Open-Mail.org

This is a non-profit organization of email receivers, working to eliminate forgery, spam and other abuses of email.  We are not aligned with any other organization or any technical methods.  While we do not rule out the use of exclusive systems, we must insist that any such system work within our open framework.  We believe that an open and all-inclusive system is the only choice to restore Internet mail to what it once was – fast, reliable, and trusted communications for all law-abiding citizens of the world.

    

27-July-2005

Our current focus is on setting up a Registry of Public Email Senders that will provide a common location for email receivers to find information on legitimate senders.  The Registry does not rate senders, but we will provide ratings from the most popular rating services.  We also provide information from senders allowing a receiver to verify that a Sender's Identity has not been forged.

The Registry is supported by subscriptions from receivers, and is operated for the benefit of receivers.  When a receiver.org wants to check the Identity and reputation of an unknown sender.com, it queries the Registry and gets all the information needed in one packet.  This could include ratings on sender.com from each of several Rating Services, and whatever data is needed to make sure the mail really came from sender.com.

The Registry is a voluntary system, not depending on government regulations to make sure authentication is done correctly.  Senders can choose any of the excellent methods now available.  Senders should make a wise choice, because they will be rated on how well they control abuse of their Identities.  A good rating will allow a sender to bypass most spam filtering.

Setting up the Registry

Default Identities

    Wildcard DNS records

    IP blocks as fallback for ID unknown

Reputation Services

    Locate cooperative services.  Negotiate fees.

Speed and Security of Registry Servers

    Average load 10% of peak capacity.

    10,000 zombies in a kamikaze attack.

Registration Fees for Senders

    Discourage spammers, but not legitimate senders.

 

Updating MTA Software

Authentication Routines

   Syntax of ID command, future extensions, name of command.

   Syntax of authentication header.

   Interface to MTA

   Query Registry

   Parse Record

   Run authentication tests

   Generate authentication header

Spam Filters

   Scan authentication headers to locate sending domain.

   Use domain ratings in spam score.

   Generate bounce with clear message to authenticated address.

MTAs Needing Update

   Sendmail, Postfix, Exim, Qmail, ...

Web Interface

   Forms for data entry

   Update from DNS records

  

Deployment

   Downloads of patches & upgrades.

   Initial group of receivers (alpha testing).

   Notices to netblock owners, senders.