Email Countersigns

Posted:
in General Discussion edited January 2014
I am very tired of receiving bounceback emails from spammers who are spoofing using one of my domains. It occurred to me this morning that there must be a move afoot SOMEWHERE to introduce a countersigning system for ISPs. Essentially, if I send a legitimate email from my account a receipt is generated and kept on my ISP's server.



You would have to create an (opensource) receipt-checking system that could be incorporated into email clients, allowing them to poll the domain-holder's ISP's server to verify if the email is legitimate.



PLEASE tell me that there is something like this (or better) happening out there.

Comments

  • Reply 1 of 1
    drewpropsdrewprops Posts: 2,321member
    I've been talking about this on another forum and I had to go into a better explanation there, so I figured it couldn't hurt to mention it here as well - so you folks can understand the concept better. I made some edits to names and domains:







    I don't think that I was clear with this idea....



    I already have a rule to strip out bouncebacks, what I'm talking about is something more...a way to stop spoofed spam from EVER reaching your email box.



    To better explain I'll make up an example...



    Let's say that a trusted internet security organization creates a new opensource email sub-protocol called "Valid Receipt". For the sake of this example lets pretend that the big ISPs install this system on their email servers and that the makers of major email applications implement "Valid Receipt" into their latest versions.



    ALL of the validation happens at the server level.



    Now, let's say that Drewprops wants to send Murbot an email and that both of their ISPs have implemented Valid Receipt. When Drewprops sends his message his ISP notes the message and writes a marker code to file before passing the message along to the destination address.



    When messages arrive in users' inboxes, the receiving ISP's mail server tosses the authentication marker codes (assigned to those messages) back to the sending ISP's mail servers for a valid countersign that the email really did originate from that ISP.



    Spammers could spoof emails from "appleinsider.com" all day long, but if an ISP's mail servers do not receive confirmation receipts from appleinsider's mail servers those messages are killed in-flight.



    People whose ISPs joined this system could even apply a "confirmed valid" codification to the email.



    Did this help explain it better? What do I NOT understand about email servers (likely to be a LOT).
Sign In or Register to comment.