Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building A Better Inbox (Updated)

Posted by timothy on from the and-a-smaller-outbox dept.

vudujava writes "c|net is reporting that a new free (Update: not free, actually, read more for details.), web based email service is opening it's doors today. They promise to deliver "100% spam free" email to their users by using a challenge-response system to all incoming, first-time mail. Catch the entire story here. Although the idea isn't new, it shows that we are notching up the "war on spam"." Alert reader George Hotelling points out this post on Politech which may give you pause when it comes to the new mail service's Terms of Service. And kraksmoka writes "As reported on this article on MSNBC : 'Hotmail subscribers are now limited to sending only 100 messages a day "in an effort to prevent spammers from using Hotmail to spread spam," said Lisa Gurry, MSN lead product manager.'" dlanod writes "In your snippet on the main page you report mailblocks.com as "a new free, web based email service". Looking at Mailblocks' site, it actually costs $9.95/year for the standard service, or $24.95/year for the expanded service with no free option listed (https://app1.mailblocks.com/register.htm)."

6 of 371 comments (clear)

  1. Stupid by transient · · Score: 5, Interesting

    Um, so let me get this straight. They challenge all incoming mail except for the spam they've been paid to let through? And this is an "inseparable" part of the service?

    Next, please...

    --

    irb(main):001:0>
  2. SpamCop used to work that way by Animats · · Score: 4, Interesting
    SpamCop used to be challenge/response, but they switched to a "heuristic" system that doesn't work as well.

    Challenge/response systems have the problem that if two parties both use a challenge/response system, they may not be able to communicate with each other at all. The challenge message may not get through. Worst case, they create a mail loop.

  3. Re:Yeah, this system was invented by SolidBlue by Ace905 · · Score: 4, Interesting

    I've spent enough time distributing marketing material to every computing news source you could imagine.

    Our web site talks about the advantages of our product. My point isn't why our software and service is better, CNET hasn't even begun to offer their service - so an argument over why ours is better wouldn't really make sense.

    My problem is media coverage of the big name software companies. Maybe you haven't tried to make a software project fly on your own with a tiny budget, an incredible idea and rock solid code.

    Let me tell you, it's hard.

    --

    Ace
  4. It'll block too much by lazyl · · Score: 5, Interesting

    Before allowing e-mails through to your in-box, Mailblocks automatically transmits a numerical password to first-time correspondents. The senders must then retype the code into an onscreen dialog box before the system acknowledges them as legitimate.

    This will block a lot of legitimate mail. You won't be able to subscribe to mailing lists. You can't recieve those "account authorization/activation emails" that lots of sites use. E-cards won't work. You won't be able to to get daily comics. Bascailly, any system where the mail is sent by an automated system won't work. There are probably others I can't think of.

    --
    Aw crap, ninjas!
  5. Re:you invented this? not. by Ace905 · · Score: 4, Interesting

    Our white paper on the system was published in November of 2001. A challenge-response based system has existed for longer on web sites to prevent automated submissions.

    To offer the system for email requires a more advanced server-client architecture, overcoming challenges such as "what if both systems require authentication" to ensure that Spam still can not get through a 'hole' for this scenario, and finally: The actual challenge-response is being done wrong by almost all of our competitors. A simple dictionary attack could authenticate a spammer for their entire user list.

    We're the longest running email-authentication project (obviously, since we did invent it) and we have a very large list of improvements planned for the system. I suspect these other companies, which publicly lie about trade mark, patent and copyrights to the system (that have never been registered) will take our new ideas and claim to own them as well.

    Only time will tell.

    --

    Ace
  6. Challenge-Response Has Issues by istartedi · · Score: 4, Interesting

    1. It imposes hurles on first-time contacts. Posted your resume and got a response? HR person doesn't have time to answer questions like "what color is the sky" or whatever they use to verify you're human.

    2. Spammers can use it! If they get a challenge they know the e-mail is valid. Then, they can forge senders. If they forge the right sender the spam gets through. If they forge the wrong sender a challenge goes out to the 3rd party. The challenge has to carry a subject doesn't it? Voila! The spammer has hijacked your box and used it to send quickie text messages to 3rd parties. OK, well, maybe you change the subject so that it simply gives the time of the message or something... but then the sender is less likely to recall if he actually sent the message.

    Even if it works, C-R floods the network with with little micro-spams. I for one do not look forward to having my inbox flooded with messages with subjects like "SpamMaster response requested for message you sent 3/24/03" because I never sent the message and some lousy spammer just forged my address in the Sender.

    Maybe they've come up with some ingenious way to fix these problems, but I doubt it.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?