Slashdot Mirror


Certified Email Not Here to Reduce Spam

An anonymous reader writes "Goodmail CEO Richard Gingras surprised Legislators and advocacy groups today when he announced that the CertifiedMail program being implemented by AOL and Yahoo is not meant to reduce spam. Rather than helping to reduce spam Gingras claimed that the point is to allow users to verify who important messages are really from, like a message from your bank or credit card company."

8 of 197 comments (clear)

  1. Thats my motto. by Bill,+Shooter+of+Bul · · Score: 5, Insightful

    Its much easier to succeed, if you never try anything difficult.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  2. Won't help a bit by Opportunist · · Score: 5, Insightful

    Remember the paper from Harward dealing with phishing and why it works?

    People don't even notice security features. They don't notice HTTPS, they don't notice certificates, they don't even notice bogus URLs. Why should they notice a "verified" mail (or lack of this verification)?

    And those who do already know how to deal with phishing mails, they are already capable of discriminating between fraudulent and legit mails.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Money by Dorion+caun+Morgul · · Score: 4, Insightful

    It's all about money. I just can't wait until I get to pay 33 cents to send my Parents an email.

  4. In other words, we'll still get spam by GrumblyStuff · · Score: 5, Insightful

    So this is just a paid for whitelist?

    Hello, McFly?! If I'm expecting emails from my bank, I'll be putting them on my safelist anyway! Them and everyone in contacts, emails for forum notifications, newsletters that I want.

    This doesn't seem to be doing anything other than making money for someone else.

  5. Re:Secondary Effects by dgatwood · · Score: 4, Insightful
    Only if all of the banks and credit card companies use it, only if it is sufficiently standardized, and only if users are smart enough to notice that the message isn't "verified".

    The problem is, if most of the users were smart enough to realize that, we wouldn't have phishing because people wouldn't fall for it in the first place. I mean, it isn't exactly hard for users to realize that http://666.43.123.666/bankofamerica/mylogin.php isn't a valid BOA website. If they can't figure that out, why do you think this will be any different?

    *sigh*

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  6. Certified delivery of spam by kitzilla · · Score: 4, Insightful

    In other words, CertifiedMail is here to certify the delivery of spam by the "important" spammers who have the resources to pay for it.

    --
    This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
  7. There Will Be Spam by Gamzarme · · Score: 3, Insightful

    Oh yes, there will be spam..it seems to be here to stay.
    Just like every other problem the 'bad guys' face when exploiting the rest of the population, they will find away around this too.

    The news will be that if this practice does go into wide usage, spammers will turn toward draining large, anonymous bank accounts to fund their e-mail influxes.
    This 'tax' will only create more problems than necessary.

    My advice: leave what isn't broken alone and if you do have problems, then I suggest you install a good e-mail filter to pick out the spam that does get through.

    --
    Pat
  8. broken way to fix phishing too by Anonymous Coward · · Score: 3, Insightful

    say you're the bank of america, and you send your "transactional" mail with this GoodMail thing turned on and the little flag set. what about your other emails that you don't pay for? if any of your mail is sent uncertified, then phishers can just impersonate that "oh this is just one of those uncertified emails we the bank of america send you occasionally - click here to see our latest offers (requires SSN)".

    so suddenly you have to pay for _all_ your mail just to maintain your credibility. and then what if you cross the spam-complaint level goodmail sets accidentally and they throw you off their system (as they are contractually obliged to do)? does that mean that nobody will ever trust your mails again? do you get to send out one last certified mail saying "okay from now on pay no attention to that little flag?"

    it seems a really bad idea for a big company to place their credentials in trust with a third party and then let them charge them for every mail they send