Smoof Blog: Archives for Dec 1969

The following is a (updated) letter that I have sent to my representatives in congress.

Telemarketing is invasive, irritating, and wastes the valuable time of the callee, without exchanging anything in return. Recently the national do-not-call registry (http://www.donotcall.gov) went online, allowing Americans a central way to opt-out of most telemarketing calls. Unfortunately telemarketing is not the only invasive, irritating and costly form of advertising that people are forced to put up with. Unsolicited Commercial Email, or spam, is arguably a much larger problem. Besides the wasted time spent identifying and deleting spam, vast computer resources are spent storing and transmitting it, again without any compensation to those who own those resources. Perhaps even worse, spam is often used indiscriminately to advertise pornography, scams, adware/spyware, viruses, etc. to anyone who's email address falls in the wrong hands, even children.

I propose that a system for spam opt-outs be created, and governed by the same rules that apply to the do-not-call registry, with one difference. With email there is no need for any central government registry. Our existing Internet infrastructure can already handle the job quite well. The government need only set the exact protocol for the system and enforce that it is used.

When an email is sent, to victem@spamme.com for instance, the sender uses the domain name system (DNS) to look up a numerical address (IP address) for the mail server of spamme.com so it knows what computer to contact in order to send the mail. The DNS system is hierarchical. First you go to the central root servers and find out what server knows about .com. Then you go to the .com server and find out who knows about spamme.com. Finally you go to the spamme.com server and find out the IP address of the mail server. If spamme.com needed to change that address then they would only need to update their DNS server, not a central registry. This is highly advantageous- it means that the root and .com servers are not constantly inundated with an unmanageable number of updates. DNS is not limited to storing IP addresses of mail servers. It can store any sort of data at all.

My proposal is this: DNS should used to store the spam opt-out data. The opt-out data for victem@spamme.com would be stored at the same DNS server that provides the IP address of the mail server for spamme.com. Spammers would be required to check for opt-outs via DNS when they look up the IP addresses of mail servers. These DNS servers are typically run by ISPs and corporations that are constantly looking for ways to combat spam. They will probably be very happy to implement the system, but if they don't there is no need to require them to.

A common objection to a do-not-spam registry is that spammers would simply use it to gather more addresses to spam. There is no risk of this happening in a properly implemented DNS based registry. The only query the registry needs to support is "Can i spam victem@spamme.com?". They must already have the address in order to make the query.

The only cost to the government of this system would be enforcing it's use. There is no need for the government to set up a registry, process requests to be put on it, or distribute it to advertisers. Furthermore, once the exact protocol is specified (by the government), the system would be implemented by ISPs and be up and running very quickly. It requires very little new software be developed because it makes use of existing Internet protocols. I hope you will consider this proposal and introduce something like it as a bill. Thank you for your time.