Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building A Better Inbox (Updated)

Posted by timothy on from the and-a-smaller-outbox dept.

vudujava writes "c|net is reporting that a new free (Update: not free, actually, read more for details.), web based email service is opening it's doors today. They promise to deliver "100% spam free" email to their users by using a challenge-response system to all incoming, first-time mail. Catch the entire story here. Although the idea isn't new, it shows that we are notching up the "war on spam"." Alert reader George Hotelling points out this post on Politech which may give you pause when it comes to the new mail service's Terms of Service. And kraksmoka writes "As reported on this article on MSNBC : 'Hotmail subscribers are now limited to sending only 100 messages a day "in an effort to prevent spammers from using Hotmail to spread spam," said Lisa Gurry, MSN lead product manager.'" dlanod writes "In your snippet on the main page you report mailblocks.com as "a new free, web based email service". Looking at Mailblocks' site, it actually costs $9.95/year for the standard service, or $24.95/year for the expanded service with no free option listed (https://app1.mailblocks.com/register.htm)."

9 of 371 comments (clear)

  1. Stupid by transient · · Score: 5, Interesting

    Um, so let me get this straight. They challenge all incoming mail except for the spam they've been paid to let through? And this is an "inseparable" part of the service?

    Next, please...

    --

    irb(main):001:0>
  2. SpamCop used to work that way by Animats · · Score: 4, Interesting
    SpamCop used to be challenge/response, but they switched to a "heuristic" system that doesn't work as well.

    Challenge/response systems have the problem that if two parties both use a challenge/response system, they may not be able to communicate with each other at all. The challenge message may not get through. Worst case, they create a mail loop.

  3. Disposable Email Addresses -- Effective? by angle_slam · · Score: 3, Interesting
    The last time I posted this question, it was late in the discussion and didn't get many responses. So I'll ask again. Does anyone here have any experiences with Disposable Email Address services? Click the above link to get a more detailed explanation of what it is.
    Briefly, I'll explain how they work in theory. After signing up with a disposable email service, they give you a disposable email address that you can, for example, enter into forms. Mail sent to that disposable email address gets automatically forwarded to your email account of choice. But here's where they supposedly come in handy. You can sign up for a different disposable email address everytime you fill in a web form. If you start getting spam, you can look at the disposable email address the spam was sent to and you can do 2 things: (1) cancel the disposable email address so you no longer get spam sent to that address; and (2) you know who gave out your disposable address and you can take whatever action you deem appropriate.
    Any thoughts?
  4. Re:Yeah, this system was invented by SolidBlue by Ace905 · · Score: 4, Interesting

    I've spent enough time distributing marketing material to every computing news source you could imagine.

    Our web site talks about the advantages of our product. My point isn't why our software and service is better, CNET hasn't even begun to offer their service - so an argument over why ours is better wouldn't really make sense.

    My problem is media coverage of the big name software companies. Maybe you haven't tried to make a software project fly on your own with a tiny budget, an incredible idea and rock solid code.

    Let me tell you, it's hard.

    --

    Ace
  5. It'll block too much by lazyl · · Score: 5, Interesting

    Before allowing e-mails through to your in-box, Mailblocks automatically transmits a numerical password to first-time correspondents. The senders must then retype the code into an onscreen dialog box before the system acknowledges them as legitimate.

    This will block a lot of legitimate mail. You won't be able to subscribe to mailing lists. You can't recieve those "account authorization/activation emails" that lots of sites use. E-cards won't work. You won't be able to to get daily comics. Bascailly, any system where the mail is sent by an automated system won't work. There are probably others I can't think of.

    --
    Aw crap, ninjas!
  6. Re:you invented this? not. by Ace905 · · Score: 4, Interesting

    Our white paper on the system was published in November of 2001. A challenge-response based system has existed for longer on web sites to prevent automated submissions.

    To offer the system for email requires a more advanced server-client architecture, overcoming challenges such as "what if both systems require authentication" to ensure that Spam still can not get through a 'hole' for this scenario, and finally: The actual challenge-response is being done wrong by almost all of our competitors. A simple dictionary attack could authenticate a spammer for their entire user list.

    We're the longest running email-authentication project (obviously, since we did invent it) and we have a very large list of improvements planned for the system. I suspect these other companies, which publicly lie about trade mark, patent and copyrights to the system (that have never been registered) will take our new ideas and claim to own them as well.

    Only time will tell.

    --

    Ace
  7. Challenge-Response Has Issues by istartedi · · Score: 4, Interesting

    1. It imposes hurles on first-time contacts. Posted your resume and got a response? HR person doesn't have time to answer questions like "what color is the sky" or whatever they use to verify you're human.

    2. Spammers can use it! If they get a challenge they know the e-mail is valid. Then, they can forge senders. If they forge the right sender the spam gets through. If they forge the wrong sender a challenge goes out to the 3rd party. The challenge has to carry a subject doesn't it? Voila! The spammer has hijacked your box and used it to send quickie text messages to 3rd parties. OK, well, maybe you change the subject so that it simply gives the time of the message or something... but then the sender is less likely to recall if he actually sent the message.

    Even if it works, C-R floods the network with with little micro-spams. I for one do not look forward to having my inbox flooded with messages with subjects like "SpamMaster response requested for message you sent 3/24/03" because I never sent the message and some lousy spammer just forged my address in the Sender.

    Maybe they've come up with some ingenious way to fix these problems, but I doubt it.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  8. Mailing lists by rf0 · · Score: 3, Interesting

    One thing I hate about this sort of thing is that its quite dumb when it comes to mailing lists. More than once I have written an email to a mailing list I'm on and got back a messages along the lines of

    "foo@bar.com is subscribed to our service. Please click on very long URL to let them recieve your messages"

    Now this means that everyone who posts to that list has to do this for one particular user. Why should they? I'm sure that user has something to say at some point but I don't want/need to do it everytime I post to a list and someone new has joined who uses a similar service.

    Why don't they whitelist the address of the mailing list? That would seem obvious to me. Even mailing lists that allow anyone to post normally have very high signal to noise ratios with the occasional spam.

    Just my pet peev

    Rus

    --
    Cheap UK and US VPS
  9. Re:Now this is what I prefer to see... by ePhil_One · · Score: 3, Interesting
    This setup may not be perfect, but to me it's a step in the right direction. Working towards a system that doesn't allow spammers to exist is wholly more admirable.

    The spammers will just build an automated response system. Plus, this thing could no be used as a source for a DOS attack, since its happily generating emails. And god help us if they ever decide they need to sell their "contact list to be profitable, since to work it must have a list of every person who might email you. And hopefully they've considered the feed back loop as service A asks for a confirmation of the confirmation email service B just asked for... :^)

    Yeah, I think I'll give this a pass

    Curiously, why were open relays ever in existence? And once spam started, why were open relays kept around? Is there a use for them? Why not have all mail servers require authentication for outgoing mail, much like POP retrieval. That would have to stop a great deal of spam

    Yes, it would. The idea is you send a single mail to the open relay with a huge list of recipients, the server then burns its bandwidth sending 900 copies of that mail. Not to mention it gets to deal with all the bounced emails messages, etc.

    So why do they exist?

    1) Best compatibility. Not everything understands how to authenticate SMTP.

    2) Firewall compatibility. Some firewalls don't allow authenticated SMTP in more secure modes

    3) Traveling clients. If your client could concievably pop up at any IP, its very difficult to filter access by IP, the usual method of blocking unauthorized access

    4) Don't fix what aint broke. If its working, some folks are hesitant to make changes they aren't comfortable with.

    5) A workaround opened a previously closed relay. Spammers have gotten tricky in fooling Mail relays into forwarding their spam. there's a lot of ope relays that were closed when originally set up.

    6) Philosphical reasons. Folks may wish to provide a service that bypasses listening in by corporations or governments

    I'm not going to argue the validity of these points, I'm just pointing out some of the possible why's...

    --
    You are in a maze of twisted little posts, all alike.