Ensuring a valid identity on an email has become a vital first step in stopping spam, forgery,
identity theft, and even more serious crimes.
A second vital step is assessing the reputation of that identity. A lot more is needed to end the overwhelming
abuse of email, but allowing receivers to know the identity and reputation of
senders will have a major impact. The Registry of
Public Email Senders will provide a "clearing house" of
information on senders, including what methods a sender offers to authenticate
their Identity, and ratings of that sender by various Rating Services.
The Registry will be
supported by fees from receivers, and will always operate in the best interest
of receivers. The motivation for senders
will be in avoiding the blacklists and spam filters that cause false rejects of
their legitimate messages. The Registry
will work best when senders register and provide their authentication
data. It will not depend on sender
cooperation, however. Default Identities
will be assigned to senders that have not registered. Authentication and spam ratings will be done
using their entire IP block.
Here is a typical receiver's mail flow. The checkID gate determines the Identity of the sender based on either the sender's declaration, or a Default Identity. It uses that Identity to query the Registry, whitelist the reputable senders, and reject forgeries.
checkID: Reputable Senders have less than 1 spam in: 100
emails Blacklist: - - -
- - - - - - - Moderate Spam Probability: – Reject if
greater than: 75% – Accept if less
than: 50% Filter – spam:
score > 75, ham:
score < 50
Default Settings
The major benefit of using the Registry is that mail from reputable senders will have no false rejects.
A second major benefit is having an authenticated sender's domain. This will allow recipients to safely whitelist those senders, and will allow legitimate unregistered senders to be notified of false rejects.
A third benefit is in greatly reducing the need for recipients to review their spam rejects. If the sender is not on my whitelist, and has a rating lower than my setting, and my spam filter is at least 75% sure it is spam, I can safely ignore it.
A fourth benefit is in enabling a very effective feedback system to generate domain ratings. Most of the feedback will come automatically from counting post-authentication rejects, but direct feedback from the recipient will catch those few where the spammer is clever enough to run this entire gauntlet.
The Registry will not eliminate all spam, just reduce it to a tolerable level, maybe 1% of the messages in a recipient's inbox. It will also be very effective against forgery.
The Registry will
remain neutral in the choice of authentication methods and Rating
Services. Authentication methods will be
specified by each sender in their Registry record. Rating Services will be selected by the
subscribers who pay for these services via their subscription fees.
The Registry will not
be responsible for rejects by the IP Blacklist and the Spam Filter. Options and thresholds for these functions
will be set by each recipient. The Spam
Filter may look at authentication results and domain ratings, however, to
improve its own function.
DMQ 10/6/05