Why Public Email Needs a Police Force 133
jfruhlinger writes "Those of us who had email addresses in the early days of the Internet age remember sending notes to webmaster email addresses to report malicious email behavior — and actually getting a response back. But today, a huge majority of mail comes from public services like Gmail or Yahoo mail, and getting anyone at those companies to take responsibility for abusive users is nearly impossible. 'If they could agree on a third-party service that could be the receptacle on a 24/7 basis for rapid account suspension, the 419 Fraud problem might dwindle down to a trickle quickly. It would take trust among the email providers to do this, but it would also alleviate big problems that law enforcement officials are usually unable to handle. Call them the email cops.'"
Please complete the form (Score:5, Interesting)
craphound.com [craphound.com]
Account suspension (Score:4, Interesting)
"Rapid account suspension" as opposed to more deliberative approaches to account suspension? What could possibly go wrong?
gmail and yahoo have procedures for reporting spam (Score:5, Interesting)
Gmail and yahoo both sign all outgoing messages cryptographically using dkim. That means that if you get a spam claiming to be from one of their accounts, you can verify that it really is from such an account. Once you've done that, you can report it: gmail [google.com], yahoo [yahoo.com]. So if the author of TFA is complaining that this can't be accomplished by sending email to abuse@gmail.com or postmaster@gmail.com, then I suppose he has a valid complaint that they're not complying with RFCs...but...that's the way it is. It's not the end of the world. Gotta use a web interface instead. Boo hoo.
The author of TFA is upset that he can't get spamming accounts shut down instantly, 24/7. I actually don't really want an internet where any random person can get my ability to send email shut down instantly. What if it's a joe-job? What if the complaint is from one of these people who just clicks on "spam" when they don't want the mail, even when it's not spam? A much better way to handle this is to limit the number of messages per hour that can be sent from a newly created account. Then if it takes a day, or three days, to shut down a spam account, the consequences aren't that bad; the spammer can't use the account to send a million emails in 24 hours. I assume that gmail and yahoo already do this kind of rate-limiting.
What would be a huge improvement would be if the remaining big email providers other than gmail and yahoo would start using dkim. Once dkim becomes universal, we can establish actual reputations for people as spammers or non-spammers.
Virtually all the spam I get these days is from small domains. Recent examples include education-portal.com, spacesaver.com, and mg-style.net. The solution proposed by the author of TFA is to bug education-portal.com to respond to email sent to abuse@education-portal.com by deactivating jones@education-portal.com. Um, that isn't going to work, because jones works for education-portal.com, and they want him to spam me. The solution is to make dkim universal enough that people can stop accepting mail from domains that don't dkim-sign. Then education-portal.com can get an online reputation as a spammer, and everyone can start blocking them in their spam filters.