Registry of Public Email Senders

Executive Summary

Ensuring a valid identity on an email has become a vital first step in stopping spam, forgery, identity theft, and even more serious crimes.  A second vital step is assessing the reputation of that identity.  A lot more is needed to end the overwhelming abuse of email, but allowing receivers to know the identity and reputation of senders will have a major impact.  The Registry of Public Email Senders will provide a "clearing house" of information on senders, including what methods a sender offers to authenticate their Identity, and ratings of that sender by various Rating Services.

The Registry will be supported by fees from receivers, and will always operate in the best interest of receivers.  The motivation for senders will be in avoiding the blacklists and spam filters that cause false rejects of their legitimate messages.  The Registry will work best when senders register and provide their authentication data.  It will not depend on sender cooperation, however.  Default Identities will be assigned to senders that have not registered.  Authentication and spam ratings will be done using their entire IP block.

Here is a typical receiver's mail flow.  The checkID gate determines the Identity of the sender based on either the sender's declaration, or a Default Identity.  It uses that Identity to query the Registry, whitelist the reputable senders, and reject forgeries.

Default Settings

checkID:  Reputable Senders have less than 1 spam in:   100 emails

Blacklist:  - - - - - - - - - -   Moderate

Spam Probability:

 – Reject if greater than:      75%

 – Accept if less than:          50%

 

 

Filter     – spam: score > 75,

                  ham: score < 50
 
 

The major benefit of using the Registry is that mail from reputable senders will have no false rejects.

A second major benefit is having an authenticated sender's domain.  This will allow recipients to safely whitelist those senders, and will allow legitimate unregistered senders to be notified of false rejects.

A third benefit is in greatly reducing the need for recipients to review their spam rejects.  If the sender is not on my whitelist, and has a rating lower than my setting, and my spam filter is at least 75% sure it is spam, I can safely ignore it.

A fourth benefit is in enabling a very effective feedback system to generate domain ratings.  Most of the feedback will come automatically from counting post-authentication rejects, but direct feedback from the recipient will catch those few where the spammer is clever enough to run this entire gauntlet.

The Registry will not eliminate all spam, just reduce it to a tolerable level, maybe 1% of the messages in a recipient's inbox.  It will also be very effective against forgery.

The Registry will remain neutral in the choice of authentication methods and Rating Services.  Authentication methods will be specified by each sender in their Registry record.  Rating Services will be selected by the subscribers who pay for these services via their subscription fees.

The Registry will not be responsible for rejects by the IP Blacklist and the Spam Filter.  Options and thresholds for these functions will be set by each recipient.  The Spam Filter may look at authentication results and domain ratings, however, to improve its own function.

DMQ  10/6/05