As soon as the primary use of the Internet was taken over by commercial enterprizes, people started using it to conduct business. There are two main uses on the Internet, browsing and exchanging open or private information using http(s) protocols, and message exchange (aka email) using SMTP protocol. Browsing and exchanging information in open or encrypted forms between two parties is voluntary and based on individual's decision. Open http and it's secure cousin https cannot be forced on users by anybody in general. While that is true in most cases, some websites use methods with links and sub-windows for annoying advertizing, the end user still has a choice in ignoring it or configuring the browser to simply ignore such things.
Electronic mail is another important method to exchange information between two parties where the second party can be a large mailing list. It's original designers created simple but very reliable protocol emulating postal system. The system worked well in academic and controlled environment where all the participants behave responsibly. Since the cost of sending email is not based on the number or size of the messages it became the medium for mass mailing. That on itself is not a problem when the recepients submitted their email address to the sender willingly.

Many mailing lists keep messages open to the public for reference. That became a harvesting ground for email addresses by those who do not play by the rules and use them to send millions of Unsolicited Commercial Email (UCE) to unwilling recepients.

It's unfortunate that we cannot catch most if not all violators of Unsolicited Commercial Email and chop a finger off for each of their offense. That would significantly reduce their desire to annoy people with peddling products for enlarging body parts, pornography, and harmful messages to minors.

While the legislators have tried different legal means to limit the roaming space spammers are using today, it's obvious that honest email users are on the losing end.

California legislative approach with

"(i) Many spammers have become so adept at masking their tracks that
they are rarely found, and are so technologically sophisticated that
they can adjust their systems to counter special filters and other
barriers against spam and can even electronically commandeer unprotected
computers, turning them into spam-launching weapons of mass production.

    (j) There is a need to regulate the advertisers who use spam, as
well as the actual spammers, because the actual spammers can be
difficult to track down due to some return addresses that show up on the
display as "unknown" and many others being obvious fakes and they are
often located offshore."

Therefore it's a logical conclusion that laws and "Do not call lists" will not prevent UCE violators to send messages from offshore accounts where they do not need to follow the laws of the land of the recepient. More on Spam laws around the world.

Companies are losing huge amounts of money preventing undesired email to enter their systems, including their employees wasting time deleting unvanted messages, dealing with space and backups for useless email messages, etc. In addition, there are complicated legal implications of unvanted messages on corporate servers as well. What's more, according to Internet Fraud Complaint, more than 50% of fraud on internet is commited over email and spam accounts for 60% of email traffic http://www.brightmail.com/spamstats.html.

As many times in the past, the answer to such problems is in developing better technology. SMTP in it's original and current form can only work effectively between responsible parties. With UCE reaching the number of legitimate messages according to some estimates, it's obvious that SMTP protocol needs to be adapted so that the main incentive for irresponsible behaviour goes away.

There are many anti-spam suggestions and solutions on the Internet. For example:
Habeas

Paul Graham's pages suggests 'Junk Address', 'Secret Address', 'Penny per Mail', 'Slow Senders', Heuristic and Statistical filtering', and 'Challenge-Response Filtering'.

Cyveillance Spam Collection

SPF (Sender Permitted From) which uses DNS records to reduce UCE. Here is just one controversy about that method. More here Current commercial solutions are not much more than a waste of computer resurces. Many depend on keeping old spam messages for comparison. Why keep old spam around to compare it to the incoming messages? Better not to accept it in the first place!

What's worse, Anti-Virus Companies become Tenacious Spammers as described by Paul Vixie.

It's easy to demonstrate that most of today's spam fighting methods are unsatisfactory in all acounts, either they are too restrictive (blacklisted domains), or not enough (spam gets through). Challenge-Response Filtering is possibly the best restricting method to fight spam at the moment but it's not accepted by many users due to multiple steps needed to exchange the first message.

UCE is only profitable enterprize to the sender when the message passes through email systems to the recepient. Technology that will prevent that to happen is going to defeat UCE or minimize it's impact. Therefore a paradigm shift in handling email is needed. The core of email abuse is in it's similarity to standard letter or package handling by postal systems. Email does not need to be handled in the same way and that's the direction we need to explore.

One possibility for minimizing the incentive for UCE is described in this document for Advanced email protocol. The author of this document believes that the proposed protocol provides means for all parties to be satisfied; legitimate users to exchange email, system administrators to regain full control of the servers, and commercial mailers to deliver their messages to large numbers of legitimate recepients, i.e. those that subscribed to their service and nobody else.

The intension for the described protocol is in it's ability to prevent anybody to intimidate email users with unsolicited messages of any kind. The proposed protocol gives users complete control over type of messages and languages, source of email, i.e. senders, countries, mailing lists or organizations they will accept email from.

Here is a simplified analogy of the protocol. An unknown party (a person or a company) tries to deliver unsolicited message to a residence. Advanced postal system only allows delivery of the envelope with a limited header size including subject line, in exchange between unknown parties. The body of the messages stays on sender's server. The recepient makes a decision about accepting the rest of the message based on it's origin, subject line or language, or they simply decide to have postman pickup the rest of the message from the sender's office.

All happens automaticaly so there is very little delay between the time of recepient's request and delivery. Depending on recepients decision about future correspondence, the postman makes a note of it for future reference. Postman handles the letter according to post office records next time message is to pass between the known parties. If the recepient decided to accept all future correspondence from that sender, post office will deliver complete messages, including attachments without a delay.

The advantages of this protocol are numerous and easily overcome any inconveniences to the end users. Protocol provides higher control to the end users (including parental control) and improves overall security. It depends on high availability of email servers but that is not a problem in this age. The protocol imposes a limitation on servers that connect to the internet temporarily since the message for a first time correspondence needs to wait on the sender's side. Spammers heavily depend on such systems so the protocol would limit their ability to send UCE from such systems. Users with temporary connections to the internet would only need to use their ISP to relay email for them, i.e. ISP's servers would handle the sender's email for third parties. If the recepient fails to pickup email from ISP server the message is simply indicated as undeliverable.

Since advanced email protocol would keep messages for users that don't know each other on the sender's server, that would give more time to check each message for possibility of being a spam or carrying a virus. Servers could quickly learn from each other about the undesirable messages and block the delivery before it even started.

The protocol is still under construction and constructive comments are welcome. Please send them to: .