will be send to your computer.
As benefits this also doesn't eat all bandwidth of the network and anti spam software can be server installed and have real IP's to get the bastards.
However they wanted to run this improved protocol on the same port (25)
|