Slashdot Mirror
Building A Better Inbox (Updated)
vudujava writes "c|net is reporting that a new free (Update: not free, actually, read more for details.), web based email service is opening it's doors today. They promise to deliver "100% spam free" email to their users by using a challenge-response system to all incoming, first-time mail. Catch the entire story here. Although the idea isn't new, it shows that we are notching up the "war on spam"."
Alert reader George Hotelling points out this post on Politech which may give you pause when it comes to the new mail service's Terms of Service.
And kraksmoka writes "As reported on this article on MSNBC : 'Hotmail subscribers are now limited to sending only 100 messages a day "in an effort to prevent spammers from using Hotmail to spread spam," said Lisa Gurry, MSN lead product manager.'"
dlanod writes "In your snippet on the main page you report mailblocks.com as "a new free, web based email service". Looking at Mailblocks' site, it actually costs $9.95/year for the standard service, or $24.95/year for the expanded service with no free option listed (https://app1.mailblocks.com/register.htm)."
Best damn email on Earth is at http://fastmail.fm
If you're still using Hotmail or Yahoo, upgrade. Now. This minute.
Um, so let me get this straight. They challenge all incoming mail except for the spam they've been paid to let through? And this is an "inseparable" part of the service?
Next, please...
irb(main):001:0>
You can spam from hotmail without using the web-client, since it has an interface for using /w outlook etc (http mail still though I think).
However, I myself don't get many *hotmail* spams, and many which I do are forged headers and not real hotmail addresses.
Limiting regular customers to emails-per-day actually sounds like a really good idea to me, so long customers sending mass mail (usergroups, proper mailing lists, etc) were able to sign up for a "special account" allowing them to continue. I don't know many normal people who would send >200 messages a day, and not many spammers who might bother to identify themselves when signing up for a special "mass-mail" account.
TMDA looks interesting, I'll have to check it out. But what happens when a person using a TMDA-protected email account attempts to contact someone else using a TMDA-protected email account?
What's to stop there being a cascading ping-pong of confirmation messages? (Or are you supposed to automatically whitelist everyone you send email to?)
Challenge/response systems have the problem that if two parties both use a challenge/response system, they may not be able to communicate with each other at all. The challenge message may not get through. Worst case, they create a mail loop.
Myrealbox filters the spam, and it is free. Why would you want to pay for something that is already free. www.myrealbox.com
WAR on drugs
WAR on Iraq
WAR on
WAR on SPAM
How American.
Gosh, I loved the first WebTV even after MS bought them. It was a great, lightweight client with a beautiful user interface, at least for the time. Now the jerk wants to save us from SPAM just so he can spam us himself. Plus, you pay him $10/year and can't avoid it. That's right, the TOS says you CAN'T opt out.
Memo to VCs: don't fund ex-M$ people. They seem to believe that they can jam any TOS down people's throats.
I've spent enough time distributing marketing material to every computing news source you could imagine.
Our web site talks about the advantages of our product. My point isn't why our software and service is better, CNET hasn't even begun to offer their service - so an argument over why ours is better wouldn't really make sense.
My problem is media coverage of the big name software companies. Maybe you haven't tried to make a software project fly on your own with a tiny budget, an incredible idea and rock solid code.
Let me tell you, it's hard.
Ace
try out oddpost
http://www.oddpost.com
it truly is the best web based email
i've every used. if you like outlook,
evolution, eduora, >... you'll feel
right at home in oddpost.
pretty cheap too... only $30 a year
and the 1st month is free. and the
spam filtering is coming along nicely
to boot.
Before allowing e-mails through to your in-box, Mailblocks automatically transmits a numerical password to first-time correspondents. The senders must then retype the code into an onscreen dialog box before the system acknowledges them as legitimate.
This will block a lot of legitimate mail. You won't be able to subscribe to mailing lists. You can't recieve those "account authorization/activation emails" that lots of sites use. E-cards won't work. You won't be able to to get daily comics. Bascailly, any system where the mail is sent by an automated system won't work. There are probably others I can't think of.
Aw crap, ninjas!
Our white paper on the system was published in November of 2001. A challenge-response based system has existed for longer on web sites to prevent automated submissions.
To offer the system for email requires a more advanced server-client architecture, overcoming challenges such as "what if both systems require authentication" to ensure that Spam still can not get through a 'hole' for this scenario, and finally: The actual challenge-response is being done wrong by almost all of our competitors. A simple dictionary attack could authenticate a spammer for their entire user list.
We're the longest running email-authentication project (obviously, since we did invent it) and we have a very large list of improvements planned for the system. I suspect these other companies, which publicly lie about trade mark, patent and copyrights to the system (that have never been registered) will take our new ideas and claim to own them as well.
Only time will tell.
Ace
It's not perfect, but it is fairly good. I would say it blocks greater than 90% of spam. I was impressed enough that last year I paid them money for the service. I use their automatic SMTP forwarding, and filter on the header X-YahooFilteredBulk. I personally wish they would just block everything they tag rather than forward it to me, but oh well. At some point I'll stop using my Yahoo address and just stick to unique aliases on the domain I own. After so many years of using my Yahoo address, I'm just a little shy of changing it in case I lose touch with somebody.
1. It imposes hurles on first-time contacts. Posted your resume and got a response? HR person doesn't have time to answer questions like "what color is the sky" or whatever they use to verify you're human.
2. Spammers can use it! If they get a challenge they know the e-mail is valid. Then, they can forge senders. If they forge the right sender the spam gets through. If they forge the wrong sender a challenge goes out to the 3rd party. The challenge has to carry a subject doesn't it? Voila! The spammer has hijacked your box and used it to send quickie text messages to 3rd parties. OK, well, maybe you change the subject so that it simply gives the time of the message or something... but then the sender is less likely to recall if he actually sent the message.
Even if it works, C-R floods the network with with little micro-spams. I for one do not look forward to having my inbox flooded with messages with subjects like "SpamMaster response requested for message you sent 3/24/03" because I never sent the message and some lousy spammer just forged my address in the Sender.
Maybe they've come up with some ingenious way to fix these problems, but I doubt it.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
One thing I hate about this sort of thing is that its quite dumb when it comes to mailing lists. More than once I have written an email to a mailing list I'm on and got back a messages along the lines of
"foo@bar.com is subscribed to our service. Please click on very long URL to let them recieve your messages"
Now this means that everyone who posts to that list has to do this for one particular user. Why should they? I'm sure that user has something to say at some point but I don't want/need to do it everytime I post to a list and someone new has joined who uses a similar service.
Why don't they whitelist the address of the mailing list? That would seem obvious to me. Even mailing lists that allow anyone to post normally have very high signal to noise ratios with the occasional spam.
Just my pet peev
Rus
Cheap UK and US VPS
Basically, it's challenge/response, with the response being via telephone
I replied to him with the following:
As some else pointed out, the filter should check addresses that have had messages sent to, to avoid challenge/response infinite loops.The spammers will just build an automated response system. Plus, this thing could no be used as a source for a DOS attack, since its happily generating emails. And god help us if they ever decide they need to sell their "contact list to be profitable, since to work it must have a list of every person who might email you. And hopefully they've considered the feed back loop as service A asks for a confirmation of the confirmation email service B just asked for... :^)
Yeah, I think I'll give this a pass
Curiously, why were open relays ever in existence? And once spam started, why were open relays kept around? Is there a use for them? Why not have all mail servers require authentication for outgoing mail, much like POP retrieval. That would have to stop a great deal of spam
Yes, it would. The idea is you send a single mail to the open relay with a huge list of recipients, the server then burns its bandwidth sending 900 copies of that mail. Not to mention it gets to deal with all the bounced emails messages, etc.
So why do they exist?
1) Best compatibility. Not everything understands how to authenticate SMTP.
2) Firewall compatibility. Some firewalls don't allow authenticated SMTP in more secure modes
3) Traveling clients. If your client could concievably pop up at any IP, its very difficult to filter access by IP, the usual method of blocking unauthorized access
4) Don't fix what aint broke. If its working, some folks are hesitant to make changes they aren't comfortable with.
5) A workaround opened a previously closed relay. Spammers have gotten tricky in fooling Mail relays into forwarding their spam. there's a lot of ope relays that were closed when originally set up.
6) Philosphical reasons. Folks may wish to provide a service that bypasses listening in by corporations or governments
I'm not going to argue the validity of these points, I'm just pointing out some of the possible why's...
You are in a maze of twisted little posts, all alike.
I average closer to 10 spams/day @yahoo.com. Whats more of an issue is that their spamblock sends IBM DevloperWorks and movingon.org emails into the bulk mail folder. I've sent these to yahoo for "review", where they should realize that 1)I've signed up for these notifications, and 2) Its easy to opt-out. Repeated "reviews" still result in spam in my inbox and real email in my bulk folder. Which means I can't just delete everything in the bulk folder. Since I have to look at all the headers first, whats the difference? Yahoo sucks. When it was young it was fun, but now its just sad.
We've decided not to patent the idea, for moral and financial reasons. We believe the system would do better on its own.
Also, as one of our users posted - there are 3 fairly good reasons why these systems are entirely different.
server-client architecture
graphical-text challenge / response vs. file attachment (latter being easy to circumvent)
accuracy rate. 100% vs. 95%
Plus:
Handling of lists through GUI
Windows Architecture
blah blah blah.
All points our original patent lawyer found relevant enought to take our case ; until we decided against a patent.
Regards,
-Doug
Ace
Not a huge fan of yahoo myself, but I do believe that they still let you have a few filters, even without paying. Yep, just checked it, click on Mail --> Options. Select filters, figure out a way to send the stuff you want to your inbox, no more digging through Bulk Mail.
Also, I don't really think that sending a mail for 'review' gets a pair of human eyes, but more is more likely combined with other submissions and used to adjust filtering techniques and training...
Nerd rage is the funniest rage.
The solution would be to adhere to the following protocol:
- First they ignore you, then they laugh at you, then ???, then profit.
Good. I'd love it if they did. That way, we'd have a "good" return address with which we could track them down. Right now, I'll bet a very large percentage (approaching 100%) of U[B|C]E has a fake return/from address.
Sinepaw.org: Grape Winos
I can see certain problems stemming from this whole challenge-response style address verification. For example, if someone writes a new message to a new person and forgets to add the address to his whitelist, then a situation may arise where the recipient sends a challenge to the sender, and then the sender running a similar scheme recieves the challenge message and decides to challenge its sender..
Infinite loopsville...
I've been using Sneakemail for awhile, it allows for totally disposable addresses with FULL accountability for each sender.
/. filtering (which every site should have). Every email forwarded from sneakemail shows which specific one-time address it was sent to on the subject line. And since sneakemail allows you to filter each individual address seperately by every sender that's ever mailed that address if nessesary, I can easily turn off the spam while not having to truely discard an address. Plus it's great to know exactly where your address was harvested from, in fact one I've gotted alot of spam from was a one-time address I used for a techdirt.com spam article reply I made!
For example, say a spammer grabs my address from here despite the
Did I mention it's a quick bookmark popup thats easy to use and free (banner supported) or cheap premium (6 months $12US).
This is of course only part of the solution, for the rest I use Mailwasher.
Jonah Hex
Horror & SciFi Erotic Nudes
I got around the "bed of spam" problem with Hotmail by creating two accounts -- one to give out to everyone and one for only trusted people. Strangely enough (and knock on wood!) I get little to no spam on my "good" Hotmail account, after about two years of using both of them. Let's hope it stays that way!
seriouslyexcited.net