The SMTP protocol don't have any concept of opt in or opt out. The
serious companies that want to inform their presumptive customer of
their products and services use an opt-out policy that enables the
process for recipients to kindly ask the sender to not send any more
mail to them. The not so serious companies use this opt-out mechanism to
confirm that the mail address is active and send even more spam to the
recipient.
This is one of many reasons that leaves
the ISP and mail providers to only one solution, to use RBL and other
automatically spam filter mechanism to remove unwanted mails from the
users mailboxes. For example there are several solution that uses
blacklist technologies (real time blacklists) that blocks out domain
and IP-addresses that has been marked as suspected origins of SPAM.
Unfortunately
this removes and stops wanted mail as well, i.e. false positives. And
this is the main problem and utterly the end of SMTP as an mail
distributing protocol. A mail sent with SMTP is not deterministic. As
long as the operators of the infrastructure of SMTP uses non
deterministic mail filters SMTP will not be a good enough protocol to
send important mail that need to delivered to the recipient, note that
even if the spam filter did not remove wanted mail, SMTP is not a fail
safe protocol, but it could be good enough to prevail it's death.
If
the mail operators had a white list, or opt-in-list, and the
mail-infrastructure always guaranteed that white listed addresses never
where removed, it may have been a little better world, but this does not
solve the problem, the sender address can be faked, there is no
mechanism in the SMTP protocol (that I know of and is widely spread)
that authenticate the sender. So we are back to squere one, to use RBL
and "smart" filters.
But if there is a way of
authenticate the user? Yhe, the problem is who is the best fit
organization to authenticate you, and what technologies shall we use?
There is one thing to be authenticated and an other thing to be the guy
you claim to be. Thawte, Verisign ans such, has the muscles, and the
technology to give all people a certificate that proves that you are
you. It would be allot more job to send spam to a server that white list
public keys, you have to either fool Verisign that you are some else or
hack a certificate. But this has a major flaw, people don't want to
register a certificate at Verisign, it's to expensive, to abstract and
to much work to keep track of your personal ID just to send a mail!
But
there is other means to communicate through internet! Is there a
network where people are white-listed and authenticated and large enough
to manage to send message all around the globe? Yes there is, and it
may come more of them, the first is Facebook. The authentication
mechanism is there, you have to log in, and the best part is that the
mechanism that proves that you are you, is your friends and not
Verisign. Facebook has many clever things and one of them is the culture
at Facebook that encourage people to use their real name, and not a
random alias, this makes it easier for peoples to confirm your
legitimacy, the second thing is that you opt-in peoples to your network
i.e. whit liest your friends to communicate with you.
Other network that has this features is LinkedIn and Google+
My
question is when do Facebook, Google+ or LinkedIn realize this, that
they can be a distribution mechanism for mail, that grantee mail
delivery without the side effect of SPAM?
(If you don't see mail from your friends as SPAM :)
One
problem with this is that neither Google+ or Facebook is considered as a
professional networks, but LinkedIn are.. Who knows who is going to be
the first?
A vision of this could be a plugin to
popular mail clients, like Outlook and phone apps where you can "Seal"
mail or "Guarantee deliver" to recipients that you chose. The plugin use
their API to prove and deliver the mail to the recipient, in transition
Facebook and such network can use SMTP at the recipient end to deliver a
mail that force the recipient to confirm that he/she has received the
mail and at the same time suggest that they also use the plugin to make
this process easier.
Eventually SMTP will not be used
anymore for serious mail delivery, and all SMTP mail will be considered
as suspected spam if the mail is not delivered from one of the "Sealed
distribution networks", i.e. LinkedIn, Facebook or Google+
Thank SMTP for your time, you have been a good friend, and your intention were always good.
No comments:
Post a Comment