Forgot your password?
typodupeerror
Spam The Internet It's funny.  Laugh.

Beat Spam By Not Using Email 314

Posted by michael
from the works-for-me dept.
judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"
This discussion has been archived. No new comments can be posted.

Beat Spam By Not Using Email

Comments Filter:
  • by HackHackBoom (198866) * on Friday September 10, 2004 @10:23AM (#10212301) Journal
    I'm all for trying new concepts, but pardon my disgust. I'm an entrepreneur myself and I understand money makes the world go-round, but I shudder to think where we'd all be if the guys who came up with Apache were trying to start it now.

    D-Mail, G-Mail, PurplePokaDotMail are just more examples of someone trying to create, patent, exploit, etcetera when there are far more ethical and lucrative methods of making money. Of course this relies on people getting thier heads out of thier proverbial asses, but what can you do?

    • by l4m3z0r (799504) <.ten.elytsrebu. .ta. .nivek.> on Friday September 10, 2004 @10:30AM (#10212381)
      A private mail exchange system is an awesome Idea, I'm sure tons of companies have home grown solutions already using email systems configured to not receive/send mail to people outside the company. This looks very intriguing to companys whose individual employees need to send lots of mail to eachother but not outside the company. Not only does it fight spam/viruses, but it helps keep documents confidential by not allowing employees to mail sensitive data around the net, it helps curb use of company resources for personal interests, and it decreases the amount of intervention IT staff will have in the daily operations of its employees. Less viruses mean less visits from IT staff which means more productivity accross the board. What can you be disgusted about when there is already a demand for the product? They arent trying to force something unwanted to anyone, they are recognizing legitimate need and demand and catering to it. Bravo.
      • by Anonymous Coward on Friday September 10, 2004 @10:37AM (#10212469)
        Any mail exchange system could be made private by simply blocking port 25 on the external firewall. It's like magic.
        • by JAgostoni (685117) on Friday September 10, 2004 @11:41AM (#10213185) Homepage Journal
          Even more so than that most email systems have a configuration option (sometimes even per-user) that can disable public/internet email exchange. Even Microsoft Exchange has that! At my company, internet email is actually turned off by default until the user takes a "training" course on how to use the Internet properly. Interestingly enough, the words "spam" appear nowhere in that training.
      • by Anonymous Coward
        This is great because email was really trying to meet two differing and conflicting sets of requirements for two different problems.
        1. The 'old-style' email where anyone could send a message to everyone, that all the traditional MTAs (mail transfer agents) supported. Anonymous messaging is desirable in this system.
        2. The 'new-style' email where everyone wants to silently drop messages from spammers they don't like; and corporationos want to silently drop messages they don't want employees to get, etc. Ano
      • For intra-company document exchanges, re-inventing email is IMO a poor fit. Having a searchable centralized archive of all documents in an intranet can save a lot of time- that's what intranets are for.
      • This scheme is "disgusting" because it capitalizes on the fact that their customers don't know enough about their existing mail software to configure it do to the exact same thing. The only difference between "dmail" and minor Exchange Server deployment change is that the "dmail" scheme is proprietary and comes with vendor lock-in.

        Frankly, I think any IT manager that doesn't know enough to have an SMTP system configured to be "private" doesn't know enough to evaluate commercial mail solutions. But I cou

        • The only difference between "dmail" and minor Exchange Server deployment change is that the "dmail" scheme is proprietary and comes with vendor lock-in.

          And using an Exchange Server is different how... ?
      • This is neither new nor exciting, as it is possible with hotmail to block every message originating from someone not in one's contact list; spam, e-mail or otherwise. Thus a tight knit family could keep only those members on their contact list and see only their mail.(I'm sure Yahoo and every other webmail service has a similair feature.)Plus, no fancy exclusive e-mail system is going to fix Outlook Express, or the fact that people download and execute viruses despite any fancy warnings.

        I'm guilty of that
    • by SkyWalk423 (661752) on Friday September 10, 2004 @10:30AM (#10212390) Homepage Journal
      There is nothing unethical about parting morons from their money. And I might also add, it's a quite lucrative endeavor!
  • by Anonymous Coward on Friday September 10, 2004 @10:24AM (#10212311)
    By not using computers.

    Now where did I put that abacus?
  • by JohnGrahamCumming (684871) * <slashdotNO@SPAMjgc.org> on Friday September 10, 2004 @10:25AM (#10212321) Homepage Journal
    I recently beat seasonal allergies without relying on any medicine at all. I simply decapitated myself with a steak knife. It was so easy, no more running nose, or red, watery eyes!

    John.

    PS And there's an added benefit: I can't see the hideous /. IT color scheme any more!
  • by Cylix (55374) * on Friday September 10, 2004 @10:26AM (#10212332) Homepage Journal
    Back some time ago... I knew of a horrid little web based email proggy.

    It was of course, dmail's web front end and then there was of course dmail's own mailer.

    I wasn't much of a fan of either application.

    In any event, the point is, someone already has that name. It is entirely possible the company is now defunct or sold and then molested into oblivion.

    I wonder if it is the same company?

    So many questions and so little names...
  • by DamienMcKenna (181101) <damien.mc-kenna@com> on Friday September 10, 2004 @10:26AM (#10212334)
    I'm waiting for dmail rev 2 that adds on network-to-network communication, so you can dmail your friends without having to have an account on every single different network. Oh, wait..

    Damien
  • Slashdotted (Score:5, Interesting)

    by Nos. (179609) <andrew AT thekerrs DOT ca> on Friday September 10, 2004 @10:26AM (#10212336) Homepage
    So I can't read the articles, but I don't see anything here that setting up a whitelist only mail server doesn't do
  • eMail replacement. (Score:3, Insightful)

    by Amiga Lover (708890) on Friday September 10, 2004 @10:26AM (#10212339)
    IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.

    Drop email. Drop SMTP. Change the ports it uses. Change the entire system, and scrap what's gone before and start again. Make it PURPOSELY incompatible.

    Unless of course you want to keep getting spam. If so, keep using email as it is.
    • by bobintetley (643462) on Friday September 10, 2004 @10:32AM (#10212402)

      IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.

      This comes up every time someone mentions spam. You simply cannot have a decentralised, free, messaging system without a small minority of people abusing it.

      Think of it as the price you pay for having a decentralised, free line of communication. This is a social rather than technological problem and I'd rather have spam than a tightly controlled mail solution that could be taken away from me or cost me more money.

      • by photon317 (208409) on Friday September 10, 2004 @10:51AM (#10212618)

        Actually, you can have a decentralised free messaging system that's immune to the types of abuses we see today (spam). We already have the smtp email foundation to build it on top of, and it's pretty damn simple to do. If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust". If you make spam completely accountable to a real-world entity via cryptography, it largely solves the problem, because the problem is so easy to solve at that point.

        There's already some competing standards for this stuff, and Enigmail (in moz and thunderbird) supports at least two of them. I'm pretty sure you can get an email cert from one of a few authorities pretty cheaply.

        So, it really comes down to convincing the users, which is largely the job of email client vendors. When you first set up your account in Outlook, Thunderbird, or whatever, there should be a dialog box to the effect of:

        Please click "Use Existing" to use an existing email certificate for this account, or click "Create" to create a new certificate....

        With pointers to signing authorities and an explanation that the user would be doing their part to prevent spam if they would just take this simple measure.

        Eventually everyone notices that all their legit email is signed, and starts turning on that "kill all unsigned mail" option in their mail client, and poof goes the spam problem.
        • by gl4ss (559668) on Friday September 10, 2004 @11:01AM (#10212723) Homepage Journal
          ***. If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust".***

          that wouldn't be free & decentralised anymore.
          if you want to have the ability to receive messages from total strangers, you have the ability to receive totally useless messages(spam) from them as well.
        • by MemRaven (39601) <.kirk. .at. .kirkwylie.com.> on Friday September 10, 2004 @11:22AM (#10212971)
          I used to agree with this, except that there are three big issues with it given the current infrastructure:
          • You have to trust that the certificate providers that you're going to "trust" are properly dealing with spamming customers. Because otherwise, it would be relatively easy to send spam, it's just that you guarantee that you can know the email address of the person who's spamming you. Or, rather, you can guarantee that the email address which was on the outbound message matches the one that the provider issued. This means that you can still get spam, it's just that you know an email address was successfully provided at oen point for that spam.
          • What about phishing scams where they take your password? You think they won't find a way to get the private key for your certificate store, and then use your certificate to run joe jobs against you? Think again. As long as you have clueless users out on the internet, they'll be able to do crappy things with anything which relies on user-level security.
          • What do you do with webmail systems? There's no way outside of something like ActiveX for me to client-side sign my outbound email, and even if there was, there wouldn't be a way to deal with the whole kiosk problem (I want to walk up to an internet browser and be able to check my email). I could offload the signing onto the webmail system, but then that's not terribly secure, because the people I send email to can't necessarily trust that it was me (and not Yahoo Mail) who actually drafted the email. Also, if I have a simple password, again, that could be cracked, and anybody could send email as me. While this one might seem a unique problem with things like Hotmail and the like (which you might not want to allow mail from anyway), think of the number of corporate users who rely on things like Outlook Web Access (which will soon support client-side signing, but only if you're running MSIE on Windows and are at a machine where you can control the hardware to get your private key pair installed correctly).
          So while S/MIME and equivalent systems are useful in the fight against spam, they aren't panaceas because the rest of the infrastructure (particularly webmail systems) can't deal with them.
        • by cthlptlk (210435)
          I was going to mod this interesting--it is interesting--but I think you underestimate human ingenuity and human stupidity at the same time. Do you really think that if the zombie boxes that are sending out spam now move to certificate-based email, that all of those users are going to secure their certificates and set up their systems so that they need to unlock the certificate with a passphrase? I think that you're right, in theory, but I don't think it will pan out in the real world.
        • by YellowBook (58311)

          There are several problems with this scheme. It solves the problem of spam (more or less), but creates new ones.

          The first is that it gives power (which will be converted into money) to the certificate signing authority. This is currently a problem with https, as even though anyone can set up a web server using SSL, for it to be usable buy the public, you must pay an often very high tax to one of a very few signing authorities. This problem would be much, much worse with email.

          The second is that

    • by Anonymous Coward
      This is why I like Jabber [jabber.org]. Open like email, works like email, but with the added bonus of presence information and required authorization to add somebody to your list. (People can send you messages if they're not added, but you can easily block them.)

      Hooray for Jabber!
    • by rice_web (604109)
      No, not necessary. However, I would block all incoming e-mails from unknown people, and for those that are not "in", provide them with a form on a website that would allow them to "join in". Please don't mistake this for a Verizon advertisement.

      I rarely receive e-mails from more than a small group of people (hey, the web design world in North Dakota isn't exactly buzzing with potential clients), so it's no problem for me to first get the e-mail address of a client before I allow their incoming messages.
    • Exactly,

      Come to think of it, I've never received spam on my instant messengers. Why don't they add offline capabilities to IM?

      That would work.
      • That would not work. The answer to your question is that it would be used for spam.

        And furthermore, I already have received a significant amount of IM spam. (AIM network)
    • Which replacement? (Score:4, Insightful)

      by jfengel (409917) on Friday September 10, 2004 @10:56AM (#10212668) Homepage Journal
      The trick is, what do you replace it with? There are a lot of design constraints on email, among them:

      * Sending message should be free or extremely cheap
      * It should not be required to receive an invitation to talk to somebody

      You can quibble with those requirements if you want to design a new system, but if you follow them any system you propose risks being spam-ridden. The spammers will not say, "Oh, gee, they've all moved to a different port and protocol, let's forget it then." They'll adopt any new protocol, faster than users will.

      So what about present email are you willing to give up? Converting from "free" to "extremely cheap" sounds promising, but it's still prone to the army of zombies, and exchanging trivial amounts of cash is still difficult and expensive.

      There are various ways to introduce blocks in the "anybody can talk to anybody" system. Some systems email you back when you send me a message for the first time, which at least proves the existence of a back path and to a small degree a real human (not a zombie) on the other end. Bayesian filters provide extra points to people who have emailed you before without excluding people you've never heard of.

      Or maybe we weaken the second requirement by distinguishing between promiscuous and non-promiscuous addresses. My friends email me at one account, and if I could I'd give each of them a separate address. People I trust less get different accounts. People who break the trust find that the address disappears, and because those addresses aren't promiscuous, relatively few other people are inconvenienced by that. I've effectively whitelisted those addresses.

      But I also monitor info@foo.com email addresses, which really do want to take email from anybody in the world. I can't drop those when they get spammed, because many people are expecting to get to me through them. But if we made promiscuous addresses rare, we could use more whitelists and perhaps change the balance.

      Perhaps if your average spam-buying-jackass@comcast.net were able to receive mail only from people he'd whitelisted, he'd get less spam and the spammers would give up. But that would be wildly inconvenient for him.

      The point is, most of these could be built on top of SMTP, and any SMTP alternative you propose is going to have either promiscuity or conveninence problems. Just dropping SMTP just moves the problem to a new protocol but with massive infrastructure pain.
    • by Christopher Thomas (11717) on Friday September 10, 2004 @10:58AM (#10212696)
      IMHO completely dropping email as we have it now is the only way against spam.

      The problems is that any system with the features we demand of email has the faults of email.

      The crux of it is - do you want someone you haven't heard of before to be able to email you?

      If the answer is "yes", then you get spam.

      If the answer is "no", you get something fundamentally different from email. You can also already implement this, by using a whitelist for both email addresses and originating mail servers (to filter forged friends' addresses).

      Authenticating users and rubber-stamping their mail at mailservers doesn't help, because there are always untrustworthy mailservers run by ISPs who don't know enough or don't care enough to fix them. This is half of the source of the _current_ spamming problem. So, any decentralized email-like system is vulnerable to having spamming users and compromised mail servers exist. Compromised mail servers bring back forging, and you're pretty much back to square one. It gets a little harder to convincingly forge a sender address from a different mail server, but you can _already_ filter for that by using a server whitelist or using a DNS lookup (forward or reverse) for server lines in inbound mail.

      Having a centralized mail server makes it harder to insert bogus traffic, but creates a huge bandwidth bottleneck, and concentrates power over mail in a way that's unlikely to be acceptable.

      In just about any scheme, you can also get compromised user machines spewing mail from their own accounts with legitimate sign-in to any type of mail system at all.

      In summary, the spam problem isn't going away under any system that serves the same purpose as email. You can also modify a standard email system to get most of the benefits of the different types of system that _would_ be more spam-resistant. So, there doesn't seem to be much point in proposing a system-wide overhaul.
    • IMHO completely dropping email as we have it now is the only way against spam.

      Whitelists work quite well against spam. The only way spam will get through a whitelist is:
      - By faking the "I am a real person" replies to messages bounced by the whitelist. This can be made very hard for machines. At the very least this will require them to have a return email address in the spam.
      - By spoofing the email address of someone already on your whitelist. Even by spoofing the address of popular mailing lists wil

  • by Clinoti (696723) * on Friday September 10, 2004 @10:27AM (#10212340)
    A proprietary system that no one can post to coupled with a password needed to view said content sounds suspiciously like a static second level webpage or a ssl private network. Just...like...a...private forum. We do the same thing here at work for vendors who buy our products, a static page updated weekly by the sales department that only x amount of vendors have access to, they can read their mail "posted specials" and later send updates to the dmail admin "webmaster" or "sales". Let's just face it. Spam as much as I hate it is here to stay. Yes we can all agree that eventually the systems will get better at defeating spam and bulk mailings, but the brilliant minds that are developing the stopping systems have the brilliant minds that are bent on defeating those other brilliant minds. But removing the system from the culprits is a novel approach, lets just not herald it as the end or even a stepping stone to stopping spam.
  • by Moonlapse (802617) on Friday September 10, 2004 @10:27AM (#10212343) Journal
    Just do what i do. One email address for pr0n. One for serious stuff. One for each girlfriend. Then another one for some more pr0n.
  • What a stupid idea (Score:5, Interesting)

    by hoggoth (414195) on Friday September 10, 2004 @10:27AM (#10212348) Journal
    This is functionally equivelant to using a whitelist-only filter on your email, only worse in every way.

  • by Tony Hoyle (11698) <tmh@nodomain.org> on Friday September 10, 2004 @10:27AM (#10212352) Homepage
    On current trends there are only 25 possible names of mail services (given that E is already taken).

    google got G, and these guys have claimed D.

    That leaves only 23 more slashdot headlines before people have to start being original! Heck, maybe they'll actually invent someting new (or maybe that's too optimistic)...
  • by blibloblu (810226)
    I use a system called sMail (for Snail Mail).

    Its a new technology involving ink and paper.
    • Re:Another idea (Score:3, Insightful)

      by RAMMS+EIN (578166)
      Unfortunately, I get more spam from snail mail than from email, and it's much harder to ignore, too.

      I guess it has something to do with me keeping my email addresses to myself and my contacts, whereas my street address can be found in public directories. Oh, and I don't think I could install a decent spam filter on my smailbox, either.
  • Well, duh (Score:3, Insightful)

    by RAMMS+EIN (578166) on Friday September 10, 2004 @10:28AM (#10212355) Homepage Journal
    Obviously, if you cut yourself off of the system, you won't get spam from it. I don't get email spam on my IRC connection, either. It's only worth anything if it's an open standard and fixes the design flaws in current email protocols. Considering that this is not at all hard to do, I am stunned each time that people haven't switched to something better than SMTP yet.
    • **I don't get email spam on my IRC connection, either.**

      on some irc networks autospammers are a problem.

      if you're going to have the ability to receive messages from just about anyone on the globe then spam is going to happen no matter what.
  • Usenet started getting spammy, and many many users moved to web-based community forums. Sure, one reason was the rush to slap a browser interface on top of everything, but certainly part of it is that millions of different forum sites are harder to spam than one centralized usenet system.
    • Re:Same as Usenet (Score:2, Insightful)

      by gowen (141411)
      And now we get blog spam [friendsinbusiness.com] and forum trolls [wikipedia.org], whereas a well filtered Usenet feed (such as Uni Berlin) is now extremely useful.
    • Re:Same as Usenet (Score:2, Insightful)

      by Chris Hodges (670481)
      millions of different forum sites are harder to spam than one centralized usenet system.

      But they're also much more annoying to use - first you have to find a decent forum. Then you (often) have to register. Then you find that actually you get flamed for posting a newbie question - but the search is so useless that you can't find the answer that was posted last week (and it's all .asp and not indexed by google). Then you go back to usenet.

  • by theMerovingian (722983) on Friday September 10, 2004 @10:29AM (#10212371) Journal
    Beat Spam By Not Using Email

    To avoid viruses and hackers and such, they used to turn off their servers every night when no one was in the office to monitor them...

    It wasn't too hard to get an offsite hosting contract though :)

  • by 5n3ak3rp1mp (305814) on Friday September 10, 2004 @10:30AM (#10212385) Homepage
    ...oh, wait. Too late!
  • How do I "beat spam by not using email" if the bulk of spam I get comes through regular mail and phone calls?
  • by LostCluster (625375) * on Friday September 10, 2004 @10:31AM (#10212398)
    The strength of SMTP/POP3 e-mail system is that you can get e-mail from people that you've never heard of... the weakness of the SMTP/POP3 e-mail us that your inbox is wide open for anybody who wants in, and that means spammers who you never heard of and would rather never hear from.

    Of course, a closed invitation-only community will stay mostly spam-free because anybody who does spam will get booted rather quickly, and the community will move on without them.

    We've already seen blog spam when no registration is required to post a comment... but blogs that require commenters register are mostly spam-free because no spam bot is good enough to remember to register at a zillion sites.

    In short, there are times where "closed" systems are better than "open" ones. And isn't it interesting that they tend to come to /. in the form of a story in this puke-brown section that totally clashes with the normal geek-green. :)
  • by artemis67 (93453) on Friday September 10, 2004 @10:33AM (#10212424)
    This is nothing more than a fancy white-list, from what I can tell (the TechWorld article is slashdotted.)

    Yes, a closed system that has user authentication built-in from the start has been proposed many, many times. The problem is getting the rest of the world to adopt such a system.

    Just like the idea of charging a fractional penny to send an email and collecting a fractional penny when you receive one, so that email costs and revenues are balanced for the average person, but costs are astronomical for the spammer. Interesting idea, now how do you convert the planet over?

    The solution to spam seems easy enough; it's the implementation that's the problem.
    • Alright! Lets make it prohibitively expensive to run a mailing list! Everybody wants to check webpages daily for announcements about the dozens of various projects they work on in their spare time.
  • by Anonymous Coward
    http://story.news.yahoo.com/news?tmpl=story&cid=74 &e=4&u=/cmp/47102042

    According to E-mail security vendor MX Logic Inc., spammers are trying to make their messages appear more legitimate by adopting the Sender Policy Framework (SPF), which recently became part of Microsoft's Sender ID proposal.
  • by Dave21212 (256924) <dav@spamcop.net> on Friday September 10, 2004 @10:34AM (#10212444) Homepage Journal

    Congratulations, they invented the BBS [google.com] !

    Interestingly, I've been trying to find time to start an IBM Domino [ibm.com] based BBS for my neighborhood. Yes, I started an i-neighbors [i-neighbors.org] thingy, but it would still be cool to have our own local site. (rembering the good 'ol days [bbsdocumentary.com] of 300 baud dialup :)

  • Um - isn't that just Jabber?
  • michael (Score:2, Troll)

    by cavemanf16 (303184)
    Since everyone's favorite "editor" michael is now posting stories, be assured that they'll be highly inflammatory, usually contain many falsities, and will be hardly worth the time wasted RTFA. We all hated flamed Katz out of Slashdot existence - I propose we do the same with michael. These last three articles have all been extremely UN-newsworthy bits.

    michael: Please stop posting to Slashdot.
  • This scheme can only stop Trojan-type viruses, and not the kind that do their own scanning for vulnerable systems.
  • PGP (Score:3, Interesting)

    by Doc Ruby (173196) on Friday September 10, 2004 @10:41AM (#10212519) Homepage Journal
    With a close-knit group, why not use PGP encryption for authentication of the sender? The close-knit group can scale to include hundreds of thousands, millions of people. And it doesn't need any other software, while reaching all the people on unenhanced email, as well as all the email integrated applications.
  • cr (Score:2, Interesting)

    by smallguy78 (775828)
    Challenge response seems to do the same thing - block all email except the ones you want through. Works well for me (I use http://www.spamarrest.com/ [spamarrest.com] which is pretty good for $30 a year, saves me downloading the emails first)
    • by cpghost (719344)

      Works very well for me too, using TMDA [tmda.net].

    • Re:cr (Score:3, Insightful)

      by kindbud (90044)
      I ignore all CR messages. Nobody's email is important enought to jump through those hoops. I'll call you by phone instead if I have something to say. If you get tired of me calling, you can add me to your whitelist yourself.
  • Here's how:

    I opened an account with usa.net. I ONLY use it for friends and family I trust.

    Via my ISP I create other accounts, e.g., one for Newegg, one for Amazon, etc. If I ever buy from someone and that account starts getting spam, I can cancel it immediately. It has only happened once.

    I also give out a secondary email account to friends and family to test them. If they don't sign me up for crap and don't forward me crappy jokes, I then give them my real account.

    Like my subject says, I've never re
  • by WebTurtle (109015) <derek@@@blueturnip...com> on Friday September 10, 2004 @10:44AM (#10212557) Homepage

    Disclaimer: I've only read a little bit of their web site.

    From what I've read and can guess, this sounds like a private version of an online service. Think 1990's AOL, only on a micro-scale: to access the private network, you must have the correct network addresses and be an approved member. The network doesn't allow messages originating from outside the network, nor I imagine, can you send messages to external addresses. (Anyone with more specifics, feel free to correct me.)

    "a secure messaging system which was instantaneous and able to transfer large files rapidly."

    Sounds like they have some encryption and allow direct downloads within the private circle of members

    "there is a Patent Pending on the process of digital mail"

    Eh? This sounds extremely fishy. I'm sure the technologies being implemented here are nothing new.

    "dmail is server-based, operates with a back-end SQL database, supports html text only and does not have an interface with email. In fact, it is a completely closed system which can be accessed from anywhere in the world on any web-enabled PC, handheld or mobile device. It is a safe and secure platform which can not be penetrated by unwanted visitors or observers."

    Sounds like you are in a private country club and are only playing with other people who can enter the club. Nobody gets in and nobody leaves... including telephone calls or anything else... it's like the outside world no longer exists once you enter, and for those in the outside world, it's as though the private country club doesn't exist... and ne'er the two shall meet.

    Seems to me that this is analogous to Closed Circuit TV but just running over the existing broadcast spectrum in encrypted form (or something along those lines).

    But practically speaking, isn't this like operating your own version of Jabber, but crippling it with a "feature" that prevents you from contacting (receiving from and sending to) anyone who's not listed in your buddies list and also using the exact same version of Jabber client?

    • Furthermore, couldn't this type of thing be done simply by filtering by domain name plus authentication credential (e.g., PGP key) at the Sendmail level? Nobody can send to or receive files from anyone who doesn't meet the two criteria:

      1) same domain
      2) PGP authenticated (to prevent address spoofing)

      I'm sure there are corporations that are already doing something like this.
  • Well with all the talk of revising older standards to add safeguards and to install authentication methods, I think it's not a half-bad idea to just create a new email standard from scratch in the open.

    A lot of popular enail clients would just add a new plug-in to support the new protocol set. Microsoft would try to embrase and extend it and all would be more happy. But if it happens at all, I am hopeful that it starts in open source so that no one would monopolize it. Making it free from the start woul
  • by teamhasnoi (554944) <teamhasnoi@@@yahoo...com> on Friday September 10, 2004 @10:45AM (#10212567) Homepage Journal
    What self-respecting /. actually uses *email*?

    I know I don't speak only for myself. Really, how could anyone ever forgo the art of a well-crafted letter, scribed with a feather quill, and sealed with wax warmed by a smoky taper?

    I hardly think that email will ever catch on. In fact, the very idea fills me with mirth! RFLOL!

    Your ally in words,
    teamhasnoi

    P.S. Did you see the series premiere of 'Joey'? A smashing success by any measure! : ) LOL!

  • Now what do they plan to do about their website that looks like it was designed in 1983? I love the catch-line too:

    "dMail ... a world of your own"

    Damn straight it's a world of your own ... 'cause nobody else will be there to communicate with you.
  • This is hi, we're another website, link to our press release, please (and maybe bring our readership stats up).

    I can't tell whether it's a BBS or just a passworded webpage because it's down right now, but gee, prior art is older than some ./ viewers, I'm sure.
  • by slungsolow (722380) on Friday September 10, 2004 @11:00AM (#10212710) Homepage
    You don't have to worry about this closed loop system. Why not just rely on some kind of messaging service instead of 'dmail'. The whole thing sounds kind of stupid considering the purpose of an email address is not to be "out of contact".

    Besides, all a company has to do is close off their email gateway and they can accomplish the same thing this new 'innovation' provides.
  • It has the same function as only allowing people who are on your list of ok senders to receive emails from. Or a internal email system that allows only internal emails to be sent to other employees in a company.
  • New Section (Score:3, Insightful)

    by zik0 (450949) on Friday September 10, 2004 @11:02AM (#10212731)
    Time for a new /. Section:

    Lame Product Announcements
  • I've had the same usa.net email address since '95

    Their spam filtering (brightmail) has got better in the last few years. i used to get 20 a day now it's about 1 a day.

    Spam just isn't the big problem it was. We have the tools to get rid of it.
  • dSlashdot (Score:3, Funny)

    by DarkRecluse (231992) on Friday September 10, 2004 @11:03AM (#10212739)
    I believe tomorrow they will come out with the service "digital slashdot" aka. dslashdot, where they take stupid premises and put them on a website that no one can access.
  • Years ago I used Notes mail, cc-mail and profs on some IBM mainframe.. all were company wide 'private' mail systems that would allow selective communications with other parties (that used the same systems).

    How is this dmail different in what it offers?
  • by cbreaker (561297) on Friday September 10, 2004 @11:12AM (#10212851) Journal
    Exchange is XML based with a database back-end. It's got a very nice web front end and can be configured any way you'd like. AND, you can use Outlook if you want.

    No typing @domain.com. No viruses. No spam. Gee, those things sure are easy to provide when you have 200 users and no internet e-mail connection.
  • How about a role-based "register to view/edit forum" (tm), where each person is assigned a role where the permissions include "view messages to ME or from ME"?
  • obChecklist (Score:5, Funny)

    by spoonyfork (23307) <spoonyfork@NOSpam.gmail.com> on Friday September 10, 2004 @11:14AM (#10212868) Journal
    Your post advocates a

    (*) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (*) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    (*) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (*) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (*) Huge existing software investment in SMTP
    (*) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (*) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (*) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    (*) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (*) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
  • Article (emphasis mine):

    Although available to anyone, dmail is initially being targeted at several

    niche sectors where its properties are particularly relevant. These include education, friends/family, teenage and corporate markets.

    So they're only targeting a few niche markets. Just businesses, families, education, friends, and teenagers. They've sure picked their battles discerningly. I hope someday they expand to some market that includes me. (I don't work, I have no friends, I have no family, I'm

  • Any Sys Admin that can't set up a Jabber server and for extra security force users to tunnel in using something like OpenSSH ought to have his pay grade re-evaluated.
    For those out there using Windows, simply tunnel into the server using Putty.

  • by 1u3hr (530656) on Friday September 10, 2004 @11:23AM (#10212986)
    From dmails's "background information", page:

    "secure messaging system which was instantaneous and able to transfer large files rapidly...a safe and secure platform which can not be penetrated by unwanted visitors or observers...exceptionally fast medium for accessing and exchanging large files such as music, images and film, with huge capacity. For starters, each dmail address will have one gigabyte of space... argeted at several niche sectors where its properties are particularly relevant. These include education, friends/family, teenage and corporate markets"

    The *IAAs are going to love this if it takes off. But it has the same vulnerability as any "closed" system, it's brilliant at the beginning but if it grows beyond a certain number you get trolls and spammers.
  • by ziegast (168305) on Friday September 10, 2004 @11:35AM (#10213118) Homepage
    This may sound blatantly naive, but given that SlashDot is a relatively open forum, why is it that we see hardly any spam at all in the SlashDot forums? Compared to virus-writing, it seems to be a trivial task to write a spambot that posts "Anonymous Coward" messages or even signs up real accounts before posting to forums.

    Granted, we have trolls, offtopics, and flamebaits, but I have never seen anything close to what typical spam looks like when moderating and reading "flat" at level 0.

    D15cr337 V14gr4 4 U! [cowboyneal.org]

    Dmail isn't doing anything new. If SlashDot were a Usenet group, it'd be spammed just like the rest of the groups. If everyone had a different method of contacting them, it'd be too hard a problem for spammers to reach everyone.

  • by faedle (114018) on Friday September 10, 2004 @11:50AM (#10213285) Homepage Journal
    It's the Tragedy of the Commons in action, and it is not as uncommon as one might think.

    In essence, IM services are "walled E-Mail gardens". I know people who aren't totally tech savvy who use services like AIM and don't use E-mail. Granted, these tend to be "gramma" types who use messaging services to chat with the kids and grandkids, but the principle remains.

    And for those who say it dosen't work: AIM + whitelisting works wonders.

    It may sound a bit odd to a few of us "geeks", but some people only want to hear from people they know (i.e. have been formally introduced to). Spam is only encouraging a behaviour that people already practice on the phone (with Caller ID and/or answering machines) and their front door (with the little peep-hole).. if I don't know you, I ain't gonna talk to you.

    Thanks, marketing departments of the world, for helping to create a more insular society.
  • by Mignon (34109) <satan@programmer.net> on Friday September 10, 2004 @01:13PM (#10214077)
    A while back I switched email addresses.

    The only spam I have received has been of the Outlook virus variety, where someone with my address in their address book sends spam pretending to be someone else in their address book. I didn't open the attachments, and don't use Windows anyway, so it wouldn't have mattered. I've received maybe half a dozen such emails in a couple of years. That's it.

    Here are the reasons I think I've managed to avoid spam:

    • My new address is on a domain that I own, and the domain name is not a dictionary word, proper name, etc. So I think it's kept my domain "under the radar" of spammers.
    • My old address is the administrative contact for my domain.
    • My new address doesn't appear on my web site.
    • My new address doesn't appear on Usenet.
    • My new address doesn't go to any commercial interests.
    I'm aware of several weaknesses of this approach - it's "security" through obscurity, people can't click a mailto: link on my site, and I have to maintain an account that receives spam, but the tradeoff is worth it to me. It's a little like wearing galoshes (rubbers, to those UK-ers) over nice shoes - a little more trouble, but it keeps my nice shoes clean, so I'm happy with the trade-off.

    For example, when I place an order on a web site and it sends a confirmation, I know I can quickly find it among the spam and chuck the rest. I use a web-based email to scan those, so I never open the junk.

    If anyone has any suggested improvements, I'm all ears.

I have ways of making money that you know nothing of. -- John D. Rockefeller

Working...