Beat Spam By Not Using Email 314
judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"
Slashdotted (Score:5, Interesting)
What a stupid idea (Score:5, Interesting)
Re:New concept same stuff... (Score:5, Interesting)
Re:New concept same stuff... (Score:4, Interesting)
Slashdot suggesting "closed" rather than "open"?!? (Score:3, Interesting)
Of course, a closed invitation-only community will stay mostly spam-free because anybody who does spam will get booted rather quickly, and the community will move on without them.
We've already seen blog spam when no registration is required to post a comment... but blogs that require commenters register are mostly spam-free because no spam bot is good enough to remember to register at a zillion sites.
In short, there are times where "closed" systems are better than "open" ones. And isn't it interesting that they tend to come to
How is this a solution? (Score:5, Interesting)
Yes, a closed system that has user authentication built-in from the start has been proposed many, many times. The problem is getting the rest of the world to adopt such a system.
Just like the idea of charging a fractional penny to send an email and collecting a fractional penny when you receive one, so that email costs and revenues are balanced for the average person, but costs are astronomical for the spammer. Interesting idea, now how do you convert the planet over?
The solution to spam seems easy enough; it's the implementation that's the problem.
Re:eMail replacement. (Score:2, Interesting)
Hooray for Jabber!
PGP (Score:3, Interesting)
cr (Score:2, Interesting)
I've been spam free for three years... (Score:2, Interesting)
I opened an account with usa.net. I ONLY use it for friends and family I trust.
Via my ISP I create other accounts, e.g., one for Newegg, one for Amazon, etc. If I ever buy from someone and that account starts getting spam, I can cancel it immediately. It has only happened once.
I also give out a secondary email account to friends and family to test them. If they don't sign me up for crap and don't forward me crappy jokes, I then give them my real account.
Like my subject says, I've never received any spam in my usa.net account. The only spam I've got in the last three years was in an account I opened to use the pcmag.com forums. Needless to say that one was immediately cancelled and I use a fake address there now.
Different requrements, different solution (Score:3, Interesting)
Nothing really met the second (intentionally lossy (some would say broken)) requirements for corporations who wanted to make sure that many mails did not get delivered.
I welcome the day that all the guys with different requirements from sendmail simply move on to some other messaging system rather than try to screw with something that's worked well for decades (SPF, etc).
Re:eMail replacement. (Score:5, Interesting)
Actually, you can have a decentralised free messaging system that's immune to the types of abuses we see today (spam). We already have the smtp email foundation to build it on top of, and it's pretty damn simple to do. If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust". If you make spam completely accountable to a real-world entity via cryptography, it largely solves the problem, because the problem is so easy to solve at that point.
There's already some competing standards for this stuff, and Enigmail (in moz and thunderbird) supports at least two of them. I'm pretty sure you can get an email cert from one of a few authorities pretty cheaply.
So, it really comes down to convincing the users, which is largely the job of email client vendors. When you first set up your account in Outlook, Thunderbird, or whatever, there should be a dialog box to the effect of:
Please click "Use Existing" to use an existing email certificate for this account, or click "Create" to create a new certificate....
With pointers to signing authorities and an explanation that the user would be doing their part to prevent spam if they would just take this simple measure.
Eventually everyone notices that all their legit email is signed, and starts turning on that "kill all unsigned mail" option in their mail client, and poof goes the spam problem.
Re:New concept same stuff... (Score:2, Interesting)
Jabber, tunnel SSH and Putty (Score:2, Interesting)
For those out there using Windows, simply tunnel into the server using Putty.
It's for file swapping... (Score:4, Interesting)
"secure messaging system which was instantaneous and able to transfer large files rapidly...a safe and secure platform which can not be penetrated by unwanted visitors or observers...exceptionally fast medium for accessing and exchanging large files such as music, images and film, with huge capacity. For starters, each dmail address will have one gigabyte of space... argeted at several niche sectors where its properties are particularly relevant. These include education, friends/family, teenage and corporate markets"
The *IAAs are going to love this if it takes off. But it has the same vulnerability as any "closed" system, it's brilliant at the beginning but if it grows beyond a certain number you get trolls and spammers.
Re:New concept same stuff... (Score:2, Interesting)
No spam in SlashDot discussion forums? (Score:3, Interesting)
Granted, we have trolls, offtopics, and flamebaits, but I have never seen anything close to what typical spam looks like when moderating and reading "flat" at level 0.
D15cr337 V14gr4 4 U! [cowboyneal.org]
Dmail isn't doing anything new. If SlashDot were a Usenet group, it'd be spammed just like the rest of the groups. If everyone had a different method of contacting them, it'd be too hard a problem for spammers to reach everyone.
Re:New concept same stuff... (Score:5, Interesting)
a better solution (Score:2, Interesting)
It's important to use the email filter rules much in the same way you'd use a firewall rulebase... as a sequential set of rules that increase or decrease in specificity depending on how you want to prioritize mail.
Some addresses need to receive from everybody. i.e. If you have an info@blah.org, you are expecting mail from unexpected sources. Then some addresses are personal. But here's where it gets interesting.
Years ago in high school, I had a civics teacher who looked like Mr. Burns from The Simpsons. Every year he begins the first day of class with these words:
MAN IS GREGARIOUS BY NATURE.
Indeed... We are social creatures. We also like feeling important. That is part of the reason I'm wasting my time on message boards pontificating on subjects that the people who already understand don't need to know, and the people who don't probably won't care for my opinion! But it makes me feel important that I have something to say.
So too is the nature of this thing called e-mail. Most people do not want to implement the easiest form of security (implicit deny-all w/a whitelist) because, hey, who knows... you might receive an important message from someone you don't know.
For example:
YOU MAY ALREADY HAVE WON TEN MILLION DOLLARS!
So there you are. The problem is, people aren't easily convinced that there are no truly important messages except those from people they alerady do know, who have business or personal interests with them that they already are aware of. Why? Well, probably because that would require admitting to ourselves that we're less famous or less important in the grander scheme of society than we fancy ourselves to be.
WHAT? WHAT? WHAT? OKAY!
Spammers and most mail servers are like audio equipment salesmen, they don't know when to shut up. That being said, I found that a challenge-response rule works well, but doesn't solve the bigger problem.
Sure, a challenge-response rule, if properly implemented, will drop inbound mail that doesn't pass the test... but there's just one problem.... two actually...
1. When a spammer gets an autoack challenge from a mail server they are attempting to send to (because C-R is not readily implemented at the application layer), now they know there's a box there. Their bulk mailer scripts don't care that there may not be a real person there... they'll waste your bandwidth all the same.
2. When an autoack challenge goes out to, say, a generic address that sends you maybe a confirmation of a credit card payment, that system sends an autoack back to you. Unless you are actively policing your rules every day, you're multiplying the amount of bandwidth being wasted by causing an autoack loop that doesn't stop until someone kills their autoacks or changes their ruleset. Waste of time, and resources.
So, until password authentication, or even DNS authentication (verifying that the rDNS for the sender's IP matches the senders e-mail address to confirm it wasn't spoofed) becomes an integral part of the application, challenge-response won't work very smoothly for most endusers who lack the scripting skills to build their own mail server running a C-R script far smarter than any deliberately vulnerable Microsoft application will ever be designed to offer--for obvious commercial reasons.
As this site [worldofends.com] can attest, making such specific functionalities part of the internet protocol itself is not a good idea. Challenge-response should exist at the application layer.
HEY, I THINK I GOT IT! A good security policy is to implement several layers of security. 1. The first layer of ru
Orkut + Gmail = ... (Score:2, Interesting)
How I (Almost) Eliminated Spam (Score:3, Interesting)
The only spam I have received has been of the Outlook virus variety, where someone with my address in their address book sends spam pretending to be someone else in their address book. I didn't open the attachments, and don't use Windows anyway, so it wouldn't have mattered. I've received maybe half a dozen such emails in a couple of years. That's it.
Here are the reasons I think I've managed to avoid spam:
For example, when I place an order on a web site and it sends a confirmation, I know I can quickly find it among the spam and chuck the rest. I use a web-based email to scan those, so I never open the junk.
If anyone has any suggested improvements, I'm all ears.
Re:A simple solution (Score:2, Interesting)
The problem is...what if you check your work e-mail from home and try to send out from it. It gets rejected. So suddenly you have to have another SMTP server to go through.
By the way, the reason Rogers put that in place was the fact that their SMTP server was being used for spamming. The problem was it wasn't the internal users spamming. Their mail server was sitting ass-open on the internet. Everyone was sending through it. After enough people complained they finally openned it up internally again. (they had a bunch of monkeys running their network).