Slashdot Mirror
Beat Spam By Not Using Email
judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"
I'm all for trying new concepts, but pardon my disgust. I'm an entrepreneur myself and I understand money makes the world go-round, but I shudder to think where we'd all be if the guys who came up with Apache were trying to start it now.
D-Mail, G-Mail, PurplePokaDotMail are just more examples of someone trying to create, patent, exploit, etcetera when there are far more ethical and lucrative methods of making money. Of course this relies on people getting thier heads out of thier proverbial asses, but what can you do?
"It's not stealing if you don't get caught!"
By not using computers.
Now where did I put that abacus?
I recently beat seasonal allergies without relying on any medicine at all. I simply decapitated myself with a steak knife. It was so easy, no more running nose, or red, watery eyes!
/. IT color scheme any more!
John.
PS And there's an added benefit: I can't see the hideous
Back some time ago... I knew of a horrid little web based email proggy.
It was of course, dmail's web front end and then there was of course dmail's own mailer.
I wasn't much of a fan of either application.
In any event, the point is, someone already has that name. It is entirely possible the company is now defunct or sold and then molested into oblivion.
I wonder if it is the same company?
So many questions and so little names...
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
I'm waiting for dmail rev 2 that adds on network-to-network communication, so you can dmail your friends without having to have an account on every single different network. Oh, wait..
Damien
So I can't read the articles, but I don't see anything here that setting up a whitelist only mail server doesn't do
IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.
Drop email. Drop SMTP. Change the ports it uses. Change the entire system, and scrap what's gone before and start again. Make it PURPOSELY incompatible.
Unless of course you want to keep getting spam. If so, keep using email as it is.
A proprietary system that no one can post to coupled with a password needed to view said content sounds suspiciously like a static second level webpage or a ssl private network. Just...like...a...private forum. We do the same thing here at work for vendors who buy our products, a static page updated weekly by the sales department that only x amount of vendors have access to, they can read their mail "posted specials" and later send updates to the dmail admin "webmaster" or "sales". Let's just face it. Spam as much as I hate it is here to stay. Yes we can all agree that eventually the systems will get better at defeating spam and bulk mailings, but the brilliant minds that are developing the stopping systems have the brilliant minds that are bent on defeating those other brilliant minds. But removing the system from the culprits is a novel approach, lets just not herald it as the end or even a stepping stone to stopping spam.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
Just do what i do. One email address for pr0n. One for serious stuff. One for each girlfriend. Then another one for some more pr0n.
- I got my free iPod and a free Nintendo DS....why not
This is functionally equivelant to using a whitelist-only filter on your email, only worse in every way.
- For the complete works of Shakespeare: cat
On current trends there are only 25 possible names of mail services (given that E is already taken).
google got G, and these guys have claimed D.
That leaves only 23 more slashdot headlines before people have to start being original! Heck, maybe they'll actually invent someting new (or maybe that's too optimistic)...
I use a system called sMail (for Snail Mail).
Its a new technology involving ink and paper.
Obviously, if you cut yourself off of the system, you won't get spam from it. I don't get email spam on my IRC connection, either. It's only worth anything if it's an open standard and fixes the design flaws in current email protocols. Considering that this is not at all hard to do, I am stunned each time that people haven't switched to something better than SMTP yet.
Please correct me if I got my facts wrong.
Beat Spam By Not Using Email
:)
To avoid viruses and hackers and such, they used to turn off their servers every night when no one was in the office to monitor them...
It wasn't too hard to get an offsite hosting contract though
"If you think you have things under control, you're not going fast enough." --Mario Andretti
...oh, wait. Too late!
And now we get blog spam and forum trolls, whereas a well filtered Usenet feed (such as Uni Berlin) is now extremely useful.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
The strength of SMTP/POP3 e-mail system is that you can get e-mail from people that you've never heard of... the weakness of the SMTP/POP3 e-mail us that your inbox is wide open for anybody who wants in, and that means spammers who you never heard of and would rather never hear from.
/. in the form of a story in this puke-brown section that totally clashes with the normal geek-green. :)
Of course, a closed invitation-only community will stay mostly spam-free because anybody who does spam will get booted rather quickly, and the community will move on without them.
We've already seen blog spam when no registration is required to post a comment... but blogs that require commenters register are mostly spam-free because no spam bot is good enough to remember to register at a zillion sites.
In short, there are times where "closed" systems are better than "open" ones. And isn't it interesting that they tend to come to
But they're also much more annoying to use - first you have to find a decent forum. Then you (often) have to register. Then you find that actually you get flamed for posting a newbie question - but the search is so useless that you can't find the answer that was posted last week (and it's all .asp and not indexed by google).
Then you go back to usenet.
This is nothing more than a fancy white-list, from what I can tell (the TechWorld article is slashdotted.)
Yes, a closed system that has user authentication built-in from the start has been proposed many, many times. The problem is getting the rest of the world to adopt such a system.
Just like the idea of charging a fractional penny to send an email and collecting a fractional penny when you receive one, so that email costs and revenues are balanced for the average person, but costs are astronomical for the spammer. Interesting idea, now how do you convert the planet over?
The solution to spam seems easy enough; it's the implementation that's the problem.
http://story.news.yahoo.com/news?tmpl=story&cid=74 &e=4&u=/cmp/47102042
According to E-mail security vendor MX Logic Inc., spammers are trying to make their messages appear more legitimate by adopting the Sender Policy Framework (SPF), which recently became part of Microsoft's Sender ID proposal.
Congratulations, they invented the BBS !
Interestingly, I've been trying to find time to start an IBM Domino based BBS for my neighborhood. Yes, I started an i-neighbors thingy, but it would still be cool to have our own local site. (rembering the good 'ol days of 300 baud dialup
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
With a close-knit group, why not use PGP encryption for authentication of the sender? The close-knit group can scale to include hundreds of thousands, millions of people. And it doesn't need any other software, while reaching all the people on unenhanced email, as well as all the email integrated applications.
--
make install -not war
Challenge response seems to do the same thing - block all email except the ones you want through. Works well for me (I use http://www.spamarrest.com/ which is pretty good for $30 a year, saves me downloading the emails first)
Nothing costs nothing
Disclaimer: I've only read a little bit of their web site.
From what I've read and can guess, this sounds like a private version of an online service. Think 1990's AOL, only on a micro-scale: to access the private network, you must have the correct network addresses and be an approved member. The network doesn't allow messages originating from outside the network, nor I imagine, can you send messages to external addresses. (Anyone with more specifics, feel free to correct me.)
Sounds like they have some encryption and allow direct downloads within the private circle of members
Eh? This sounds extremely fishy. I'm sure the technologies being implemented here are nothing new.
Sounds like you are in a private country club and are only playing with other people who can enter the club. Nobody gets in and nobody leaves... including telephone calls or anything else... it's like the outside world no longer exists once you enter, and for those in the outside world, it's as though the private country club doesn't exist... and ne'er the two shall meet.
Seems to me that this is analogous to Closed Circuit TV but just running over the existing broadcast spectrum in encrypted form (or something along those lines).
But practically speaking, isn't this like operating your own version of Jabber, but crippling it with a "feature" that prevents you from contacting (receiving from and sending to) anyone who's not listed in your buddies list and also using the exact same version of Jabber client?
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
I know I don't speak only for myself. Really, how could anyone ever forgo the art of a well-crafted letter, scribed with a feather quill, and sealed with wax warmed by a smoky taper?
I hardly think that email will ever catch on. In fact, the very idea fills me with mirth! RFLOL!
Your ally in words,
teamhasnoi
P.S. Did you see the series premiere of 'Joey'? A smashing success by any measure! : ) LOL!
- The 'old-style' email where anyone could send a message to everyone, that all the traditional MTAs (mail transfer agents) supported. Anonymous messaging is desirable in this system.
- The 'new-style' email where everyone wants to silently drop messages from spammers they don't like; and corporationos want to silently drop messages they don't want employees to get, etc. Anonymous messaging is scary in this system (corporations don't like it); and in contrast, control is a key feature.
The first requirement's needs were very well met by sendmail, etc; and really don't need to be forced in a corporate environment.Nothing really met the second (intentionally lossy (some would say broken)) requirements for corporations who wanted to make sure that many mails did not get delivered.
I welcome the day that all the guys with different requirements from sendmail simply move on to some other messaging system rather than try to screw with something that's worked well for decades (SPF, etc).
The trick is, what do you replace it with? There are a lot of design constraints on email, among them:
* Sending message should be free or extremely cheap
* It should not be required to receive an invitation to talk to somebody
You can quibble with those requirements if you want to design a new system, but if you follow them any system you propose risks being spam-ridden. The spammers will not say, "Oh, gee, they've all moved to a different port and protocol, let's forget it then." They'll adopt any new protocol, faster than users will.
So what about present email are you willing to give up? Converting from "free" to "extremely cheap" sounds promising, but it's still prone to the army of zombies, and exchanging trivial amounts of cash is still difficult and expensive.
There are various ways to introduce blocks in the "anybody can talk to anybody" system. Some systems email you back when you send me a message for the first time, which at least proves the existence of a back path and to a small degree a real human (not a zombie) on the other end. Bayesian filters provide extra points to people who have emailed you before without excluding people you've never heard of.
Or maybe we weaken the second requirement by distinguishing between promiscuous and non-promiscuous addresses. My friends email me at one account, and if I could I'd give each of them a separate address. People I trust less get different accounts. People who break the trust find that the address disappears, and because those addresses aren't promiscuous, relatively few other people are inconvenienced by that. I've effectively whitelisted those addresses.
But I also monitor info@foo.com email addresses, which really do want to take email from anybody in the world. I can't drop those when they get spammed, because many people are expecting to get to me through them. But if we made promiscuous addresses rare, we could use more whitelists and perhaps change the balance.
Perhaps if your average spam-buying-jackass@comcast.net were able to receive mail only from people he'd whitelisted, he'd get less spam and the spammers would give up. But that would be wildly inconvenient for him.
The point is, most of these could be built on top of SMTP, and any SMTP alternative you propose is going to have either promiscuity or conveninence problems. Just dropping SMTP just moves the problem to a new protocol but with massive infrastructure pain.
You don't have to worry about this closed loop system. Why not just rely on some kind of messaging service instead of 'dmail'. The whole thing sounds kind of stupid considering the purpose of an email address is not to be "out of contact".
Besides, all a company has to do is close off their email gateway and they can accomplish the same thing this new 'innovation' provides.
Time for a new /. Section:
Lame Product Announcements
I believe tomorrow they will come out with the service "digital slashdot" aka. dslashdot, where they take stupid premises and put them on a website that no one can access.
--"It's Bradford Company, slash your last name, dot your first name"
Exchange is XML based with a database back-end. It's got a very nice web front end and can be configured any way you'd like. AND, you can use Outlook if you want.
No typing @domain.com. No viruses. No spam. Gee, those things sure are easy to provide when you have 200 users and no internet e-mail connection.
- It's not the Macs I hate. It's Digg users. -
Speak truth to power.
Any Sys Admin that can't set up a Jabber server and for extra security force users to tunnel in using something like OpenSSH ought to have his pay grade re-evaluated.
For those out there using Windows, simply tunnel into the server using Putty.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
From dmails's "background information", page:
"secure messaging system which was instantaneous and able to transfer large files rapidly...a safe and secure platform which can not be penetrated by unwanted visitors or observers...exceptionally fast medium for accessing and exchanging large files such as music, images and film, with huge capacity. For starters, each dmail address will have one gigabyte of space... argeted at several niche sectors where its properties are particularly relevant. These include education, friends/family, teenage and corporate markets"
The *IAAs are going to love this if it takes off. But it has the same vulnerability as any "closed" system, it's brilliant at the beginning but if it grows beyond a certain number you get trolls and spammers.
Can I invite my nigerian friends into this private system. They have an excellent business opp...
This may sound blatantly naive, but given that SlashDot is a relatively open forum, why is it that we see hardly any spam at all in the SlashDot forums? Compared to virus-writing, it seems to be a trivial task to write a spambot that posts "Anonymous Coward" messages or even signs up real accounts before posting to forums.
Granted, we have trolls, offtopics, and flamebaits, but I have never seen anything close to what typical spam looks like when moderating and reading "flat" at level 0.
D15cr337 V14gr4 4 U!
Dmail isn't doing anything new. If SlashDot were a Usenet group, it'd be spammed just like the rest of the groups. If everyone had a different method of contacting them, it'd be too hard a problem for spammers to reach everyone.
It's important to use the email filter rules much in the same way you'd use a firewall rulebase... as a sequential set of rules that increase or decrease in specificity depending on how you want to prioritize mail.
Some addresses need to receive from everybody. i.e. If you have an info@blah.org, you are expecting mail from unexpected sources. Then some addresses are personal. But here's where it gets interesting.
Years ago in high school, I had a civics teacher who looked like Mr. Burns from The Simpsons. Every year he begins the first day of class with these words:
MAN IS GREGARIOUS BY NATURE.
Indeed... We are social creatures. We also like feeling important. That is part of the reason I'm wasting my time on message boards pontificating on subjects that the people who already understand don't need to know, and the people who don't probably won't care for my opinion! But it makes me feel important that I have something to say.
So too is the nature of this thing called e-mail. Most people do not want to implement the easiest form of security (implicit deny-all w/a whitelist) because, hey, who knows... you might receive an important message from someone you don't know.
For example:
YOU MAY ALREADY HAVE WON TEN MILLION DOLLARS!
So there you are. The problem is, people aren't easily convinced that there are no truly important messages except those from people they alerady do know, who have business or personal interests with them that they already are aware of. Why? Well, probably because that would require admitting to ourselves that we're less famous or less important in the grander scheme of society than we fancy ourselves to be.
WHAT? WHAT? WHAT? OKAY!
Spammers and most mail servers are like audio equipment salesmen, they don't know when to shut up. That being said, I found that a challenge-response rule works well, but doesn't solve the bigger problem.
Sure, a challenge-response rule, if properly implemented, will drop inbound mail that doesn't pass the test... but there's just one problem.... two actually...
1. When a spammer gets an autoack challenge from a mail server they are attempting to send to (because C-R is not readily implemented at the application layer), now they know there's a box there. Their bulk mailer scripts don't care that there may not be a real person there... they'll waste your bandwidth all the same.
2. When an autoack challenge goes out to, say, a generic address that sends you maybe a confirmation of a credit card payment, that system sends an autoack back to you. Unless you are actively policing your rules every day, you're multiplying the amount of bandwidth being wasted by causing an autoack loop that doesn't stop until someone kills their autoacks or changes their ruleset. Waste of time, and resources.
So, until password authentication, or even DNS authentication (verifying that the rDNS for the sender's IP matches the senders e-mail address to confirm it wasn't spoofed) becomes an integral part of the application, challenge-response won't work very smoothly for most endusers who lack the scripting skills to build their own mail server running a C-R script far smarter than any deliberately vulnerable Microsoft application will ever be designed to offer--for obvious commercial reasons.
As this site can attest, making such specific functionalities part of the internet protocol itself is not a good idea. Challenge-response should exist at the application layer.
HEY, I THINK I GOT IT! A good security policy is to implement several layers of security. 1. The first layer of ru
It's the Tragedy of the Commons in action, and it is not as uncommon as one might think.
In essence, IM services are "walled E-Mail gardens". I know people who aren't totally tech savvy who use services like AIM and don't use E-mail. Granted, these tend to be "gramma" types who use messaging services to chat with the kids and grandkids, but the principle remains.
And for those who say it dosen't work: AIM + whitelisting works wonders.
It may sound a bit odd to a few of us "geeks", but some people only want to hear from people they know (i.e. have been formally introduced to). Spam is only encouraging a behaviour that people already practice on the phone (with Caller ID and/or answering machines) and their front door (with the little peep-hole).. if I don't know you, I ain't gonna talk to you.
Thanks, marketing departments of the world, for helping to create a more insular society.
...back in the 80's I worked for CompuServe. They had :-).
quite a market for private email ("InfoPlex" anyone ?
Prize to the first person who tells me what FILGE stood for
Of course, the market existed because people wanted email,
not because they wanted to avoid spam....but I have had
thoughts lately of setting up a closed email system
or at the very least a whitelist syste to allow my kids
to have "safe" email. The idea is not all that weird.
---eludom
Private email network. If you only allow mail from people registered with Orkut, you can always trace who's spamming you, if they are, and throw them off Orkut.
The only spam I have received has been of the Outlook virus variety, where someone with my address in their address book sends spam pretending to be someone else in their address book. I didn't open the attachments, and don't use Windows anyway, so it wouldn't have mattered. I've received maybe half a dozen such emails in a couple of years. That's it.
Here are the reasons I think I've managed to avoid spam:
- My new address is on a domain that I own, and the domain name is not a dictionary word, proper name, etc. So I think it's kept my domain "under the radar" of spammers.
- My old address is the administrative contact for my domain.
- My new address doesn't appear on my web site.
- My new address doesn't appear on Usenet.
- My new address doesn't go to any commercial interests.
I'm aware of several weaknesses of this approach - it's "security" through obscurity, people can't click a mailto: link on my site, and I have to maintain an account that receives spam, but the tradeoff is worth it to me. It's a little like wearing galoshes (rubbers, to those UK-ers) over nice shoes - a little more trouble, but it keeps my nice shoes clean, so I'm happy with the trade-off.For example, when I place an order on a web site and it sends a confirmation, I know I can quickly find it among the spam and chuck the rest. I use a web-based email to scan those, so I never open the junk.
If anyone has any suggested improvements, I'm all ears.
The problem is...what if you check your work e-mail from home and try to send out from it. It gets rejected. So suddenly you have to have another SMTP server to go through.
By the way, the reason Rogers put that in place was the fact that their SMTP server was being used for spamming. The problem was it wasn't the internal users spamming. Their mail server was sitting ass-open on the internet. Everyone was sending through it. After enough people complained they finally openned it up internally again. (they had a bunch of monkeys running their network).
RoundTop