Building A Better Inbox (Updated) 372
vudujava writes "c|net is reporting that a new free (Update: not free, actually, read more for details.), web based email service is opening it's doors today. They promise to deliver "100% spam free" email to their users by using a challenge-response system to all incoming, first-time mail. Catch the entire story here. Although the idea isn't new, it shows that we are notching up the "war on spam"."
Alert reader George Hotelling points out this post on Politech which may give you pause when it comes to the new mail service's Terms of Service.
And kraksmoka writes "As reported on this article on MSNBC : 'Hotmail subscribers are now limited to sending only 100 messages a day "in an effort to prevent spammers from using Hotmail to spread spam," said Lisa Gurry, MSN lead product manager.'"
dlanod writes "In your snippet on the main page you report mailblocks.com as "a new free, web based email service". Looking at Mailblocks' site, it actually costs $9.95/year for the standard service, or $24.95/year for the expanded service with no free option listed (https://app1.mailblocks.com/register.htm)."
Definitely not new (Score:5, Informative)
BTW, mailblocks.com isn't free; it's $10/yr. However, that's still only half what fastmail.fm charges annually for their spam filtering service (with SpamAssasin).
Question. (Score:2, Interesting)
What's to stop there being a cascading ping-pong of confirmation messages? (Or are you supposed to automatically whitelist everyone you send email to?)
Re:Question. (Score:5, Insightful)
What I'm wondering about is how you would buy something online where you can't really predict the address that shipping-confirmations will come from. In that case one wouldn't know what to add to the whitelist, and the odds of a human being on the other end are small...so your TMDA message would probably go ignored.
Is there a good FAQ somewhere that addresses questions like these?
SpamGourmet (Score:5, Informative)
,br> for example, if you wanted to get a confirmation from newegg.com, but didn't trust their mailing list... you could simple fill in newegg.3.joecool@spamgourmet.com. this would give them a max of 3 emails, 1 for billing, 1 for shipping, and 1 for whatever is bound to go wrong.
Try it out today at spamourmet.com [spamgourmet.com]
Re:Question. (Score:3, Informative)
Example from http://tmda.net/config-client.html [tmda.net]
jason-dated-989108708.a17f80@mastaler.com
This particular address expires on Sun, May 6 00:25:08 2001 UTC, which is exactly 5 days after it was generated. TMDA time intervals can be set in years, months, weeks, days, hours, minutes, and seconds. Once a dated address expires, messages sent there must go through the confi
Re:Definitely not new (Score:2)
So I give out the address "amazon@username.fastmail.fm" to amazon (just to randomly pick on someone). If I get spam at that address, I add a rule to automatically delete all email coming into that email address. Plus, I can go to amazon and tell them that I KNOW they sold me out, as I only gave out that address once. That is very worthwhile to me.
If $20/year for a quailty
I'm aware of what fastmail offers (Score:2)
Re:Definitely not new (Score:2)
Re:Definitely not new (Score:2)
that's kind of the whole idea, after all.
Re:Definitely not new (Score:2)
UN resolution #4882372 (Score:4, Funny)
Not Free! (Score:5, Informative)
Re:Not Free! (Score:2)
i figure, if i spend 10 minutes on the phone yelling trying to get them to deliver on their garentee and give me a refund, it'll even out to the time i spend deleting messages each year.
You don't understand (Score:4, Informative)
Let me try to explain it to you. Sometimes you need or want to get an e-mail from someone who you haven't got an e-mail from before. You might need to get a tech support response. You might need to get an order confirmation for something you bought on-line. You might subscribe to a news letter or other information that you want but don't know the exact e-mail address it will be sent from (and that might even change some day). You might receive e-mail from an old friend or classmate who is trying to track you down, and perhaps they even got your address from a common friend. You might want to use your address publicly for a legitimate reason, like in a newsgroup to request information. You simply might think that you should have the right to make yourself findable for legitimate contact without opening yourself to hundreds of vulgar and dishonest spam messages every day.
Or, you might really dislike spam, and not want to hand over your address book with your friend's valid e-mail addresses in it to a known spammer - Microsoft. [slashdot.org]
Call It A Night, Cowboy! (Score:5, Funny)
Seriously, who spams from Hotmail anyway? Don't all the real spammers use custom software with a built-in smtp server? I've gotten enough spams advertising it, after all.
Re:Call It A Night, Cowboy! (Score:3, Interesting)
However, I myself don't get many *hotmail* spams, and many which I do are forged headers and not real hotmail addresses.
Limiting regular customers to emails-per-day actually sounds like a really good idea to me, so long customers sending mass mail (usergroups, proper mailing lists, etc) were able to sign up for a "special account" allowing them to continue. I don't k
Re:Call It A Night, Cowboy! (Score:2)
That just proves that spam does not work! Not even the spammers are using the software sold using spam.
Re:Call It A Night, Cowboy! (Score:3, Insightful)
yahoo.com (3)
hotmail.com (2)
earthlink.net (1)
popstar.com (1)
hot-shot.com (1)
ayna.com (1)
voile.net (1)
bigfoot.com (1)
mindless.com (1)
amexmail.com (1)
forum.dk (1)
servadmin.com (1)
Some of those are faked, of course, but it would seem that a lot of it comes from free providers.
(And thanks to SpamAssassin, none of that made it to my inbox)
Re:Call It A Night, Cowboy! (Score:2)
Post the owners of the IP that these were received from and how many of *those* were from (intentionally) free providers?
Yahoo (Score:5, Informative)
It's so good I paid for a year of mail plus. I didn't even do that for
Re:Yahoo (Score:4, Informative)
For conventional text spam, the filters are decent and route most to the bulk mail folder.
Re:Yahoo (Score:2, Interesting)
Re:Yahoo (Score:3, Informative)
Re:Yahoo (Score:3, Interesting)
Re:Yahoo (Score:3, Interesting)
Also, I don't really think that sending a mail for 'review' gets a pair of human eyes, but more is more likely combined with other submissions and used to adjust filtering techniques and training...
Stupid (Score:5, Interesting)
Um, so let me get this straight. They challenge all incoming mail except for the spam they've been paid to let through? And this is an "inseparable" part of the service?
Next, please...
Re:Stupid (Score:2)
Re:Stupid (Score:2)
Re:Stupid (Score:2)
Yeah, this system was invented by SolidBlue (Score:5, Informative)
We invented this system for authenticating email, and we've had a product on the market for 2 years now making use of it.
We have the most affordable service available still. It's one thing for competitors to realize our idea is the solution - it's another thing for the media to ignore the origins of the system completely.
you invented this? not. (Score:5, Insightful)
as I posted earlier, mapson predates any commercial implementation I have seen. I downloaded version 1.0 to doublecheck -- unless yours was written before 1997, or you employ Peter Simons, I'm afraid your claim to being the first doesn't hold water.
mailblock at least doesn't claim originality, just that they do it better. which may be true; they have a pretty slick "mail siphon" feature going.
Re:you invented this? not. (Score:4, Interesting)
To offer the system for email requires a more advanced server-client architecture, overcoming challenges such as "what if both systems require authentication" to ensure that Spam still can not get through a 'hole' for this scenario, and finally: The actual challenge-response is being done wrong by almost all of our competitors. A simple dictionary attack could authenticate a spammer for their entire user list.
We're the longest running email-authentication project (obviously, since we did invent it) and we have a very large list of improvements planned for the system. I suspect these other companies, which publicly lie about trade mark, patent and copyrights to the system (that have never been registered) will take our new ideas and claim to own them as well.
Only time will tell.
do you have a reading comprehension problem? (Score:5, Informative)
way to refute me, champ.
Re:do you have a reading comprehension problem? (Score:2)
"Every time you receive an e-mail, mapSoN will look-up the sender's e-mail address in a small database file and check whether that address is in there. If it is, the mail is delivered to your mailbox, but if it is not, the e-mail will be stored in a spool directory in your home, using a cryptographic cookie as the filename. Then mapSoN will send a so called request for confirmation to the sender's address, asking him to please confirm his addresses validity by replying and sending
Re:do you have a reading comprehension problem? (Score:3, Interesting)
Also, as one of our users posted - there are 3 fairly good reasons why these systems are entirely different.
server-client architecture
graphical-text challenge / response vs. file attachment (latter being easy to circumvent)
accuracy rate. 100% vs. 95%
Plus:
Handling of lists through GUI
Windows Architecture
blah blah blah.
All points our original patent lawyer found relevant enought to ta
Re:do you have a reading comprehension problem? (Score:3, Funny)
Windows Architecture
Re:Yeah, this system was invented by SolidBlue (Score:5, Interesting)
Our web site talks about the advantages of our product. My point isn't why our software and service is better, CNET hasn't even begun to offer their service - so an argument over why ours is better wouldn't really make sense.
My problem is media coverage of the big name software companies. Maybe you haven't tried to make a software project fly on your own with a tiny budget, an incredible idea and rock solid code.
Let me tell you, it's hard.
Re:Yeah, this system was invented by SolidBlue (Score:2)
I do agree with the whining part
Internet Explorer Centric (Score:4, Informative)
"Mailblocks may work with other browsers, but it is only tested using Internet Explorer"
Anyone tested using other browsers? This sort of thing was never anticipated when people were excited about the Internet...
err?? (Score:2)
Re:err?? (Score:2)
Re:Internet Explorer Centric (Score:2)
Re:Internet Explorer Centric (Score:3, Insightful)
I'm not asking web developers to develop for Mozilla, or Opera or Internet Explorer... I'm asking them to develop based on standards! 95% of the web works on 'other browsers', why can't the other 5% ?
Re:Internet Explorer Centric (Score:2)
Re:Internet Explorer Centric (Score:3, Funny)
These services won't work for many of us. (Score:5, Informative)
Someone would do well to offer this service with your own domain (if you change your MX record), IMAP and reasonable charge for each 50mb increment of disk space. This is yet another web mail service, only this one is hosted off of a MSFT server and it implements intrusive spam blocking. SPAM Assasin works very nicely, I've found.
*yawn*
Re:These services won't work for many of us. (Score:2)
Now this is what I prefer to see... (Score:5, Insightful)
This setup may not be perfect, but to me it's a step in the right direction. Working towards a system that doesn't allow spammers to exist is wholly more admirable.
--
Curiously, why were open relays ever in existence? And once spam started, why were open relays kept around? Is there a use for them? Why not have all mail servers require authentication for outgoing mail, much like POP retrieval. That would have to stop a great deal of spam
Re:Now this is what I prefer to see... (Score:3, Informative)
Re:Now this is what I prefer to see... (Score:3, Interesting)
The spammers will just build an automated response system. Plus, this thing could no be used as a source for a DOS attack, since its happily generating emails. And god help us if they ever decide they need to sell their "contact list to be profitable, since to work it must have a list of every person who might email you. And hopefully they've
Re:Now this is what I prefer to see... (Score:3, Interesting)
Good. I'd love it if they did. That way, we'd have a "good" return address with which we could track them down. Right now, I'll bet a very large percentage (approaching 100%) of U[B|C]E has a fake return/from address.
This seems... (Score:5, Insightful)
What about the mass emails I like to receive, such as newsletters?
not really (Score:2)
Only 100, eh? (Score:4, Insightful)
Besides, I've never actually had spam *from* Hotmail - it's usually going *to* my Hotmail account or spam coming with forget Hotmail headers.
I seriously doubt this is going to do very much to curb spam.
Never had spam from Hotmail? (Score:2)
Then, it goes on to shout out the virtues of MSN 8, MSN Messenger, MSN Wallet, MSN XBill, MSN We Hate Torvolds, et al.
For grits and shiggles, I reported it as spam. Forwarded it to abuse@hotmail.com and whatnot. I got a message back informing me that the email -- containing advertisments I didn't want -- was not spa
Um...no (Score:3, Informative)
Company neither endorses nor is responsible for Third Party Content, and you may be exposed to Third Party Content that is offensive, inaccurate, misleading, deceptive, out-of-date, or incomplete. You must evaluate, and bear all risks associated with, the Third Party Content, and your use of and reliance on any such content. We are not responsible for any errors or omissions in Third Party Content, for hyperlinks embedded in Third Party Content or for any results obtained from the use of such content. Under no circumstances will we be liable for any loss or damage caused by your reliance on any such Third Party Content. Your correspondence or business dealings with, or participation in promotions sponsored by, any such third party advertisers, or any other third party providers of goods or services accessed through the Services, and any terms, conditions, warranties or representations associated with such dealings, are solely between you and such third party advertiser or provider.
We may establish limits and restrictions on the Services, including without limitation, the maximum disk space that will be allotted on your behalf, the maximum number of days that messages will be retained, the maximum number of messages that may be sent or received, the maximum size of a message that may be sent or received, and the maximum duration for which you may access the Services in a given period of time. You acknowledge that Company reserves the right to terminate accounts that are inactive for an extended period of time. You further acknowledge that Company reserves the right to change these limits and restrictions at any time, in its sole discretion, with or without notice.
COMPANY MAKES NO WARRANTIES CONCERNING, AND ASSUMES NO RESPONSIBILITY FOR, THE TIMELINESS OF DELIVERY, MISDELIVERY, DELETION, CORRUPTION, OR FAILURE TO DELIVER OR STORE ANY EMAIL MESSAGE(S) THAT YOU MAY SEND OR RECEIVE USING THE SERVICES, OR FOR ANY LOSSES THAT YOU MAY INCUR THEREBY.
I know their plan! (Score:5, Funny)
Yeah, that's a great way to prevent spam!
Exclusive Spam Provider ? (Score:5, Informative)
Wow, definitely read the TOS info [mailblocks.com]...
It reads more like they wish to charge you $10 to become your primary spam provider, oh and they will also be sharing your personal info with 'their' spammers (3rd parties), which you can't opt-out of.
Pay to go from bad to worse ? I think not !
Not free according to NYTimes... (Score:4, Informative)
Further, it says that the 7 digit passwd will be sent in a "digital image"; kind of a hassle for those of us with text-only email. (long live pine)
Re:Not free according to NYTimes... (Score:2)
And the use of a "digital image" discriminates against the blind.
Re:Not free according to NYTimes... (Score:2)
Not being of the programming type, but to me, it would seem trivial to send an "ascii" graphic depicting a 7 digit passcode. So long as the mail client doesnt mangle it too bad...
SpamCop used to work that way (Score:5, Interesting)
Challenge/response systems have the problem that if two parties both use a challenge/response system, they may not be able to communicate with each other at all. The challenge message may not get through. Worst case, they create a mail loop.
avoiding the loop (Score:3, Interesting)
The solution would be to adhere to the following protocol:
Not exactly free... (Score:3, Informative)
Service Pricing
I want the following Mailblocks service:
Standard Service -- $9.95/year
* Standard Service includes 12 megabytes of storage.
* Promotional launch offer: Buy one year of service for $9.95, receive an extra two years of service for free. That's just
Expanded Service -- $24.95/year
* Expanded Service includes 50 megabytes of storage.
* Promotion not offered for the expanded service.
* Can I upgrade later? Sure.*
Re:Not exactly free... (Score:2)
* Customer will be rid of their spam, not ours.
Myrealbox is the best (Score:2, Interesting)
Re:Myrealbox is the best (Score:2)
I have used many of the free email accounts, and you get what you pay for. Yahoo pulled the plug on a few important features, and it was actually cheaper to go with Fastmail and the extra features than the get an
"Patented" challenge-response? (Score:4, Insightful)
WAR (Score:2, Interesting)
WAR on drugs
WAR on Iraq
WAR on
WAR on SPAM
How American.
Mark Fiore on this (Score:2)
MS has ruined the guy (Score:3, Interesting)
Memo to VCs: don't fund ex-M$ people. They seem to believe that they can jam any TOS down people's throats.
Not only web based. (Score:2)
Disposable Email Addresses -- Effective? (Score:4, Interesting)
Re:Disposable Email Addresses -- Effective? (Score:2)
Re:Disposable Email Addresses -- Effective? (Score:2, Informative)
Re:Disposable Email Addresses -- Effective? (Score:4, Informative)
Allows you to 'create' an e-mail address, consisting of x.y.username@spamgourmet.com where x=a unique identifier for the e-mail address you're creating, y is the number of times e-mail may be sent to the address before it gets forwarded into
a little complicated - but go and sign up, it's free, it works...
secure? (Score:5, Informative)
Re:secure? (Score:3, Informative)
Also, I sniffed the login traffic doing the same sign-in process you did, and the form was submitted with HTTPS. I don't know why you couldn't detect this.
ToS translation (Score:3, Funny)
Hmmm. No thanks.
if looking for a killer online mail service (Score:2, Interesting)
http://www.oddpost.com
it truly is the best web based email
i've every used. if you like outlook,
evolution, eduora, >... you'll feel
right at home in oddpost.
pretty cheap too... only $30 a year
and the 1st month is free. and the
spam filtering is coming along nicely
to boot.
It'll block too much (Score:5, Interesting)
This will block a lot of legitimate mail. You won't be able to subscribe to mailing lists. You can't recieve those "account authorization/activation emails" that lots of sites use. E-cards won't work. You won't be able to to get daily comics. Bascailly, any system where the mail is sent by an automated system won't work. There are probably others I can't think of.
Re:It'll block too much (Score:2)
Mail from anyone who does not read their email with a Web browser, and mail from blind people.
Challenge-Response Has Issues (Score:5, Interesting)
1. It imposes hurles on first-time contacts. Posted your resume and got a response? HR person doesn't have time to answer questions like "what color is the sky" or whatever they use to verify you're human.
2. Spammers can use it! If they get a challenge they know the e-mail is valid. Then, they can forge senders. If they forge the right sender the spam gets through. If they forge the wrong sender a challenge goes out to the 3rd party. The challenge has to carry a subject doesn't it? Voila! The spammer has hijacked your box and used it to send quickie text messages to 3rd parties. OK, well, maybe you change the subject so that it simply gives the time of the message or something... but then the sender is less likely to recall if he actually sent the message.
Even if it works, C-R floods the network with with little micro-spams. I for one do not look forward to having my inbox flooded with messages with subjects like "SpamMaster response requested for message you sent 3/24/03" because I never sent the message and some lousy spammer just forged my address in the Sender.
Maybe they've come up with some ingenious way to fix these problems, but I doubt it.
Re:Challenge-Response Has Issues (Score:3, Informative)
Server-Client based systems ensure spammers don't know which email address is valid. The subject line is included in the email, but with minor changes so an automated strstr isn't going to find it.
Spammers do not forge legitimate email addres
hardly unique (Score:2)
Comment removed (Score:5, Insightful)
and I have some nice swamp land.... (Score:5, Informative)
Sure, something has to be done about the problem, but paying for a bad system that will just sell your name to other spammers and will block legitimate e-mail isn't much of a solution and should not be accepted in a desperate I'll try anything approach. I would propose that a simple open season on spammers, with perhaps a six spammer limit so every hunter gets a chance, and even a small license fee to help pay down the national debt, would be a much better approach.
Mailing lists (Score:4, Interesting)
"foo@bar.com is subscribed to our service. Please click on very long URL to let them recieve your messages"
Now this means that everyone who posts to that list has to do this for one particular user. Why should they? I'm sure that user has something to say at some point but I don't want/need to do it everytime I post to a list and someone new has joined who uses a similar service.
Why don't they whitelist the address of the mailing list? That would seem obvious to me. Even mailing lists that allow anyone to post normally have very high signal to noise ratios with the occasional spam.
Just my pet peev
Rus
SA still works (Score:5, Informative)
If you want to try it out, you will (most likely) need your own machine handling mail (if you're a broadband or DSL user, this is easy enough, I'll assume you've made that step...)
Now, make sure Perl is installed.
Now, as root, type "perl -MCPAN -e shell" and follow the instructions to set up Perl's configuration system.
In that shell, type "install Mail::SpamAssassin".
Exit that shell and type "/etc/init.d/spamassassin start"
You will want to do what your OS prefers for making sure this starts at boot time, under Red Hat Linux, that's "/sbin/chkconfig --levels 35 spamassassin on"
Exit your root shell, and do the rest as your user account.
Assuming you use sendmail with procmail (see the SpamAssassin site for other MTA configuration steps), put: into your
SpamAssassin is now doing its job. It just marks messages that it thinks are spam. See the example procmailrc [spamassassin.org] on spamassassin.org for more information on how you can move the mail to another folder, delete it, or even more complex things. Also, there's a procmail bug that the example config can help you work around.
If you're doing this on a busy site, I recommend adding "-m 20" or so to your spamd command-line to throttle periods of intense mail delivery.
You can also configure SpamAssassin to do lots of useful stuff just the way you like it. There's a FAQ on your site that will walk you through it, but after the first time spamd handles mail for you, it will create a ".spamassassin/user_prefs" file that has good comments in it that guide you through common configuration needs (like whitelisting users).
Re:SA still works (Score:5, Funny)
Is that all!?
I'll forward this to my grandma toute-suite.
Hotmail Addresses (Score:2)
More often than not I actually see Hotmail accounts as drop boxes. i.e. places bounces go or you reply to. Prehaps it might be better for Hotmail to restrict the incoming number of emails to an account to 100 a day.
Now that would hurt spammers more.
rus
How naive can you get? (Score:2)
They don't need to use hotmail itself (in fact, I've never seen a spammer that has). They just need to spoof Hotmail addresses, which is quite easy. Chalk that up as yet another episode of M$ letting itself sound stupid...
Cringely has an interesting proposal (Score:2, Interesting)
Basically, it's challenge/response, with the response being via telephone
I replied to him with the following:
this service will give you MORE spam (Score:2, Informative)
"Mailblocks furnishes our members, and permits third parties to furnish our
members, through the Services and otherwise, with information, promotional
materials and solicitations, from time to time. You may not "opt out" of
the receipt of such promotional materials from Mailblocks and/or its
affiliates, advertisers or other business partners if you wish to use the
Services. The receipt of such promotional materials is an inseparable part
of
I have the solution to spam! (Score:5, Funny)
I haven't tested it extensively, but the algorithm seems solid.
Old news (Score:3, Informative)
This won't make much difference (Score:5, Insightful)
If they want to do something to cut down on spam, why not just limit the number of messages that a server can send to hotmail addresses? Meaning, if I want to send out spam and my list includes 100,000 hotmail adresses, hotmail's servers will reject every message I send to a them after the 100th. That just wiped out 99.9% of spam that hotmail users would receive.
Yes, it would take some work and the processing cost per message would be higher, but if it works, and cuts down on traffic by a higher percentage than the increased cost associated with the system, it would still be an amazing improvement.
I've always wondered why MS couldn't look at all incoming messages and spot spam based on vast numbers of similar messages.
New tactics in the War on Spam (Score:3, Funny)
You have 48 hours to cease sending spam and give up. If you fail to stop sending spam after this timeframe, we will remove you from the Internet forcibly and swiftly. We will track you down and destroy your lists. Insecure servers will no longer be regarded as innocent relays, they will be dealt with swiftly and justly as well.
You have 48 hours to comply with this ultimatum. Act responsibly with email and you will reap the benefits. Use spambot and harvesters and our forces will react with force.
-Coalition of Canned Meat
Re:Not *all* spam is bad (Score:2)
Spam is bad, targetted or not. If I didn't ask for it I don't want it. So, yes, basically, it's all bad.
Re:Not *all* spam is bad (Score:3, Funny)
if a customer opts in
however, if you just happen to 'get' their e-mail for example