Software that automatically replies to an email has the potential to be used for a denial-of-service attack. Examples are software that tells me I have a virus. Or that a user's mailbox is over its size limit. Or that a user does not exist. The problem with such messages is, that such software assumed I sent the email. Well, frankly I didn't. It's those spammers that are using my email address. So I want every piece of auto-reply software to stop trusting the email address that's present in a message.
Yesterday I made a suggestion about how a public server might help. But after thinking it over, I'm confident there is an easier and more scalable solution. Every piece of software that sends a reply in response to a message, must do the following:
- Contact a key server running on a computer associated with the domain. So in my case, it should contact pobox.com, in other cases it might be hotmail.com, etc.
- It should send the email address that it wants to send a reply to.
- If the server knows the email address, it responds with the public key(s) associated with that email address.
- The auto-responder software checks if the email was signed with one of the received public keys. If not, the email is faked. The auto-responder may not send send a reply in this case. It could even discard the received email, but that is optional.
- If one of the public keys match, the auto-responder should make sure the mail is signed correctly. If not, it should not send a reply. It might even want to discard the received email.
In case the domain does not have an email address validator or in case the user is unknown or does not care that his email address might be faked, the auto-responders behave like they do today.
This scheme has the advantage that it is easy to set up. When the server is not present or the auto-responder does not implement it, the system behaves like it does now. For people who care to run such a key server, it has the advantage that they don't have to disregard auto-responses. Else they will have no choice, but to black list such mails. If enough people do that, automated responses will loose their usefulness.
The key server can be used for more ambitious scenarios, but I think it is already quite useful for its intended purpose. The idea is so simple that I'm sure it must already have been discussed or implemented. Time to do some searching perhaps.