Beat Spam By Not Using Email 314
judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"
New concept same stuff... (Score:4, Insightful)
D-Mail, G-Mail, PurplePokaDotMail are just more examples of someone trying to create, patent, exploit, etcetera when there are far more ethical and lucrative methods of making money. Of course this relies on people getting thier heads out of thier proverbial asses, but what can you do?
Re:New concept same stuff... (Score:5, Interesting)
Re:New concept same stuff... (Score:4, Insightful)
Re:New concept same stuff... (Score:5, Interesting)
Different requrements, different solution (Score:3, Interesting)
Re:New concept same stuff... (Score:2, Interesting)
Re:New concept same stuff... (Score:3, Insightful)
This scheme is "disgusting" because it capitalizes on the fact that their customers don't know enough about their existing mail software to configure it do to the exact same thing. The only difference between "dmail" and minor Exchange Server deployment change is that the "dmail" scheme is proprietary and comes with vendor lock-in.
Frankly, I think any IT manager that doesn't know enough to have an SMTP system configured to be "private" doesn't know enough to evaluate commercial mail solutions. But I cou
Re:New concept same stuff... (Score:2)
And using an Exchange Server is different how... ?
You can do this with hotmail. (Score:2)
I'm guilty of that
Re:New concept same stuff... (Score:4, Interesting)
Re:New concept same stuff... (Score:2, Informative)
When I was in the navy, as a Radioman, we had a PLAD, or Plain Language Addressing System and it was/is a list of valid ship, shore, base, activity, and approved contractors. There were/are many other lists and layers of communications, but what I liked about it, and don't see a pervasive civilian parallel on a global scale, is that if you weren't on the list, you didn't get sent any messages, nor could you participate with the traffic flow
And avoid viruses (Score:5, Funny)
Now where did I put that abacus?
Re:And avoid viruses (Score:5, Funny)
Re:And avoid viruses (Score:5, Funny)
I'm sorry, I coughed on it, better make sure to scan it for infection first.
Re:And avoid viruses (Score:2)
But then you gotta watch out for those pesky termites...
Re:And avoid viruses (Score:2, Funny)
Re:And avoid viruses (Score:2)
Avoiding computers doesn't prevent you from catching some rather nasty (bio-) viruses. *sneeze*, *cough*, ...
and everything else.. (Score:2)
Ah hell - Avoid everything... shoot yourself!
Beat seasonal allergies too! (Score:4, Funny)
John.
PS And there's an added benefit: I can't see the hideous
Dmail already taken... try again (Score:3, Informative)
It was of course, dmail's web front end and then there was of course dmail's own mailer.
I wasn't much of a fan of either application.
In any event, the point is, someone already has that name. It is entirely possible the company is now defunct or sold and then molested into oblivion.
I wonder if it is the same company?
So many questions and so little names...
Re:Dmail already taken... try again (Score:3, Funny)
Of course, Gmail has them all beat.
Waiting for dmail rev 2... (Score:5, Funny)
Damien
Slashdotted (Score:5, Interesting)
eMail replacement. (Score:3, Insightful)
Drop email. Drop SMTP. Change the ports it uses. Change the entire system, and scrap what's gone before and start again. Make it PURPOSELY incompatible.
Unless of course you want to keep getting spam. If so, keep using email as it is.
Re:eMail replacement. (Score:5, Insightful)
IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.
This comes up every time someone mentions spam. You simply cannot have a decentralised, free, messaging system without a small minority of people abusing it.
Think of it as the price you pay for having a decentralised, free line of communication. This is a social rather than technological problem and I'd rather have spam than a tightly controlled mail solution that could be taken away from me or cost me more money.
Re:eMail replacement. (Score:5, Interesting)
Actually, you can have a decentralised free messaging system that's immune to the types of abuses we see today (spam). We already have the smtp email foundation to build it on top of, and it's pretty damn simple to do. If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust". If you make spam completely accountable to a real-world entity via cryptography, it largely solves the problem, because the problem is so easy to solve at that point.
There's already some competing standards for this stuff, and Enigmail (in moz and thunderbird) supports at least two of them. I'm pretty sure you can get an email cert from one of a few authorities pretty cheaply.
So, it really comes down to convincing the users, which is largely the job of email client vendors. When you first set up your account in Outlook, Thunderbird, or whatever, there should be a dialog box to the effect of:
Please click "Use Existing" to use an existing email certificate for this account, or click "Create" to create a new certificate....
With pointers to signing authorities and an explanation that the user would be doing their part to prevent spam if they would just take this simple measure.
Eventually everyone notices that all their legit email is signed, and starts turning on that "kill all unsigned mail" option in their mail client, and poof goes the spam problem.
Re:eMail replacement. (Score:5, Insightful)
that wouldn't be free & decentralised anymore.
if you want to have the ability to receive messages from total strangers, you have the ability to receive totally useless messages(spam) from them as well.
Re:eMail replacement. (Score:5, Insightful)
-
You have to trust that the certificate providers that you're going to "trust" are properly dealing with spamming customers. Because otherwise, it would be relatively easy to send spam, it's just that you guarantee that you can know the email address of the person who's spamming you. Or, rather, you can guarantee that the email address which was on the outbound message matches the one that the provider issued. This means that you can still get spam, it's just that you know an email address was successfully provided at oen point for that spam.
-
What about phishing scams where they take your password? You think they won't find a way to get the private key for your certificate store, and then use your certificate to run joe jobs against you? Think again. As long as you have clueless users out on the internet, they'll be able to do crappy things with anything which relies on user-level security.
-
What do you do with webmail systems? There's no way outside of something like ActiveX for me to client-side sign my outbound email, and even if there was, there wouldn't be a way to deal with the whole kiosk problem (I want to walk up to an internet browser and be able to check my email). I could offload the signing onto the webmail system, but then that's not terribly secure, because the people I send email to can't necessarily trust that it was me (and not Yahoo Mail) who actually drafted the email. Also, if I have a simple password, again, that could be cracked, and anybody could send email as me.
While this one might seem a unique problem with things like Hotmail and the like (which you might not want to allow mail from anyway), think of the number of corporate users who rely on things like Outlook Web Access (which will soon support client-side signing, but only if you're running MSIE on Windows and are at a machine where you can control the hardware to get your private key pair installed correctly).
So while S/MIME and equivalent systems are useful in the fight against spam, they aren't panaceas because the rest of the infrastructure (particularly webmail systems) can't deal with them.Re:eMail replacement. (Score:2, Insightful)
Re:eMail replacement. (Score:3, Insightful)
There are several problems with this scheme. It solves the problem of spam (more or less), but creates new ones.
The first is that it gives power (which will be converted into money) to the certificate signing authority. This is currently a problem with https, as even though anyone can set up a web server using SSL, for it to be usable buy the public, you must pay an often very high tax to one of a very few signing authorities. This problem would be much, much worse with email.
The second is that
Re:eMail replacement. (Score:2, Interesting)
Hooray for Jabber!
Re:eMail replacement. (Score:3, Insightful)
I rarely receive e-mails from more than a small group of people (hey, the web design world in North Dakota isn't exactly buzzing with potential clients), so it's no problem for me to first get the e-mail address of a client before I allow their incoming messages.
Re:eMail replacement. (Score:2)
Come to think of it, I've never received spam on my instant messengers. Why don't they add offline capabilities to IM?
That would work.
Re:eMail replacement. (Score:2)
And furthermore, I already have received a significant amount of IM spam. (AIM network)
Which replacement? (Score:4, Insightful)
* Sending message should be free or extremely cheap
* It should not be required to receive an invitation to talk to somebody
You can quibble with those requirements if you want to design a new system, but if you follow them any system you propose risks being spam-ridden. The spammers will not say, "Oh, gee, they've all moved to a different port and protocol, let's forget it then." They'll adopt any new protocol, faster than users will.
So what about present email are you willing to give up? Converting from "free" to "extremely cheap" sounds promising, but it's still prone to the army of zombies, and exchanging trivial amounts of cash is still difficult and expensive.
There are various ways to introduce blocks in the "anybody can talk to anybody" system. Some systems email you back when you send me a message for the first time, which at least proves the existence of a back path and to a small degree a real human (not a zombie) on the other end. Bayesian filters provide extra points to people who have emailed you before without excluding people you've never heard of.
Or maybe we weaken the second requirement by distinguishing between promiscuous and non-promiscuous addresses. My friends email me at one account, and if I could I'd give each of them a separate address. People I trust less get different accounts. People who break the trust find that the address disappears, and because those addresses aren't promiscuous, relatively few other people are inconvenienced by that. I've effectively whitelisted those addresses.
But I also monitor info@foo.com email addresses, which really do want to take email from anybody in the world. I can't drop those when they get spammed, because many people are expecting to get to me through them. But if we made promiscuous addresses rare, we could use more whitelists and perhaps change the balance.
Perhaps if your average spam-buying-jackass@comcast.net were able to receive mail only from people he'd whitelisted, he'd get less spam and the spammers would give up. But that would be wildly inconvenient for him.
The point is, most of these could be built on top of SMTP, and any SMTP alternative you propose is going to have either promiscuity or conveninence problems. Just dropping SMTP just moves the problem to a new protocol but with massive infrastructure pain.
Re:eMail replacement. (Score:4, Insightful)
The problems is that any system with the features we demand of email has the faults of email.
The crux of it is - do you want someone you haven't heard of before to be able to email you?
If the answer is "yes", then you get spam.
If the answer is "no", you get something fundamentally different from email. You can also already implement this, by using a whitelist for both email addresses and originating mail servers (to filter forged friends' addresses).
Authenticating users and rubber-stamping their mail at mailservers doesn't help, because there are always untrustworthy mailservers run by ISPs who don't know enough or don't care enough to fix them. This is half of the source of the _current_ spamming problem. So, any decentralized email-like system is vulnerable to having spamming users and compromised mail servers exist. Compromised mail servers bring back forging, and you're pretty much back to square one. It gets a little harder to convincingly forge a sender address from a different mail server, but you can _already_ filter for that by using a server whitelist or using a DNS lookup (forward or reverse) for server lines in inbound mail.
Having a centralized mail server makes it harder to insert bogus traffic, but creates a huge bandwidth bottleneck, and concentrates power over mail in a way that's unlikely to be acceptable.
In just about any scheme, you can also get compromised user machines spewing mail from their own accounts with legitimate sign-in to any type of mail system at all.
In summary, the spam problem isn't going away under any system that serves the same purpose as email. You can also modify a standard email system to get most of the benefits of the different types of system that _would_ be more spam-resistant. So, there doesn't seem to be much point in proposing a system-wide overhaul.
Re:eMail replacement. (Score:2)
Whitelists work quite well against spam. The only way spam will get through a whitelist is:
- By faking the "I am a real person" replies to messages bounced by the whitelist. This can be made very hard for machines. At the very least this will require them to have a return email address in the spam.
- By spoofing the email address of someone already on your whitelist. Even by spoofing the address of popular mailing lists wil
Um, isn't this just a webpage? (Score:5, Insightful)
multiple Emails... (Score:5, Funny)
Re:multiple Emails... (Score:5, Funny)
What a stupid idea (Score:5, Interesting)
Re:What a stupid idea (Score:5, Funny)
You could have at least spelled equivalent right. I would have. :p
At least it's got a limit... (Score:5, Funny)
google got G, and these guys have claimed D.
That leaves only 23 more slashdot headlines before people have to start being original! Heck, maybe they'll actually invent someting new (or maybe that's too optimistic)...
Re:At least it's got a limit... (Score:4, Funny)
Re:At least it's got a limit... (Score:3, Funny)
Re:At least it's got a limit... (Score:2)
Re:At least it's got a limit... (Score:2)
Re:At least it's got a limit... (Score:2)
Probably no-one has a copy of it now. The mail server it ran on is just about defunct, and they didn't seem to sell many (if any) copies. In fact if I remember correctly we were running Windows 3.11 as a client OS at the time it was being developed.
Re:At least it's got a limit... (Score:5, Funny)
Sorry.
Re:At least it's got a limit... (Score:2)
I like that one.
Maybe mc^2mail or mc2mail or mccmail (pronounced "mic-cee-mail" perhaps?)
Another idea (Score:2, Funny)
Its a new technology involving ink and paper.
Re:Another idea (Score:3, Insightful)
I guess it has something to do with me keeping my email addresses to myself and my contacts, whereas my street address can be found in public directories. Oh, and I don't think I could install a decent spam filter on my smailbox, either.
Well, duh (Score:3, Insightful)
Re:Well, duh (Score:2)
on some irc networks autospammers are a problem.
if you're going to have the ability to receive messages from just about anyone on the globe then spam is going to happen no matter what.
Same as Usenet (Score:2)
Re:Same as Usenet (Score:2, Insightful)
Re:Same as Usenet (Score:2, Insightful)
But they're also much more annoying to use - first you have to find a decent forum. Then you (often) have to register. Then you find that actually you get flamed for posting a newbie question - but the search is so useless that you can't find the answer that was posted last week (and it's all .asp and not indexed by google).
Then you go back to usenet.
reminds me of one of our clients (Score:4, Funny)
To avoid viruses and hackers and such, they used to turn off their servers every night when no one was in the office to monitor them...
It wasn't too hard to get an offsite hosting contract though
Re:reminds me of one of our clients (Score:2)
And beat slashdotting by load-balancing you... (Score:3, Funny)
Beat Spam By Not Using Email (Score:2)
Re:Beat Spam By Not Using Email (Score:2)
Living in a cave would take care of that.
Re:Beat Spam By Not Using Email (Score:2)
So there is something to be said for the bin-Laden way of life after all...
Slashdot suggesting "closed" rather than "open"?!? (Score:3, Interesting)
Of course, a closed invitation-only community will stay mostly spam-free because anybody who does spam will get booted rather quickly, and the community will move on without them.
We've already seen blog spam when no registration is required to post a comment... but blogs that require commenters register are mostly spam-free because no spam bot is good enough to remember to register at a zillion sites.
In short, there are times where "closed" systems are better than "open" ones. And isn't it interesting that they tend to come to
How is this a solution? (Score:5, Interesting)
Yes, a closed system that has user authentication built-in from the start has been proposed many, many times. The problem is getting the rest of the world to adopt such a system.
Just like the idea of charging a fractional penny to send an email and collecting a fractional penny when you receive one, so that email costs and revenues are balanced for the average person, but costs are astronomical for the spammer. Interesting idea, now how do you convert the planet over?
The solution to spam seems easy enough; it's the implementation that's the problem.
Re:How is this a solution? (Score:2)
Sapmmers publishing SPF records (Score:2, Informative)
According to E-mail security vendor MX Logic Inc., spammers are trying to make their messages appear more legitimate by adopting the Sender Policy Framework (SPF), which recently became part of Microsoft's Sender ID proposal.
Congratulations, they invented the BBS ! (Score:3, Informative)
Congratulations, they invented the BBS [google.com] !
Interestingly, I've been trying to find time to start an IBM Domino [ibm.com] based BBS for my neighborhood. Yes, I started an i-neighbors [i-neighbors.org] thingy, but it would still be cool to have our own local site. (rembering the good 'ol days [bbsdocumentary.com] of 300 baud dialup
Been Done Before (Score:2)
michael (Score:2, Troll)
michael: Please stop posting to Slashdot.
Stop Viruses? --No, not all of them! (Score:2)
Re:Stop Viruses? --No, not all of them! (Score:2)
PGP (Score:3, Interesting)
cr (Score:2, Interesting)
Re:cr (Score:2)
Works very well for me too, using TMDA [tmda.net].
Re:cr (Score:3, Insightful)
I've been spam free for three years... (Score:2, Interesting)
I opened an account with usa.net. I ONLY use it for friends and family I trust.
Via my ISP I create other accounts, e.g., one for Newegg, one for Amazon, etc. If I ever buy from someone and that account starts getting spam, I can cancel it immediately. It has only happened once.
I also give out a secondary email account to friends and family to test them. If they don't sign me up for crap and don't forward me crappy jokes, I then give them my real account.
Like my subject says, I've never re
Re:I've been spam free for three years... (Score:2)
Aliases are easier to set up and check.
Re:I've been spam free for three years... (Score:2)
Closed Circuit Network over the Internet? (Score:3, Informative)
Disclaimer: I've only read a little bit of their web site.
From what I've read and can guess, this sounds like a private version of an online service. Think 1990's AOL, only on a micro-scale: to access the private network, you must have the correct network addresses and be an approved member. The network doesn't allow messages originating from outside the network, nor I imagine, can you send messages to external addresses. (Anyone with more specifics, feel free to correct me.)
Sounds like they have some encryption and allow direct downloads within the private circle of members
Eh? This sounds extremely fishy. I'm sure the technologies being implemented here are nothing new.
Sounds like you are in a private country club and are only playing with other people who can enter the club. Nobody gets in and nobody leaves... including telephone calls or anything else... it's like the outside world no longer exists once you enter, and for those in the outside world, it's as though the private country club doesn't exist... and ne'er the two shall meet.
Seems to me that this is analogous to Closed Circuit TV but just running over the existing broadcast spectrum in encrypted form (or something along those lines).
But practically speaking, isn't this like operating your own version of Jabber, but crippling it with a "feature" that prevents you from contacting (receiving from and sending to) anyone who's not listed in your buddies list and also using the exact same version of Jabber client?
Can't this be done with Sendmail? (Score:2)
1) same domain
2) PGP authenticated (to prevent address spoofing)
I'm sure there are corporations that are already doing something like this.
Rivising old stdandards? No (Score:2)
A lot of popular enail clients would just add a new plug-in to support the new protocol set. Microsoft would try to embrase and extend it and all would be more happy. But if it happens at all, I am hopeful that it starts in open source so that no one would monopolize it. Making it free from the start woul
C'mon, is this a joke? (Score:3, Funny)
I know I don't speak only for myself. Really, how could anyone ever forgo the art of a well-crafted letter, scribed with a feather quill, and sealed with wax warmed by a smoky taper?
I hardly think that email will ever catch on. In fact, the very idea fills me with mirth! RFLOL!
Your ally in words,
teamhasnoi
P.S. Did you see the series premiere of 'Joey'? A smashing success by any measure! : ) LOL!
Okay, so we've got this email problem licked.... (Score:2)
"dMail
Damn straight it's a world of your own
Wow, this isn't even astroturfing, now (Score:2)
I can't tell whether it's a BBS or just a passworded webpage because it's down right now, but gee, prior art is older than some
If you want private conversation... (Score:3, Insightful)
Besides, all a company has to do is close off their email gateway and they can accomplish the same thing this new 'innovation' provides.
why bother. (Score:2)
New Section (Score:3, Insightful)
Lame Product Announcements
Spam problem is going away (Score:2)
Their spam filtering (brightmail) has got better in the last few years. i used to get 20 a day now it's about 1 a day.
Spam just isn't the big problem it was. We have the tools to get rid of it.
dSlashdot (Score:3, Funny)
reinventing the wheel? (Score:2)
How is this dmail different in what it offers?
So.. it's MS Exchange with no SMTP connectors.. (Score:3, Insightful)
No typing @domain.com. No viruses. No spam. Gee, those things sure are easy to provide when you have 200 users and no internet e-mail connection.
I have a better Idea (Score:2)
obChecklist (Score:5, Funny)
finely-targeted marketing (Score:2)
So they're only targeting a few niche markets. Just businesses, families, education, friends, and teenagers. They've sure picked their battles discerningly. I hope someday they expand to some market that includes me. (I don't work, I have no friends, I have no family, I'm
Jabber, tunnel SSH and Putty (Score:2, Interesting)
For those out there using Windows, simply tunnel into the server using Putty.
It's for file swapping... (Score:4, Interesting)
"secure messaging system which was instantaneous and able to transfer large files rapidly...a safe and secure platform which can not be penetrated by unwanted visitors or observers...exceptionally fast medium for accessing and exchanging large files such as music, images and film, with huge capacity. For starters, each dmail address will have one gigabyte of space... argeted at several niche sectors where its properties are particularly relevant. These include education, friends/family, teenage and corporate markets"
The *IAAs are going to love this if it takes off. But it has the same vulnerability as any "closed" system, it's brilliant at the beginning but if it grows beyond a certain number you get trolls and spammers.
No spam in SlashDot discussion forums? (Score:3, Interesting)
Granted, we have trolls, offtopics, and flamebaits, but I have never seen anything close to what typical spam looks like when moderating and reading "flat" at level 0.
D15cr337 V14gr4 4 U! [cowboyneal.org]
Dmail isn't doing anything new. If SlashDot were a Usenet group, it'd be spammed just like the rest of the groups. If everyone had a different method of contacting them, it'd be too hard a problem for spammers to reach everyone.
In an odd way, this is exactly what is happening.. (Score:3, Insightful)
In essence, IM services are "walled E-Mail gardens". I know people who aren't totally tech savvy who use services like AIM and don't use E-mail. Granted, these tend to be "gramma" types who use messaging services to chat with the kids and grandkids, but the principle remains.
And for those who say it dosen't work: AIM + whitelisting works wonders.
It may sound a bit odd to a few of us "geeks", but some people only want to hear from people they know (i.e. have been formally introduced to). Spam is only encouraging a behaviour that people already practice on the phone (with Caller ID and/or answering machines) and their front door (with the little peep-hole).. if I don't know you, I ain't gonna talk to you.
Thanks, marketing departments of the world, for helping to create a more insular society.
How I (Almost) Eliminated Spam (Score:3, Interesting)
The only spam I have received has been of the Outlook virus variety, where someone with my address in their address book sends spam pretending to be someone else in their address book. I didn't open the attachments, and don't use Windows anyway, so it wouldn't have mattered. I've received maybe half a dozen such emails in a couple of years. That's it.
Here are the reasons I think I've managed to avoid spam:
- My new address is on a domain that I own, and the domain name is not a dictionary word, proper name, etc. So I think it's kept my domain "under the radar" of spammers.
- My old address is the administrative contact for my domain.
- My new address doesn't appear on my web site.
- My new address doesn't appear on Usenet.
- My new address doesn't go to any commercial interests.
I'm aware of several weaknesses of this approach - it's "security" through obscurity, people can't click a mailto: link on my site, and I have to maintain an account that receives spam, but the tradeoff is worth it to me. It's a little like wearing galoshes (rubbers, to those UK-ers) over nice shoes - a little more trouble, but it keeps my nice shoes clean, so I'm happy with the trade-off.For example, when I place an order on a web site and it sends a confirmation, I know I can quickly find it among the spam and chuck the rest. I use a web-based email to scan those, so I never open the junk.
If anyone has any suggested improvements, I'm all ears.