Slashdot Mirror
Building A Better Inbox (Updated)
vudujava writes "c|net is reporting that a new free (Update: not free, actually, read more for details.), web based email service is opening it's doors today. They promise to deliver "100% spam free" email to their users by using a challenge-response system to all incoming, first-time mail. Catch the entire story here. Although the idea isn't new, it shows that we are notching up the "war on spam"."
Alert reader George Hotelling points out this post on Politech which may give you pause when it comes to the new mail service's Terms of Service.
And kraksmoka writes "As reported on this article on MSNBC : 'Hotmail subscribers are now limited to sending only 100 messages a day "in an effort to prevent spammers from using Hotmail to spread spam," said Lisa Gurry, MSN lead product manager.'"
dlanod writes "In your snippet on the main page you report mailblocks.com as "a new free, web based email service". Looking at Mailblocks' site, it actually costs $9.95/year for the standard service, or $24.95/year for the expanded service with no free option listed (https://app1.mailblocks.com/register.htm)."
BTW, mailblocks.com isn't free; it's $10/yr. However, that's still only half what fastmail.fm charges annually for their spam filtering service (with SpamAssasin).
This undeclared "war on spam" is unauthorized imperialist aggression!
Mailblocks is not free! They charge either $9.95 or $24.95 a year depending on the file size limitation you choose.
The future isn't what it used to be.
Seriously, who spams from Hotmail anyway? Don't all the real spammers use custom software with a built-in smtp server? I've gotten enough spams advertising it, after all.
sulli
RTFJ.
I've been using yahoo mail for a while now and it is virtually spam free. The built in filter is great. Occasionally one makes it into my inbox, we're talking one every two or three days, otherwise they pile up in my bulk mail folder.
.Mac and I'm a os x geek.
It's so good I paid for a year of mail plus. I didn't even do that for
Um, so let me get this straight. They challenge all incoming mail except for the spam they've been paid to let through? And this is an "inseparable" part of the service?
Next, please...
irb(main):001:0>
It really pains me to see the amount of competition *and* press coverage our competitors are getting.
We invented this system for authenticating email, and we've had a product on the market for 2 years now making use of it.
We have the most affordable service available still. It's one thing for competitors to realize our idea is the solution - it's another thing for the media to ignore the origins of the system completely.
Ace
I own a small business and much of my client correspondance is via email. That means, I have to run my own IMAP server and I have 200 mb of mail on the server.
Someone would do well to offer this service with your own domain (if you change your MX record), IMAP and reasonable charge for each 50mb increment of disk space. This is yet another web mail service, only this one is hosted off of a MSFT server and it implements intrusive spam blocking. SPAM Assasin works very nicely, I've found.
*yawn*
--------- Matt
...rather than government legislation. It doesn't matter how much one country's government may ban spam, if it still comes from outside it's still going to come in time and time again.
This setup may not be perfect, but to me it's a step in the right direction. Working towards a system that doesn't allow spammers to exist is wholly more admirable.
--
Curiously, why were open relays ever in existence? And once spam started, why were open relays kept around? Is there a use for them? Why not have all mail servers require authentication for outgoing mail, much like POP retrieval. That would have to stop a great deal of spam
Like a very annoying email service. Doesnt this kill speed advantages of email? I would hate to send an email out, and have to go through more red tape so the recipeint can receive their email. The sender would be doing all the work to help solve the recipients spam problem.
What about the mass emails I like to receive, such as newsletters?
100% Insightful
Wow, definitely read the TOS info...
It reads more like they wish to charge you $10 to become your primary spam provider, oh and they will also be sharing your personal info with 'their' spammers (3rd parties), which you can't opt-out of.
Pay to go from bad to worse ? I think not !
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
The article here indicates that this company plans to charge $10/year for the service. Cheap, if the system proves to work, but definitely a different business model.
Further, it says that the 7 digit passwd will be sent in a "digital image"; kind of a hassle for those of us with text-only email. (long live pine)
Anecdotal evidence! I'm sold!
Challenge/response systems have the problem that if two parties both use a challenge/response system, they may not be able to communicate with each other at all. The challenge message may not get through. Worst case, they create a mail loop.
mailblocks says "All login information is sent securely to the Mailblocks server."... but I don't see any "https:". I tried signing in with a bogus userid/password just to see if I got a SSL response but no. Am I missing something?
I've wondered about that too. You could always manually add the person to your whitelist before you send the initial message.
What I'm wondering about is how you would buy something online where you can't really predict the address that shipping-confirmations will come from. In that case one wouldn't know what to add to the whitelist, and the odds of a human being on the other end are small...so your TMDA message would probably go ignored.
Is there a good FAQ somewhere that addresses questions like these?
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
Before allowing e-mails through to your in-box, Mailblocks automatically transmits a numerical password to first-time correspondents. The senders must then retype the code into an onscreen dialog box before the system acknowledges them as legitimate.
This will block a lot of legitimate mail. You won't be able to subscribe to mailing lists. You can't recieve those "account authorization/activation emails" that lots of sites use. E-cards won't work. You won't be able to to get daily comics. Bascailly, any system where the mail is sent by an automated system won't work. There are probably others I can't think of.
Aw crap, ninjas!
you invented this idea the way al gore invented the internet. :(
as I posted earlier, mapson predates any commercial implementation I have seen. I downloaded version 1.0 to doublecheck -- unless yours was written before 1997, or you employ Peter Simons, I'm afraid your claim to being the first doesn't hold water.
mailblock at least doesn't claim originality, just that they do it better. which may be true; they have a pretty slick "mail siphon" feature going.
http://www.spamgourmet.com
/dev/null, and username is .. obviously your username.
Allows you to 'create' an e-mail address, consisting of x.y.username@spamgourmet.com where x=a unique identifier for the e-mail address you're creating, y is the number of times e-mail may be sent to the address before it gets forwarded into
a little complicated - but go and sign up, it's free, it works...
Our white paper on the system was published in November of 2001. A challenge-response based system has existed for longer on web sites to prevent automated submissions.
To offer the system for email requires a more advanced server-client architecture, overcoming challenges such as "what if both systems require authentication" to ensure that Spam still can not get through a 'hole' for this scenario, and finally: The actual challenge-response is being done wrong by almost all of our competitors. A simple dictionary attack could authenticate a spammer for their entire user list.
We're the longest running email-authentication project (obviously, since we did invent it) and we have a very large list of improvements planned for the system. I suspect these other companies, which publicly lie about trade mark, patent and copyrights to the system (that have never been registered) will take our new ideas and claim to own them as well.
Only time will tell.
Ace
I cite a specific example of a challenge-response system for authenticating email dating from 1997, and you reply that since you started in 2001 you are the longest-running.
way to refute me, champ.
1. It imposes hurles on first-time contacts. Posted your resume and got a response? HR person doesn't have time to answer questions like "what color is the sky" or whatever they use to verify you're human.
2. Spammers can use it! If they get a challenge they know the e-mail is valid. Then, they can forge senders. If they forge the right sender the spam gets through. If they forge the wrong sender a challenge goes out to the 3rd party. The challenge has to carry a subject doesn't it? Voila! The spammer has hijacked your box and used it to send quickie text messages to 3rd parties. OK, well, maybe you change the subject so that it simply gives the time of the message or something... but then the sender is less likely to recall if he actually sent the message.
Even if it works, C-R floods the network with with little micro-spams. I for one do not look forward to having my inbox flooded with messages with subjects like "SpamMaster response requested for message you sent 3/24/03" because I never sent the message and some lousy spammer just forged my address in the Sender.
Maybe they've come up with some ingenious way to fix these problems, but I doubt it.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Comment removed based on user account deletion
Sure, something has to be done about the problem, but paying for a bad system that will just sell your name to other spammers and will block legitimate e-mail isn't much of a solution and should not be accepted in a desperate I'll try anything approach. I would propose that a simple open season on spammers, with perhaps a six spammer limit so every hunter gets a chance, and even a small license fee to help pay down the national debt, would be a much better approach.
I'm an American. I love this country and the freedoms that we used to have.
If you want to try it out, you will (most likely) need your own machine handling mail (if you're a broadband or DSL user, this is easy enough, I'll assume you've made that step...)
Now, make sure Perl is installed.
Now, as root, type "perl -MCPAN -e shell" and follow the instructions to set up Perl's configuration system.
In that shell, type "install Mail::SpamAssassin".
Exit that shell and type "/etc/init.d/spamassassin start"
You will want to do what your OS prefers for making sure this starts at boot time, under Red Hat Linux, that's "/sbin/chkconfig --levels 35 spamassassin on"
Exit your root shell, and do the rest as your user account.
Assuming you use sendmail with procmail (see the SpamAssassin site for other MTA configuration steps), put:into your
SpamAssassin is now doing its job. It just marks messages that it thinks are spam. See the example procmailrc on spamassassin.org for more information on how you can move the mail to another folder, delete it, or even more complex things. Also, there's a procmail bug that the example config can help you work around.
If you're doing this on a busy site, I recommend adding "-m 20" or so to your spamd command-line to throttle periods of intense mail delivery.
You can also configure SpamAssassin to do lots of useful stuff just the way you like it. There's a FAQ on your site that will walk you through it, but after the first time spamd handles mail for you, it will create a ".spamassassin/user_prefs" file that has good comments in it that guide you through common configuration needs (like whitelisting users).
This is exactly what spamgourmet is useful for. Spamgourmet is free, and forwards messages to your "real" address, but only as many as are specified by the address. To use Spamgourmet, you first become a member with a single user address, however you can add "sub-addresses" in a similar way to subdomains, starting with just a lame label, then a number of MAX emails to be accepted at this alias, then the username.
,br> for example, if you wanted to get a confirmation from newegg.com, but didn't trust their mailing list... you could simple fill in newegg.3.joecool@spamgourmet.com. this would give them a max of 3 emails, 1 for billing, 1 for shipping, and 1 for whatever is bound to go wrong.
Try it out today at spamourmet.com
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
I haven't tested it extensively, but the algorithm seems solid.
If they want to do something to cut down on spam, why not just limit the number of messages that a server can send to hotmail addresses? Meaning, if I want to send out spam and my list includes 100,000 hotmail adresses, hotmail's servers will reject every message I send to a them after the 100th. That just wiped out 99.9% of spam that hotmail users would receive.
Yes, it would take some work and the processing cost per message would be higher, but if it works, and cuts down on traffic by a higher percentage than the increased cost associated with the system, it would still be an amazing improvement.
I've always wondered why MS couldn't look at all incoming messages and spot spam based on vast numbers of similar messages.
I really hate signatures, but go to my website.