Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beat Spam By Not Using Email

Posted by michael on from the works-for-me dept.

judgecorp writes "We had a press release - by post of course - about a scheme that eradicates spam and viruses. It's not email, oh no. It's digital mail or dmail, a private system that no one else can send messages to. Assuming it's genuine (and the PR person is called Mike Hardware) it uses XML and SQL to build a 1980s bulletin board, to sell to niche markets (such as very close-knit families). Our story is here, and if you don't hear from us again, it's because we are busy emailing ourselves with our two free dmail addresses. Peter Judge, Techworld"

24 of 314 comments (clear)

  1. New concept same stuff... by HackHackBoom · · Score: 4, Insightful

    I'm all for trying new concepts, but pardon my disgust. I'm an entrepreneur myself and I understand money makes the world go-round, but I shudder to think where we'd all be if the guys who came up with Apache were trying to start it now.

    D-Mail, G-Mail, PurplePokaDotMail are just more examples of someone trying to create, patent, exploit, etcetera when there are far more ethical and lucrative methods of making money. Of course this relies on people getting thier heads out of thier proverbial asses, but what can you do?

    --


    "It's not stealing if you don't get caught!"

    1. Re:New concept same stuff... by l4m3z0r · · Score: 5, Interesting

      A private mail exchange system is an awesome Idea, I'm sure tons of companies have home grown solutions already using email systems configured to not receive/send mail to people outside the company. This looks very intriguing to companys whose individual employees need to send lots of mail to eachother but not outside the company. Not only does it fight spam/viruses, but it helps keep documents confidential by not allowing employees to mail sensitive data around the net, it helps curb use of company resources for personal interests, and it decreases the amount of intervention IT staff will have in the daily operations of its employees. Less viruses mean less visits from IT staff which means more productivity accross the board. What can you be disgusted about when there is already a demand for the product? They arent trying to force something unwanted to anyone, they are recognizing legitimate need and demand and catering to it. Bravo.

    2. Re:New concept same stuff... by SkyWalk423 · · Score: 4, Interesting

      There is nothing unethical about parting morons from their money. And I might also add, it's a quite lucrative endeavor!

    3. Re:New concept same stuff... by Anonymous Coward · · Score: 4, Insightful

      Any mail exchange system could be made private by simply blocking port 25 on the external firewall. It's like magic.

    4. Re:New concept same stuff... by JAgostoni · · Score: 5, Interesting

      Even more so than that most email systems have a configuration option (sometimes even per-user) that can disable public/internet email exchange. Even Microsoft Exchange has that! At my company, internet email is actually turned off by default until the user takes a "training" course on how to use the Internet properly. Interestingly enough, the words "spam" appear nowhere in that training.

      --

      -----
      Web Hosting @ HostForADollar.com
  2. And avoid viruses by Anonymous Coward · · Score: 5, Funny

    By not using computers.

    Now where did I put that abacus?

    1. Re:And avoid viruses by blibloblu · · Score: 5, Funny

      Ink and paper: tried that also. Unfortunately, people wouldn't appreciate my sending HTML letters (which took so much time to write down).

    2. Re:And avoid viruses by Feanturi · · Score: 4, Funny

      Now where did I put that abacus?

      I'm sorry, I coughed on it, better make sure to scan it for infection first.

  3. Beat seasonal allergies too! by JohnGrahamCumming · · Score: 4, Funny

    I recently beat seasonal allergies without relying on any medicine at all. I simply decapitated myself with a steak knife. It was so easy, no more running nose, or red, watery eyes!

    John.

    PS And there's an added benefit: I can't see the hideous /. IT color scheme any more!

  4. Waiting for dmail rev 2... by DamienMcKenna · · Score: 4, Funny

    I'm waiting for dmail rev 2 that adds on network-to-network communication, so you can dmail your friends without having to have an account on every single different network. Oh, wait..

    Damien

  5. Slashdotted by Nos. · · Score: 5, Interesting

    So I can't read the articles, but I don't see anything here that setting up a whitelist only mail server doesn't do

  6. Um, isn't this just a webpage? by Clinoti · · Score: 4, Insightful

    A proprietary system that no one can post to coupled with a password needed to view said content sounds suspiciously like a static second level webpage or a ssl private network. Just...like...a...private forum. We do the same thing here at work for vendors who buy our products, a static page updated weekly by the sales department that only x amount of vendors have access to, they can read their mail "posted specials" and later send updates to the dmail admin "webmaster" or "sales". Let's just face it. Spam as much as I hate it is here to stay. Yes we can all agree that eventually the systems will get better at defeating spam and bulk mailings, but the brilliant minds that are developing the stopping systems have the brilliant minds that are bent on defeating those other brilliant minds. But removing the system from the culprits is a novel approach, lets just not herald it as the end or even a stepping stone to stopping spam.

    --

    Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep

  7. multiple Emails... by Moonlapse · · Score: 5, Funny

    Just do what i do. One email address for pr0n. One for serious stuff. One for each girlfriend. Then another one for some more pr0n.

    --
    - I got my free iPod and a free Nintendo DS....why not
    1. Re:multiple Emails... by Anonymous Coward · · Score: 5, Funny

      so you have 2 emails then?

  8. What a stupid idea by hoggoth · · Score: 4, Interesting

    This is functionally equivelant to using a whitelist-only filter on your email, only worse in every way.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
    1. Re:What a stupid idea by alexjohns · · Score: 4, Funny
      Dammit, I finally had an insightful comment to something and you beat me to it. Hope you're happy.

      You could have at least spelled equivalent right. I would have. :p

  9. At least it's got a limit... by Tony+Hoyle · · Score: 4, Funny

    On current trends there are only 25 possible names of mail services (given that E is already taken).

    google got G, and these guys have claimed D.

    That leaves only 23 more slashdot headlines before people have to start being original! Heck, maybe they'll actually invent someting new (or maybe that's too optimistic)...

    1. Re:At least it's got a limit... by Plutor · · Score: 4, Funny

      Amail, Bmail, Cmail, Dmail, Email, Fmail, Gmail, Hmail, Imail, Jmail, Kmail, Lmail, Mmail, Nmail, Omail, Pmail, Qmail, Rmail, Smail, Tmail, Umail, Vmail, Wmail, Xmail, Ymail, and Zmail

      Sorry.

  10. Re:eMail replacement. by bobintetley · · Score: 5, Insightful

    IMHO completely dropping email as we have it now is the only way against spam. No matter what's been done so far has kept existing email infrastructure as legacy. A new extension on top of email might get some play, but it's all irrelevant while the same system is still able to be used for spam.

    This comes up every time someone mentions spam. You simply cannot have a decentralised, free, messaging system without a small minority of people abusing it.

    Think of it as the price you pay for having a decentralised, free line of communication. This is a social rather than technological problem and I'd rather have spam than a tightly controlled mail solution that could be taken away from me or cost me more money.

  11. How is this a solution? by artemis67 · · Score: 4, Interesting

    This is nothing more than a fancy white-list, from what I can tell (the TechWorld article is slashdotted.)

    Yes, a closed system that has user authentication built-in from the start has been proposed many, many times. The problem is getting the rest of the world to adopt such a system.

    Just like the idea of charging a fractional penny to send an email and collecting a fractional penny when you receive one, so that email costs and revenues are balanced for the average person, but costs are astronomical for the spammer. Interesting idea, now how do you convert the planet over?

    The solution to spam seems easy enough; it's the implementation that's the problem.

  12. Re:eMail replacement. by photon317 · · Score: 4, Interesting


    Actually, you can have a decentralised free messaging system that's immune to the types of abuses we see today (spam). We already have the smtp email foundation to build it on top of, and it's pretty damn simple to do. If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust". If you make spam completely accountable to a real-world entity via cryptography, it largely solves the problem, because the problem is so easy to solve at that point.

    There's already some competing standards for this stuff, and Enigmail (in moz and thunderbird) supports at least two of them. I'm pretty sure you can get an email cert from one of a few authorities pretty cheaply.

    So, it really comes down to convincing the users, which is largely the job of email client vendors. When you first set up your account in Outlook, Thunderbird, or whatever, there should be a dialog box to the effect of:

    Please click "Use Existing" to use an existing email certificate for this account, or click "Create" to create a new certificate....

    With pointers to signing authorities and an explanation that the user would be doing their part to prevent spam if they would just take this simple measure.

    Eventually everyone notices that all their legit email is signed, and starts turning on that "kill all unsigned mail" option in their mail client, and poof goes the spam problem.

    --
    11*43+456^2
  13. Re:eMail replacement. by gl4ss · · Score: 4, Insightful

    ***. If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust".***

    that wouldn't be free & decentralised anymore.
    if you want to have the ability to receive messages from total strangers, you have the ability to receive totally useless messages(spam) from them as well.

    --
    world was created 5 seconds before this post as it is.
  14. obChecklist by spoonyfork · · Score: 5, Funny
    Your post advocates a

    (*) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (*) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    (*) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (*) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (*) Huge existing software investment in SMTP
    (*) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (*) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (*) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    (*) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (*) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
    --
    Speak truth to power.
  15. Re:eMail replacement. by MemRaven · · Score: 4, Insightful
    I used to agree with this, except that there are three big issues with it given the current infrastructure:
    • You have to trust that the certificate providers that you're going to "trust" are properly dealing with spamming customers. Because otherwise, it would be relatively easy to send spam, it's just that you guarantee that you can know the email address of the person who's spamming you. Or, rather, you can guarantee that the email address which was on the outbound message matches the one that the provider issued. This means that you can still get spam, it's just that you know an email address was successfully provided at oen point for that spam.
    • What about phishing scams where they take your password? You think they won't find a way to get the private key for your certificate store, and then use your certificate to run joe jobs against you? Think again. As long as you have clueless users out on the internet, they'll be able to do crappy things with anything which relies on user-level security.
    • What do you do with webmail systems? There's no way outside of something like ActiveX for me to client-side sign my outbound email, and even if there was, there wouldn't be a way to deal with the whole kiosk problem (I want to walk up to an internet browser and be able to check my email). I could offload the signing onto the webmail system, but then that's not terribly secure, because the people I send email to can't necessarily trust that it was me (and not Yahoo Mail) who actually drafted the email. Also, if I have a simple password, again, that could be cracked, and anybody could send email as me. While this one might seem a unique problem with things like Hotmail and the like (which you might not want to allow mail from anyway), think of the number of corporate users who rely on things like Outlook Web Access (which will soon support client-side signing, but only if you're running MSIE on Windows and are at a machine where you can control the hardware to get your private key pair installed correctly).
    So while S/MIME and equivalent systems are useful in the fight against spam, they aren't panaceas because the rest of the infrastructure (particularly webmail systems) can't deal with them.