Slashdot Mirror
Beat Spam By Not Using Email
judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"
I'm all for trying new concepts, but pardon my disgust. I'm an entrepreneur myself and I understand money makes the world go-round, but I shudder to think where we'd all be if the guys who came up with Apache were trying to start it now.
D-Mail, G-Mail, PurplePokaDotMail are just more examples of someone trying to create, patent, exploit, etcetera when there are far more ethical and lucrative methods of making money. Of course this relies on people getting thier heads out of thier proverbial asses, but what can you do?
"It's not stealing if you don't get caught!"
By not using computers.
Now where did I put that abacus?
I recently beat seasonal allergies without relying on any medicine at all. I simply decapitated myself with a steak knife. It was so easy, no more running nose, or red, watery eyes!
/. IT color scheme any more!
John.
PS And there's an added benefit: I can't see the hideous
Back some time ago... I knew of a horrid little web based email proggy.
It was of course, dmail's web front end and then there was of course dmail's own mailer.
I wasn't much of a fan of either application.
In any event, the point is, someone already has that name. It is entirely possible the company is now defunct or sold and then molested into oblivion.
I wonder if it is the same company?
So many questions and so little names...
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
I'm waiting for dmail rev 2 that adds on network-to-network communication, so you can dmail your friends without having to have an account on every single different network. Oh, wait..
Damien
So I can't read the articles, but I don't see anything here that setting up a whitelist only mail server doesn't do
IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.
Drop email. Drop SMTP. Change the ports it uses. Change the entire system, and scrap what's gone before and start again. Make it PURPOSELY incompatible.
Unless of course you want to keep getting spam. If so, keep using email as it is.
A proprietary system that no one can post to coupled with a password needed to view said content sounds suspiciously like a static second level webpage or a ssl private network. Just...like...a...private forum. We do the same thing here at work for vendors who buy our products, a static page updated weekly by the sales department that only x amount of vendors have access to, they can read their mail "posted specials" and later send updates to the dmail admin "webmaster" or "sales". Let's just face it. Spam as much as I hate it is here to stay. Yes we can all agree that eventually the systems will get better at defeating spam and bulk mailings, but the brilliant minds that are developing the stopping systems have the brilliant minds that are bent on defeating those other brilliant minds. But removing the system from the culprits is a novel approach, lets just not herald it as the end or even a stepping stone to stopping spam.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
Just do what i do. One email address for pr0n. One for serious stuff. One for each girlfriend. Then another one for some more pr0n.
- I got my free iPod and a free Nintendo DS....why not
This is functionally equivelant to using a whitelist-only filter on your email, only worse in every way.
- For the complete works of Shakespeare: cat
On current trends there are only 25 possible names of mail services (given that E is already taken).
google got G, and these guys have claimed D.
That leaves only 23 more slashdot headlines before people have to start being original! Heck, maybe they'll actually invent someting new (or maybe that's too optimistic)...
I use a system called sMail (for Snail Mail).
Its a new technology involving ink and paper.
Obviously, if you cut yourself off of the system, you won't get spam from it. I don't get email spam on my IRC connection, either. It's only worth anything if it's an open standard and fixes the design flaws in current email protocols. Considering that this is not at all hard to do, I am stunned each time that people haven't switched to something better than SMTP yet.
Please correct me if I got my facts wrong.
Why not try this or even this
...I propose smail, or slashdot mail, where people post comments on slashdot instead of e-mailing each other. We can then rely on the excellent moderation system to root out spam and viruses.
Mom, I'll be home around 6, how about some fish tacos for dinner.
Usenet started getting spammy, and many many users moved to web-based community forums. Sure, one reason was the rush to slap a browser interface on top of everything, but certainly part of it is that millions of different forum sites are harder to spam than one centralized usenet system.
Beat Spam By Not Using Email
:)
To avoid viruses and hackers and such, they used to turn off their servers every night when no one was in the office to monitor them...
It wasn't too hard to get an offsite hosting contract though
"If you think you have things under control, you're not going fast enough." --Mario Andretti
Not using E-Mail at all would be a great idea. Why not invent a new system of delivering and archieving passwords and documents like NIC requests and the like?
Quite frankly, I don't use email for much more nowadays.
Another idea would be to generate user designed passkeys that would be sent along the mail. No passkey, no arriving of the email. You'd be able to determine the ttl of each passkey so managing the stuff would be easy... Newsletters that you can't unsubscribe? Passé.
There will always be a way. I am a firm believer that our hackers and advertisers will find a way it is just a matter of time. Also Until people stop clicking on the ads that pop-up on their bulletin boards, websites, and e-mail. Spam and obtrusive ads will be a problem.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
...oh, wait. Too late!
How do I "beat spam by not using email" if the bulk of spam I get comes through regular mail and phone calls?
Please correct me if I got my facts wrong.
The strength of SMTP/POP3 e-mail system is that you can get e-mail from people that you've never heard of... the weakness of the SMTP/POP3 e-mail us that your inbox is wide open for anybody who wants in, and that means spammers who you never heard of and would rather never hear from.
/. in the form of a story in this puke-brown section that totally clashes with the normal geek-green. :)
Of course, a closed invitation-only community will stay mostly spam-free because anybody who does spam will get booted rather quickly, and the community will move on without them.
We've already seen blog spam when no registration is required to post a comment... but blogs that require commenters register are mostly spam-free because no spam bot is good enough to remember to register at a zillion sites.
In short, there are times where "closed" systems are better than "open" ones. And isn't it interesting that they tend to come to
... it was dialup, and ran on Telegard software....
Assuming it's genuine (and the author person is called Peter Judge)
This is nothing more than a fancy white-list, from what I can tell (the TechWorld article is slashdotted.)
Yes, a closed system that has user authentication built-in from the start has been proposed many, many times. The problem is getting the rest of the world to adopt such a system.
Just like the idea of charging a fractional penny to send an email and collecting a fractional penny when you receive one, so that email costs and revenues are balanced for the average person, but costs are astronomical for the spammer. Interesting idea, now how do you convert the planet over?
The solution to spam seems easy enough; it's the implementation that's the problem.
http://story.news.yahoo.com/news?tmpl=story&cid=74 &e=4&u=/cmp/47102042
According to E-mail security vendor MX Logic Inc., spammers are trying to make their messages appear more legitimate by adopting the Sender Policy Framework (SPF), which recently became part of Microsoft's Sender ID proposal.
Congratulations, they invented the BBS !
Interestingly, I've been trying to find time to start an IBM Domino based BBS for my neighborhood. Yes, I started an i-neighbors thingy, but it would still be cool to have our own local site. (rembering the good 'ol days of 300 baud dialup
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
From the site:
dmail Press room
Welcome to the dmail Press Room.
This website is designed to provide journalists with the information and resources they require in a downloadable format. Also provided is an enquiry service, either email or call back, to provide other materials which are not here.
Journalists are also invited to register interest in the subject so that they receive advance notice of future releases and other information.
The company prove how in a growing world this doesn't cut the mustard. E-mail is needed to comunicate world-wide, and they show it:
Why not check out their sites method of contacts, either email or callback both of which actually require you to have an email address.
Um - isn't that just Jabber?
Since everyone's favorite "editor" michael is now posting stories, be assured that they'll be highly inflammatory, usually contain many falsities, and will be hardly worth the time wasted RTFA. We all hated flamed Katz out of Slashdot existence - I propose we do the same with michael. These last three articles have all been extremely UN-newsworthy bits.
michael: Please stop posting to Slashdot.
This scheme can only stop Trojan-type viruses, and not the kind that do their own scanning for vulnerable systems.
With a close-knit group, why not use PGP encryption for authentication of the sender? The close-knit group can scale to include hundreds of thousands, millions of people. And it doesn't need any other software, while reaching all the people on unenhanced email, as well as all the email integrated applications.
--
make install -not war
Challenge response seems to do the same thing - block all email except the ones you want through. Works well for me (I use http://www.spamarrest.com/ which is pretty good for $30 a year, saves me downloading the emails first)
Nothing costs nothing
Sounds all well and good, but will it get connected to FidoNet eventually? Will it have TradeWars?
.-=Wit is educated insolence=-. -Aristotle
Interesting thought but doesn't really apply here since we (the taxpayers) didn't have a choice in the matter. I suppose the upcoming election is our chance to express our approval or disapproval, but it's all after the fact.
Here's how:
I opened an account with usa.net. I ONLY use it for friends and family I trust.
Via my ISP I create other accounts, e.g., one for Newegg, one for Amazon, etc. If I ever buy from someone and that account starts getting spam, I can cancel it immediately. It has only happened once.
I also give out a secondary email account to friends and family to test them. If they don't sign me up for crap and don't forward me crappy jokes, I then give them my real account.
Like my subject says, I've never received any spam in my usa.net account. The only spam I've got in the last three years was in an account I opened to use the pcmag.com forums. Needless to say that one was immediately cancelled and I use a fake address there now.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Disclaimer: I've only read a little bit of their web site.
From what I've read and can guess, this sounds like a private version of an online service. Think 1990's AOL, only on a micro-scale: to access the private network, you must have the correct network addresses and be an approved member. The network doesn't allow messages originating from outside the network, nor I imagine, can you send messages to external addresses. (Anyone with more specifics, feel free to correct me.)
Sounds like they have some encryption and allow direct downloads within the private circle of members
Eh? This sounds extremely fishy. I'm sure the technologies being implemented here are nothing new.
Sounds like you are in a private country club and are only playing with other people who can enter the club. Nobody gets in and nobody leaves... including telephone calls or anything else... it's like the outside world no longer exists once you enter, and for those in the outside world, it's as though the private country club doesn't exist... and ne'er the two shall meet.
Seems to me that this is analogous to Closed Circuit TV but just running over the existing broadcast spectrum in encrypted form (or something along those lines).
But practically speaking, isn't this like operating your own version of Jabber, but crippling it with a "feature" that prevents you from contacting (receiving from and sending to) anyone who's not listed in your buddies list and also using the exact same version of Jabber client?
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
by registering several bogus dmail accounts and start sending SPAM in an automated way using a SPAM-bot that interfaces with their web interface.
--- Eat my sig.
Well with all the talk of revising older standards to add safeguards and to install authentication methods, I think it's not a half-bad idea to just create a new email standard from scratch in the open.
A lot of popular enail clients would just add a new plug-in to support the new protocol set. Microsoft would try to embrase and extend it and all would be more happy. But if it happens at all, I am hopeful that it starts in open source so that no one would monopolize it. Making it free from the start would be the only way it could grow.
So okay all you smarter-than-me-people, think on it and get back to us...
I know I don't speak only for myself. Really, how could anyone ever forgo the art of a well-crafted letter, scribed with a feather quill, and sealed with wax warmed by a smoky taper?
I hardly think that email will ever catch on. In fact, the very idea fills me with mirth! RFLOL!
Your ally in words,
teamhasnoi
P.S. Did you see the series premiere of 'Joey'? A smashing success by any measure! : ) LOL!
- The 'old-style' email where anyone could send a message to everyone, that all the traditional MTAs (mail transfer agents) supported. Anonymous messaging is desirable in this system.
- The 'new-style' email where everyone wants to silently drop messages from spammers they don't like; and corporationos want to silently drop messages they don't want employees to get, etc. Anonymous messaging is scary in this system (corporations don't like it); and in contrast, control is a key feature.
The first requirement's needs were very well met by sendmail, etc; and really don't need to be forced in a corporate environment.Nothing really met the second (intentionally lossy (some would say broken)) requirements for corporations who wanted to make sure that many mails did not get delivered.
I welcome the day that all the guys with different requirements from sendmail simply move on to some other messaging system rather than try to screw with something that's worked well for decades (SPF, etc).
Now what do they plan to do about their website that looks like it was designed in 1983? I love the catch-line too:
... a world of your own"
... 'cause nobody else will be there to communicate with you.
"dMail
Damn straight it's a world of your own
This is hi, we're another website, link to our press release, please (and maybe bring our readership stats up).
./ viewers, I'm sure.
I can't tell whether it's a BBS or just a passworded webpage because it's down right now, but gee, prior art is older than some
Get off my launchpad!
Furthermore, couldn't this type of thing be done simply by filtering by domain name plus authentication credential (e.g., PGP key) at the Sendmail level? Nobody can send to or receive files from anyone who doesn't meet the two criteria:
1) same domain
2) PGP authenticated (to prevent address spoofing)
I'm sure there are corporations that are already doing something like this.
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
That should read "Using American government funds (all sources) to fund military operations in a fanatically inimical country that hides, exports or destroys known large quantities of massively destructive weapons while defying numerous U.N. resolutions to account for said WMDs." A little more complicated, but at least correct... :P
Question: Ethical or unethical? Answer: Pragmatic.
I'll trade you a Gmail account for one of those.
What do you say?
Think about it, 1 GB!
- Agilo
The trick is, what do you replace it with? There are a lot of design constraints on email, among them:
* Sending message should be free or extremely cheap
* It should not be required to receive an invitation to talk to somebody
You can quibble with those requirements if you want to design a new system, but if you follow them any system you propose risks being spam-ridden. The spammers will not say, "Oh, gee, they've all moved to a different port and protocol, let's forget it then." They'll adopt any new protocol, faster than users will.
So what about present email are you willing to give up? Converting from "free" to "extremely cheap" sounds promising, but it's still prone to the army of zombies, and exchanging trivial amounts of cash is still difficult and expensive.
There are various ways to introduce blocks in the "anybody can talk to anybody" system. Some systems email you back when you send me a message for the first time, which at least proves the existence of a back path and to a small degree a real human (not a zombie) on the other end. Bayesian filters provide extra points to people who have emailed you before without excluding people you've never heard of.
Or maybe we weaken the second requirement by distinguishing between promiscuous and non-promiscuous addresses. My friends email me at one account, and if I could I'd give each of them a separate address. People I trust less get different accounts. People who break the trust find that the address disappears, and because those addresses aren't promiscuous, relatively few other people are inconvenienced by that. I've effectively whitelisted those addresses.
But I also monitor info@foo.com email addresses, which really do want to take email from anybody in the world. I can't drop those when they get spammed, because many people are expecting to get to me through them. But if we made promiscuous addresses rare, we could use more whitelists and perhaps change the balance.
Perhaps if your average spam-buying-jackass@comcast.net were able to receive mail only from people he'd whitelisted, he'd get less spam and the spammers would give up. But that would be wildly inconvenient for him.
The point is, most of these could be built on top of SMTP, and any SMTP alternative you propose is going to have either promiscuity or conveninence problems. Just dropping SMTP just moves the problem to a new protocol but with massive infrastructure pain.
From the site:
[dmail] is a safe and secure platform which can not be penetrated by unwanted visitors or observers.
Uh-huh. I wonder if they know how crow tastes...
by not using anything. I didn't used to have spam before email, text messaging, and the postal system. Come on, some realistic solution please for the existing system!
You don't have to worry about this closed loop system. Why not just rely on some kind of messaging service instead of 'dmail'. The whole thing sounds kind of stupid considering the purpose of an email address is not to be "out of contact".
Besides, all a company has to do is close off their email gateway and they can accomplish the same thing this new 'innovation' provides.
I think that dmail is a big step backwards.
First we had email, then skipped one and got gmail...
Now someone wants us to take three steps backwards!
No thanks! I'll wait till they release hmail
It has the same function as only allowing people who are on your list of ok senders to receive emails from. Or a internal email system that allows only internal emails to be sent to other employees in a company.
TruePunk | Games
Time for a new /. Section:
Lame Product Announcements
I've had the same usa.net email address since '95
Their spam filtering (brightmail) has got better in the last few years. i used to get 20 a day now it's about 1 a day.
Spam just isn't the big problem it was. We have the tools to get rid of it.
I believe tomorrow they will come out with the service "digital slashdot" aka. dslashdot, where they take stupid premises and put them on a website that no one can access.
--"It's Bradford Company, slash your last name, dot your first name"
Thanks for modding me offtopic, no one could tell by the big "OT:" in the subject line.
Years ago I used Notes mail, cc-mail and profs on some IBM mainframe.. all were company wide 'private' mail systems that would allow selective communications with other parties (that used the same systems).
How is this dmail different in what it offers?
My first screen name as a kid was skywalkr42. odd.
This is neither new nor exciting, as it is possible with hotmail to block every message originating from someone not in one's contact list; spam, e-mail or otherwise. Thus a tight knit family could keep only those members on their contact list and see only their mail.(I'm sure Yahoo and every other webmail service has a similair feature.)Plus, no fancy exclusive e-mail system is going to fix Outlook Express, or the fact that people download and execute viruses despite any fancy warnings.
.gifs of Hentai...
I'm guilty of that myself, but when my very strange japanese friend (the one who was sent home from his year-long exchange to canada with one week left for threatening to kill his host family's dog) sent me an e-mail with a subject heading of SEX with no body and a 2.meg zip I figured it was
I was wrong, but at least I knew how to get it off my system and how to stop it from spreading.
Greylisting is the *only* implementation to kill spam. Not surprisingly it is free, easy to setup, and extremely effective. So far, spammer have been slow to catch on. Which is why I am not going to link to a site explaining how to implement it. Iowa State University recently switched to it and had an insane 95% SPAM reduction rate campus wide. It has worked so well that the email filter documentation never gets downloaded by students and staff anymore.
well i just walk over to the guy i want to communicate with and i use 'talk' ;-)
you can also use 'talk' (the program) if he's too far away, and it has no problem with spam.
Hey why not eliminate more than just spam, but network hacks and viruses. What we do is we put that email on a single box. All the "close knit" users sign on to the single box (no internet needed), how it works is that it gives each user a small slice of CPU time but changes so fast the users don't know its a single computer.
Actually no need to invent, HP Timesharing, Dec RSTS/E are available to run in emulation mode under your favorite O/S.
To Paraphrase Prince: Tonight we're going to compute like its 1979...
Exchange is XML based with a database back-end. It's got a very nice web front end and can be configured any way you'd like. AND, you can use Outlook if you want.
No typing @domain.com. No viruses. No spam. Gee, those things sure are easy to provide when you have 200 users and no internet e-mail connection.
- It's not the Macs I hate. It's Digg users. -
How about a role-based "register to view/edit forum" (tm), where each person is assigned a role where the permissions include "view messages to ME or from ME"?
stuff |
So this guy got a dozen Oscars, millions of dollars and still wants more!
Speak truth to power.
- First they ignore you, then they laugh at you, then ???, then profit.
Many people, after reading a site like this, may well prepare a salad or timbale des fruits without washing their hands. This can lead to itching, discomfort or bottom problems.
It is imperative after reading explicitly technological material to wash, scrub, scour, or better still, sand-blast your hands before doing anything else. In fact, to be totally safe, we suggest you cut them off and put them somewhere well away from dirt. This does not mean you can make a salad with the stumps. In fact, if you want to avoid serious illness, don't make salad at all, read books, or better still, be alive. I've been dead for over a year now and can honestly say I've never felt better.
Yours sincerely,
Brigadier N.Q.T.F. Sixpence (Mrs)
Any Sys Admin that can't set up a Jabber server and for extra security force users to tunnel in using something like OpenSSH ought to have his pay grade re-evaluated.
For those out there using Windows, simply tunnel into the server using Putty.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
Make your system totally secure from external attack - chop off the power cord!
Ah hell - Avoid everything... shoot yourself!
From dmails's "background information", page:
"secure messaging system which was instantaneous and able to transfer large files rapidly...a safe and secure platform which can not be penetrated by unwanted visitors or observers...exceptionally fast medium for accessing and exchanging large files such as music, images and film, with huge capacity. For starters, each dmail address will have one gigabyte of space... argeted at several niche sectors where its properties are particularly relevant. These include education, friends/family, teenage and corporate markets"
The *IAAs are going to love this if it takes off. But it has the same vulnerability as any "closed" system, it's brilliant at the beginning but if it grows beyond a certain number you get trolls and spammers.
Aren't those "worms"?
Freedom: "I won't!"
By not using computers
Yank the damn network cable out of your box, and use it all you want. People are just so used to the network, they just kinda forget that COMPUTER != INTERNET. Then, again, they had viruses before the internet (SneakerNet worms?).
Can I invite my nigerian friends into this private system. They have an excellent business opp...
This may sound blatantly naive, but given that SlashDot is a relatively open forum, why is it that we see hardly any spam at all in the SlashDot forums? Compared to virus-writing, it seems to be a trivial task to write a spambot that posts "Anonymous Coward" messages or even signs up real accounts before posting to forums.
Granted, we have trolls, offtopics, and flamebaits, but I have never seen anything close to what typical spam looks like when moderating and reading "flat" at level 0.
D15cr337 V14gr4 4 U!
Dmail isn't doing anything new. If SlashDot were a Usenet group, it'd be spammed just like the rest of the groups. If everyone had a different method of contacting them, it'd be too hard a problem for spammers to reach everyone.
This reminds me of a Private Email Netowrk I had in my mind when I was in university. Imagine a Private Email Network that comprises a number of courier servers and Agent clients interconnected by the Internet. In addition to the courier operated by univeristy itself, other couriers are operated by ISPs, telecommunications carriers, and private enterprises. All couriers interwork to form a coherent network serving all users. Each user is registered with and served by a single courier.
...in open systems. Any closed e-mail system has one significant drawback -- it does not allow you to receive e-mail from strangers. And most people need that. And any mailbox that allows e-mail from strangers will also get spam -- no matter what.
Great idea. But how would this new email standard work? How would it allow you to receive email from people you didn't know (new business leads, etc) whilst stopping email from people you don't know (spammers, etc)?
Or to put it another way, if you want a system that doesn't allow email in from people you don't know then the current system allows that. Simply setup a whitelist on your server, put in it everyone that you want to receive email from and then block all other emails (or do the same with filters/rules in your client). Viola - instant spam free email!
I ran something like this back in the early 1990s. I believe the software was called Telegard. My users had spam-free mail messages, and could also send message to other users on other boards via BBS networks. *sigh* Maybe they just want to bring back BBSes.
"Well, I am mad, and I'm a crazy fucka when it comes to tea"
If all the efforts that have gone into "fixing" email were instead put into replacing it with an inherantly more secure system, we might have gotten somewhere by now.
The only way to really fix email is to replace it. Of course it will suck, but it doesn't have to suck a lot. Obviously gateways between the old system and the new system will make the transision less painfull, and in several years when all you get from you EmailV1 gateway is SPAM, shut it off!
I'm suprised that there hasn't been a bigger move towards starting from scratch with the electronic mail concept.
SPAM
I read your post and wondered are you being serious? It sounds a bit sarcastic, but I am not sure. In fact I wonder about DMail in the first place. Am I the only person who sees dejavu all over again? Ever heard of Compuserve? Compuserve had mail that could only be sent among Compuserve users. Then later gateways were created, and eventually the Internet became popular. Why are we even considering this "brilliant" DMail solution? It just brings us back to before the Internet, and all associated problems.
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
* Se subject, I rest my case *
It's important to use the email filter rules much in the same way you'd use a firewall rulebase... as a sequential set of rules that increase or decrease in specificity depending on how you want to prioritize mail.
Some addresses need to receive from everybody. i.e. If you have an info@blah.org, you are expecting mail from unexpected sources. Then some addresses are personal. But here's where it gets interesting.
Years ago in high school, I had a civics teacher who looked like Mr. Burns from The Simpsons. Every year he begins the first day of class with these words:
MAN IS GREGARIOUS BY NATURE.
Indeed... We are social creatures. We also like feeling important. That is part of the reason I'm wasting my time on message boards pontificating on subjects that the people who already understand don't need to know, and the people who don't probably won't care for my opinion! But it makes me feel important that I have something to say.
So too is the nature of this thing called e-mail. Most people do not want to implement the easiest form of security (implicit deny-all w/a whitelist) because, hey, who knows... you might receive an important message from someone you don't know.
For example:
YOU MAY ALREADY HAVE WON TEN MILLION DOLLARS!
So there you are. The problem is, people aren't easily convinced that there are no truly important messages except those from people they alerady do know, who have business or personal interests with them that they already are aware of. Why? Well, probably because that would require admitting to ourselves that we're less famous or less important in the grander scheme of society than we fancy ourselves to be.
WHAT? WHAT? WHAT? OKAY!
Spammers and most mail servers are like audio equipment salesmen, they don't know when to shut up. That being said, I found that a challenge-response rule works well, but doesn't solve the bigger problem.
Sure, a challenge-response rule, if properly implemented, will drop inbound mail that doesn't pass the test... but there's just one problem.... two actually...
1. When a spammer gets an autoack challenge from a mail server they are attempting to send to (because C-R is not readily implemented at the application layer), now they know there's a box there. Their bulk mailer scripts don't care that there may not be a real person there... they'll waste your bandwidth all the same.
2. When an autoack challenge goes out to, say, a generic address that sends you maybe a confirmation of a credit card payment, that system sends an autoack back to you. Unless you are actively policing your rules every day, you're multiplying the amount of bandwidth being wasted by causing an autoack loop that doesn't stop until someone kills their autoacks or changes their ruleset. Waste of time, and resources.
So, until password authentication, or even DNS authentication (verifying that the rDNS for the sender's IP matches the senders e-mail address to confirm it wasn't spoofed) becomes an integral part of the application, challenge-response won't work very smoothly for most endusers who lack the scripting skills to build their own mail server running a C-R script far smarter than any deliberately vulnerable Microsoft application will ever be designed to offer--for obvious commercial reasons.
As this site can attest, making such specific functionalities part of the internet protocol itself is not a good idea. Challenge-response should exist at the application layer.
HEY, I THINK I GOT IT! A good security policy is to implement several layers of security. 1. The first layer of ru
You're still taking up screenspace, jackass, so you should be modded out of sight.
n4
By committing suicide now.
www.facebook.com/DareDefendOurRights
www.fairtax.org
A) whitelist-only doesn't protect against spoofing
/. article is completly mis-directing. From the article:
B) whitelist-only doesn't protect against your friends giving you viruses
C) whitelist-only still allows stupid HTML mail with 30 charachters of text and a 10k 'stationary' background image.
From scanning the article, it looks like it doesn't even use SMTP, POP, IMAP or anything else that would integrate with an email client.
In any case, as usual the
Hardware accepts dmail is not an "alternative to email" as the release claims, and cannot therefore eradicate spam. "I have a dmail account, but I could not do without email," he says. "I still get about 200 spams a day."
Think of it like that cell-phone service with the walkie-talkie feature. It's not a replacement, it's an addition.
The tech is there, it's just not braindead simple for windows morons...
Why go thru all this rigmarole, except to make sheds of cash for someone else?
TBird, Mozilla mail, Kmail and many other mail clients have PGP built-in and pretty easy to use.
Even without signing, building a secure MX infrastructure (in which only trusted MX hosts with keys can MX, and where privs can be revoked by a third party (such as a nation's postal authority and/or SSL cert authorities) for abuse) would give 'real' mail admins an incentive for securing users.. Hell, use a DNSSEC KEY record for the MX box...
It's the Tragedy of the Commons in action, and it is not as uncommon as one might think.
In essence, IM services are "walled E-Mail gardens". I know people who aren't totally tech savvy who use services like AIM and don't use E-mail. Granted, these tend to be "gramma" types who use messaging services to chat with the kids and grandkids, but the principle remains.
And for those who say it dosen't work: AIM + whitelisting works wonders.
It may sound a bit odd to a few of us "geeks", but some people only want to hear from people they know (i.e. have been formally introduced to). Spam is only encouraging a behaviour that people already practice on the phone (with Caller ID and/or answering machines) and their front door (with the little peep-hole).. if I don't know you, I ain't gonna talk to you.
Thanks, marketing departments of the world, for helping to create a more insular society.
The release makes a claim that others are entering the dmail market, saying that Google's gmail is a digital mail service, based on the fact that it stores messages in a database. "gmail isn't a closed system," admits Jackson. "It does have an email interface. It is the closest you get to us - it works on a back-end database."
While it is possibly these people are just charming eccentrics, we keep trying to see some longer term game. Hardware says there will be a "new angle" to the selling of dmail in future, and Jackson expects to get a patent on the dmail idea, claiming to have one pending on "the use of a database for communications".
Jackson has not bet his house on this bonkers scheme, but says he has a business plan and others have invested. We can only imagine there is another revenue stream, and it might have something to do with those pending patents. Could they be squaring up to sue Google?
Haven't they heard of Lotus Notes? It can be used for a private email system and guess what it's back-end is... a database.
Their business plan is:
1) Reinvent wheel.
2) Patent it.
3) PROFIT!!!
I don't know much about coding other than HMTL/CSS & hacking PHP scripts, but something like his can't be very difficult to develop or even integrate into existing email clients.
See a mailto link? Right-click it and "Add to Allowed Email Accouts".
Why I haven't seen something like this already is beyond me.
Left 4 Dead Gaming Group - http://www.l4dgg.com
...from something like Lotus Notes (with web client), that can be operated as a closed intranet mail system?
Or rather, how is this different from the many open source bullentin board systems that have their own internal messaging (with attachment) features? Can't vBulletin or phpBB be configured to do the same thing?
If this gets off the ground, there's going to be somebody out there who creates a bridge to the rest of the world from this otherwise proprietary network. It's the same thing they did with FidoNet, UUCP, and many other store-and-forward networks that were (or, as exists with Fight-o-net, still) out there.
This sig no verb.
Wrong attitude. This is not rocket surgery. Stretch your mind a bit. Think for yourself. Come up with a solution. It won't work, but you'll be in good company.
Sometimes seventeen/Syllables aren't enough to/Express a complete
This will not work with all spam, but it should be efficient against the likes of the nigerian scammers.
They send out millions of messages in the hope that a few people fall for it and reply. But if everybody replies showing fake interest, they can't sort out the real responses from the fake ones. If it takes them only 10 seconds to respond to an email, then 10000 fake responses will give them work for several days!
Even Joe Jobs are no problem since we don't multiply the messages (one response for one incoming). If someone wants to flood a mail box and is capable of sending millions of fake emails, he can as well send those emails directly to that mailbox.
what I have been thinking about and did a few post musings on when the subject of spam came up. A closed system, only cool guys inside, and verification. When google announced their email I had hoped it would be the same idea, because they had the size to pull it off, to get enough people to switch to it that it would force others to actually have verifiable addys so that spammers and virus spewers could be eliminated pronto. White list/black list is a good idea, it beats filtering and giving all email an initial whitelist permission. that's bass ackwards. Email needs to be assumed to be bogus until proven otherwise.
Big deal.. Private email is nothing new, and totally impractical in todays world, if you want to communicate with your customers or constituents...
---- Booth was a patriot ----
from choking by eliminating food.
B O R I N G
...back in the 80's I worked for CompuServe. They had :-).
quite a market for private email ("InfoPlex" anyone ?
Prize to the first person who tells me what FILGE stood for
Of course, the market existed because people wanted email,
not because they wanted to avoid spam....but I have had
thoughts lately of setting up a closed email system
or at the very least a whitelist syste to allow my kids
to have "safe" email. The idea is not all that weird.
---eludom
Delete all email that contains '' in the body!
Of course, now I can't email myself anything such as this comment.
Private email network. If you only allow mail from people registered with Orkut, you can always trace who's spamming you, if they are, and throw them off Orkut.
The only spam I have received has been of the Outlook virus variety, where someone with my address in their address book sends spam pretending to be someone else in their address book. I didn't open the attachments, and don't use Windows anyway, so it wouldn't have mattered. I've received maybe half a dozen such emails in a couple of years. That's it.
Here are the reasons I think I've managed to avoid spam:
- My new address is on a domain that I own, and the domain name is not a dictionary word, proper name, etc. So I think it's kept my domain "under the radar" of spammers.
- My old address is the administrative contact for my domain.
- My new address doesn't appear on my web site.
- My new address doesn't appear on Usenet.
- My new address doesn't go to any commercial interests.
I'm aware of several weaknesses of this approach - it's "security" through obscurity, people can't click a mailto: link on my site, and I have to maintain an account that receives spam, but the tradeoff is worth it to me. It's a little like wearing galoshes (rubbers, to those UK-ers) over nice shoes - a little more trouble, but it keeps my nice shoes clean, so I'm happy with the trade-off.For example, when I place an order on a web site and it sends a confirmation, I know I can quickly find it among the spam and chuck the rest. I use a web-based email to scan those, so I never open the junk.
If anyone has any suggested improvements, I'm all ears.
Here's what would await you on first login:
cold fusion errorNot only that, the login isn't even secure. Clear text http.
The dmail press release talks about a PR firm they hired to promote dmail. Looks like Techworld is nothing but a stringer.
Force ISPs NOT to transmit mails with forged "from" headers. i.e. user and domain used to log in into the SMTP server MUST be the user and domain used in the from field.
:-?
Allow ISPs to blacklist abusing users, and/or domains.
Or am I being too simplistic?
It is the same slogan as before. It was better in the old days, the weather was better before, the prices was lower and so on. Computers are here to stay. Nobody is going back to the typewriter. It should be easier to fine people spamming.
They sound an awful lot like spammer names - dunno if we can trust em.
Domain servers are trusted sources of information about name to IP mappings. If a dns lookup for that domain says that the email being received is from that server on that domain, then let the message through, otherwise reject it. This would seem to stop domain spoofing and although you can spoof a return address in snail mail, this doesn't seem to be a firm requirement with email. Still if I want to send email from a particular ip address without using domain names that should be valid, so this would require that no validation against dns be made, but doesn't the receiving email server have to negotiate a tcp connection with the originating computer, so that would mean that the receiving email server would "know" if the sending server really was at the same address that the email header said it was at and could validate user@ip.address just as easily as user@mailserver.domain.
Really the goal should not be to prevent the possibility of people contacting you, but to only accept messages to which you can respond back.
If you look at the main 3 things that people use email for you can find solutions for each of them: most people use it to email friends and family, they already know each-others email address so spam could easily be blocked, its just the first email that they might have to add to their ok list but after that its fine. websites often use email to confirm accounts so you can just use a separate address and grab their email from the top of the pile. people use email to contact companies/websites - instead just give them a web-form! (yes you can spam a form but why would you bother just to spam one address? And if you have any other reason to email a random person who doesnt expect you, then their email provider/server could have a simple challenge-response: the first email you send, they send back an automated reply that gives you a simple obvious question, finish-the-sentence or riddle that you need to send a reply too, it could even be something as simple as "the red cat sat on the mat, what colour was the cat?", once thats done you're on the ok list, does anyone see a problem here?
This comment does not represent the views or opinions of the user.
If we let them make us stop using email then they have won!
What comes first, finding a teacher or becoming a student?
What is required is a system where it costs money to email. Not much, but something. I think most people could afford 5 cents an email. But this would cripple the spammers. The method of payment could be worked out easily enough. And certified ISPs could distribute a limited number of free email credits to their customers. Enforcing the source of a given email is simply a matter of digital signatures (verified by a third party) the same way secure web sites work now. True, email client software would have to change. (At least there would have to be some proxy between current clients and their hosts, etc.) But this is all very doable. But I predict it will not get done, until Congress sets up an email authority. It's going to take a centralized management that most people can agree on. And it won't be Microsoft.
--Slashdot: News for Turds. Stuff that Splatters.
You too can join Slashmail without running the risk of (-1, Offtopic) mods from people who are using Slashdot without Slashmail. Just make an account and fill your journal.
So....its a really super-duper fancy "allow-only" list then, eh?
No . . . I am not affitiated with spamgourmet.com in anyway except as a satisfied user. For a while now I have been using disposable addresses for all of my online activities using the free service provided by http://www.spamgourmet.com . Basically disposable emails are created which forward a specified number of messages to your real account, after which all messages are "eaten." You can choose to continue to recieve email from any of your disposable addresses after they have expired.
You can get the same effect by signing up for hotmail and sending all mail from people NOT in your addressbook to the trash.
excitingthingstodo.blogspot.com
If you're one of the people still foolhardy enough to post messages without spam-gaurding your address to Usenet or some other public discussion space where address harvesters graze, and you regularly e-mail back and forth to some of those people privately as well as posting back and forth in the forum, then it is possible that you will get e-mails with apparent from lines from people you know, where the real email content is "|3UY V!AgrA n0W"; several of the spam-softwares appear to be (somewhat) biased to keep emails addresses together from common sources-- or at least, that's why I assume I regularly get spam from my old acquaintance Ed Ming's long defunct cyhpn.radnet address.
Of course, I'm old fashioned. I think "Hey Joe: Bob has his head up his arse again" is something better sent via email than in a post to a Usenet group. On the other hand, I seem to be very much in the minority, these days.
//Information does not want to be free; it wants to breed.
SPAM is not a technical issue, but a social one. As long as there is someone out there who buys as a result of these messages, they will continue.
We might be albe to reduce the amount of spam by micropayments or other technical solutions, but there are people out there who actiualy look forward to reading their SPAM so they can buy some new 'gadget'.
There was actiualy a story in slashdot before about an induvidual who regularly buys items from email ads.
If I remember correctly, 7% of recipients contact the company sending the ads, and of those, 30% actiualy buys the products. SPAM truely is an effective advertising tool.
I have a computer here that never gets any spam.
It's like magic!
Ever since I unplugged it, the spam has stopped.
And that's about how useful that dmail system will be. If nobody can mail you, you will get no spam.
I like the idea of 24-character randomly generated names in an email address.
If you want to email me, just send mail to
K5P3o2fx9uidJw98qF7rrio7@example.com
If you can actually remember it.
there are 3 kinds of people:
* those who can count
* those who can't
I just found out the program I have been writing all summer is all for naught. I actuallw was writing a program called D-Mail. Same exact idea, only things i did different is that mine was text only and it was a vb program not web based. its just scarry that they have everything identical except for those two differences. I guess my private d-mail system will be renamed and be even more private for just my friends. Just sux feeling like the program idea was stolen and rewritten :( But who knows they actually could have come up with the same idea. Its just hard to believe that they are that similar :( Sorry just a lil aggrivated at the moment.
avoid total frustration by not using an abacus.
PS I quit using computers- now I do all my work on apples (*waiting for worm joke).
none of the ideas here will even put a dent into spam.
in fact the most effective method posted here (whitelisting) cqan be completely useless, depending on which email addy u use.
how do you think spammers get email addreses? if you are on hotmail for instance, your addresss is sold a few days after it is created. if it isnt sold, it is given away. how do i know this? had tons of spam on one hotmail account, opened a totally new account, and before i even sent one email i was getting new spam. needless to say i ditched crappy hotmail.
spam will never be removed via technology. its the old addage, anything system that is made to deter can be circumvented.
imo a simple, real , and enforcedlaw will easily remove spam.
this law would have to look like this:
1 prison for spammers. and not just a country club executive prison, but a federal-pound-me-in-the-ass prison.
2 prison for anyone who knowingly hires a spammer to advertise their product.
3 fines. total assest siezure of any spammer who is causght. like drug assets, the felon would have to prove his assets did not come from criminal activity to be able to keep them. --this would motivate the governemt, and the legalsystem to actually enforce the law. it is amazing to note the difference in how motivated the us justice system is when they can sieze a large amount of money from someone, and when there is nothin in it for them.
4 fines. anyone advertizing with a spammer, knowingly or not, would have to pay a fine of 20$ for every email sent, this would b payable to the victim
5 more fines. a 5 million dollar fine to any isp that knowingly or unknowingly allows a spammer to use their service. the ips's argument of how can we know someone is spamming is ridiculous. the average person does not send more than 100 emails a day. infact very few people do. an isp can easily monitor high volume traffic. anyoen with more thaqn x amount of emails a day could be monitored by a script, and this script would easilt determine if the emails were all the same(as in ads) or if each one was unique, and how much they differed by, etc... those caught sending ads would need to prove it was not spam
if these simple concepts became law, spam would cease to be economically viable and disappear overnight
I usually keep one address for the few people I really want to talk to and never tell anyone else. It's fundamentally the same as having a closed network and costs nothing. A new technology that requires approval to send mail is cool, but we already have IM which requires the same. Friendster is also essentially a friend-only communications device too.
A friend of mine has been working on his version of this at http://www.capango.com/.
I'm not sure if I agree with him, but he makes some compelling arguments for this and why other forms of eradicating spam won't work.
Food for thought.
Doug
ive used email (BBS) since 1986, so does that mean I would require training?
Biggest PEAVE I have often with companies is that they disable ability to 'read' your personal emails that are on your isp or whatever via pop/imap. But web/html is ok... Well that was before, today with gmail its a hell lot easier so less of an issue to complain about.
Now what I want is squirealmail or some free linux web based email php/perl solution to look/act just like gmail in functionality but for your own mail boxes on the linux machine.
Liberty freedom are no1, not dicks in suits.
An internal "email" system? Haven't some of you intranet designers already thought of a closed user system for sending interoffice memos... or better yet, really awesome jokes? Actually, Microsoft has already patented this technology.
We built an internal messaging system into our operations software last July and purposely left out email capability. Spam-free communication is a lovely thing, indeed.
It dices.. and now it's available for one low payment of £15/year!* *shipping and handling not included.
Whether Iraq was or was not hiding WMD's is IMO beside the point. The real question is whether or not the potential increased safety of the American public was worth the lives of the THOUSANDS of Iraqis that have been killed by our government in the past year. Last I checked, people are people, and no one has any more right to live than another. Yay imperialism.
maybe a company should write a completely new smtp protocol, write clients and servers, and encrypt their traffic with rot13 or base64. its not as if people can reverse engineer anything that complicated....
Unfortunately folks, I just found a back way to register a Dmail account without paying for it. I figured I'd post it here to make the owners aware of it faster...
:P
Go to the site and click the register link on the top navigation. When you get to the next page, you'll see a space that you can input a "free code" or something like that. Put in whatever you like there, then click the button next to the box. Surprisingly, any word will work as a free code - The next page says your code has been accepted. Click the button on that page. The next page that comes up will give you an error, but it will also reference the page "wwreg.cfm". Type http://www.mydmail.com/wwreg.cfm into your browser. Strangely enough, the page that pops up says "thanks for your purchase" or something. from that page, you can actually set up an account! Go back to the main page and log in.
I've got screenshots of the inbox I have right here.
Friendly reminder: before you launch, fix all your security holes!
I stopped using personal email some time ago.
My friends now call me again.
My family now write me letters again.
We found we don't need instant, 24X7 communication. What were we thinking in 1995????
The only place I use email is at work, and they have a pretty effective SPAM filter, plus I don't post my work email address anywhere, ever. I get maybe 1 spam a week on average, and it's usually "legitimate" spam.
-- "In order to have power, I must be taken seriously." -Mojo Jojo