Beat Spam By Not Using Email
judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"
I'm all for trying new concepts, but pardon my disgust. I'm an entrepreneur myself and I understand money makes the world go-round, but I shudder to think where we'd all be if the guys who came up with Apache were trying to start it now.
D-Mail, G-Mail, PurplePokaDotMail are just more examples of someone trying to create, patent, exploit, etcetera when there are far more ethical and lucrative methods of making money. Of course this relies on people getting thier heads out of thier proverbial asses, but what can you do?
"It's not stealing if you don't get caught!"
IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.
Drop email. Drop SMTP. Change the ports it uses. Change the entire system, and scrap what's gone before and start again. Make it PURPOSELY incompatible.
Unless of course you want to keep getting spam. If so, keep using email as it is.
A proprietary system that no one can post to coupled with a password needed to view said content sounds suspiciously like a static second level webpage or a ssl private network. Just...like...a...private forum. We do the same thing here at work for vendors who buy our products, a static page updated weekly by the sales department that only x amount of vendors have access to, they can read their mail "posted specials" and later send updates to the dmail admin "webmaster" or "sales". Let's just face it. Spam as much as I hate it is here to stay. Yes we can all agree that eventually the systems will get better at defeating spam and bulk mailings, but the brilliant minds that are developing the stopping systems have the brilliant minds that are bent on defeating those other brilliant minds. But removing the system from the culprits is a novel approach, lets just not herald it as the end or even a stepping stone to stopping spam.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
The trick is, what do you replace it with? There are a lot of design constraints on email, among them:
* Sending message should be free or extremely cheap
* It should not be required to receive an invitation to talk to somebody
You can quibble with those requirements if you want to design a new system, but if you follow them any system you propose risks being spam-ridden. The spammers will not say, "Oh, gee, they've all moved to a different port and protocol, let's forget it then." They'll adopt any new protocol, faster than users will.
So what about present email are you willing to give up? Converting from "free" to "extremely cheap" sounds promising, but it's still prone to the army of zombies, and exchanging trivial amounts of cash is still difficult and expensive.
There are various ways to introduce blocks in the "anybody can talk to anybody" system. Some systems email you back when you send me a message for the first time, which at least proves the existence of a back path and to a small degree a real human (not a zombie) on the other end. Bayesian filters provide extra points to people who have emailed you before without excluding people you've never heard of.
Or maybe we weaken the second requirement by distinguishing between promiscuous and non-promiscuous addresses. My friends email me at one account, and if I could I'd give each of them a separate address. People I trust less get different accounts. People who break the trust find that the address disappears, and because those addresses aren't promiscuous, relatively few other people are inconvenienced by that. I've effectively whitelisted those addresses.
But I also monitor info@foo.com email addresses, which really do want to take email from anybody in the world. I can't drop those when they get spammed, because many people are expecting to get to me through them. But if we made promiscuous addresses rare, we could use more whitelists and perhaps change the balance.
Perhaps if your average spam-buying-jackass@comcast.net were able to receive mail only from people he'd whitelisted, he'd get less spam and the spammers would give up. But that would be wildly inconvenient for him.
The point is, most of these could be built on top of SMTP, and any SMTP alternative you propose is going to have either promiscuity or conveninence problems. Just dropping SMTP just moves the problem to a new protocol but with massive infrastructure pain.
Time for a new /. Section:
Lame Product Announcements