This post I’m going to talk briefly about the SMTP protocol, upon which all email “functionality” is built. I’ll also describe why the protocol is the way it is, and what that means in terms of spam.

Now, I’m not going to go into any great detail, and I’ll probably gloss over a good many things in the interest of brevity, but hopefully you’ll get the idea.

The SMTP protocol consists of three basic commands, MAIL FROM, RCPT TO and DATA. A client connects to a server, issues the MAIL FROM command to let the server know who the sender is, one (or more) RCPT TO to let it know the intended recipient(s) are and DATA to actually send the data. The problem is, who you specify in MAIL TO could be anyone – there is no way for the server to “verify” that you are who you say you are. The only extra piece of information the server gets the IP address you’re connecting to it from.

One of the great benefits of this protocol is simplicity. I can use telnet to send an email, and it works. In a completely trustworthy environment, it’s perfect. And there’s your problem – email was “invented” before the internet really existed, and between the universities where it was created, everybody was trustworthy (to an extent).

Today, of course, that’s not true at all. We cannot trust that the sender will put the correct address in the MAIL FROM field, and even if they do put a “valid” address in there, we can’t be sure they are who they say they are. Now, this may seem like a jump in reasoning, but I’m going to assert that it’s because we can’t verify the sender’s identity that spam exists. The problem is that for any given piece of email, it’s very hard to know whether we want to read it or not because the system is unable to detect whether it came from our friends or coworkers, or from “Shady Enterprises.”

Of course, we’ve tried many different things to actually combat these problems, and I’ll get into those next time. Basically, they all boil down to one of two “methods” for identifying the source of an email, which I’ll call “sender-passive” and “sender-active,” depending on whether specific actions (in addition to the normal MAIL FROM, RCPT TO and DATA commands) are required by the sender or not.

The purpose of this series of posts will be for me to describe a couple of ideas I’ve been playing with in relation to email and the increasing problems associated with spam.

It is my belief that these problems stem from some rather fundamental problems of the SMTP protocol itself, and some of the original design “decisions” that were made around it. I put “decisions” in quotes because I’m quite sure they weren’t actually conscious decisions that were made, but more like a consequence of the landscape at the time.

I’ll start the series off by describing the current “state-of-the-art” – where we are now, in terms of “defences” against spam, and some of the limitations of the current anti-spam techniques.

Then I’ll describe my “solution” to this problem.

At one stage, I had thought about going back to university and doing this as a thesis topic, but that seems to be less and less likely now-a-days. Even though, I’d like to get my ideas “out there” in some form.

Obviously, I’m not writing a thesis here, so I won’t go into too much depth with research – though I’ll try to do some ;) and the style of writing will be much less formal. Still, it should be quite an experience for me!

Anyway, I’m not going to write at any particular pace, just whenever I get half an hour or so free (which is actually not all that often). So please bear with me :) Hopefully this won’t be like so many things I start in my spare time and never finish!

Sydney, Australia (February, 2006) Global Language Monitor releases another press release.

I was browsing the Language Log (as you do) today and I saw a link to the “Global Language Monitor” site. I don’t know who this Payack guy is, but this is a weird site. I was just reading through the front page, and it looks like all of the posts are formulated as press releases but I don’t know where he’s pulling his “data” from...

From his list of “Top Words of 2006” (what’s a “top word” anyway?) apparently number 4 is:

Planemo -- Planets that didn’t make the cut in 2006 as sustainable planets. Pluto was demoted to a planemo.

Which is odd, because “planemo” is a contraction of “planetary mass object” and according to the wikipedia, is basically every object bigger than an asteroid and smaller than a star. So not only is Pluto “demoted” to a planemo, but so is Mercury, Venus, Earth, Mars, Jupiter, Saturn, Uranus and Neptune.

Even stranger, according to that self-same wikipedia entry, the word “planemo” hasn’t really caught on at all – it can be found in four (count ‘em, four) papers in the astro-ph archive – not a “top word” by many people’s definition...

By the way, the rather oddball use of the word “sustainable” seems to come from his #1 “top word” for 2006, “sustainable.” It seems that the “Global Language Monitor” has decided that the definition of “sustainable” has moved from being a “green” term (funny, I thought it was the adjective form of “sustain” but what do I know?) to meaning “self-generating” as in “wind power is a sustainable power supply.” But I don’t see where the jump from that sentence to the “self-generating” definition comes from. Wind power is certainly not “self-generating” (after all, you get no power if there’s no wind!). I wonder, does this “self-generating” definition also apply to sustainable populations, marriages, agriculture and economics? How is sustainable agriculture “self-generating”? Livestock give birth the same way whether you’re raising them sustainably or not... actually, let’s not go there.

All in all, a very strange web site. |-|

I saw a post over on Bruce Schneier’s blog, titled “DRM in Windows Vista.” Basically, he talks about the fact that DRM has been firmly entrenched in Microsoft’s latest operating system and I have no beef with that – it certainly has! Many facets of Windows were re-written specifically for DRM. Some may say the benefits of the rewrite for DRM are really only side-effects, but that just doesn’t make sense to me.

However, he goes to say, basically, that Microsoft should have just given the entertainment industry the proverbial finger and said “no way” to DRM:

It's all complete nonsense. Microsoft could have easily told the entertainment industry that it was not going to deliberately cripple its operating system, take it or leave it. With 95% of the operating system market, where else would Hollywood go?

Where would Hollywood go? Um, what about stand alone players? I’d say that right now stand alone players account for a good 90-95%† of where people watch DVDs today. And I don’t see why that would change with HD-DVD and Blu Ray.

The real reason‡ for all the DRM is a little thing called “Media Center.” In Windows XP, Media Center was a whole different “edition” of Windows which you purchased with a special “Media Center PC.” Sales of Media Center were apparently pretty slow to start with, but the numbers are picking up. Microsoft are hoping that they’ll become just as common as regular consumer DVD players, and if they can also support HD-DVD (even Blu-Ray if it eventually wins out) then they’ll be golden.

The problem is, if they didn’t build the DRM into Media Center, it would not be able to play HD-DVD which would be a major setback for Microsoft.

I don’t see where Bruce is pulling his “Microsoft want to include DRM in order to lock Hollywood into Windows” stuff from, but it certainly sounds pretty cool. Microsoft would really have to be the Evil Empire to try and pull something like that off. No, I think the real reason is that they want people to actually buy a Media Center PC – because I certainly wouldn’t buy one that can’t play HD-DVD (scratch that, I’m not going to buy one anyway, but I’m not their target demographic :p)

So why don’t Microsoft only include the DRM stuff into Media Center Edition and not Windows Vista “desktop edition”? That’s a good question. It’s true that Microsoft aren’t actually selling a separate “Media Center Edition” anymore, but there’s no real reason they couldn’t. My guess it is about hardware. A monitor that has an HDMI input for high definition cannot accept “high definition” signals over a non-encrypted DVI input††. So that would mean that Windows Vista “desktop” – if non-crippled – would not be able to use one of these monitors. This means that a manufacturer would have to create two version of every monitor, a HDMI and a DVI version.

Better that Windows Vista “desktop” supports HDMI. But in order to do that, the entire pipeline needs to be crippled with DRM. It’s sad, but that’s what the HDMI agreements state.

My hope is that Hollywood wakes up and realises that DRM simply does not work.

† I just pulled that figure outta my arse. But only cause I can’t be bothered trying to figure out the real number. This is a blog post, not an op-ed for the New York Times ;)

‡ Yep, still pulling stuff outta my arse...

†† At the moment, that is not true, but there are provisions in the HDMI agreements that by 2010 (or whatever the date is), HDMI will be the only option for high definition input.

I just downloaded the cool new Windows Vista Ultimate Extra, Hold'em Poker.

Now, I haven't really played it all the much yet, because there's a really annoying problem. You may recall I had an issue with Windows Mail, whereby it was not marked with the "high DPI aware" flag in its manifest and so Windows was doing that crappy bitmap scaling, which is almost unsuable in my opinion.

Well, here's an even stranger problem. The new "Hold 'Em" poker game has the exact same problem, and even though it's a separate download, it's still apparently a "part of this version of Windows" and so I can't tick the "disabling scaling in high DPI modes" either.

Stranger still, they've obviously gone to a lot of trouble to make the game scale very nicely - drag the window border around and the cards and text all scale perfectly!

Luckily, the same workaround I posted before works for Hold 'Em as well. Just create a new string value, called "C:\Program Files\Microsoft Games\HoldEm\HoldEm.exe" (or whereever your "Program Files" directory is), under "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers", and give it the value "HIGHDPIAWARE" and it should look good again. Here's a side-by-side before-and-after shot: