Slashdot Mirror

← Back to Stories (view on slashdot.org)

Certified Email Not Here to Reduce Spam

Posted by ryuzaki0 on from the you've-got-spam dept.

An anonymous reader writes "Goodmail CEO Richard Gingras surprised Legislators and advocacy groups today when he announced that the CertifiedMail program being implemented by AOL and Yahoo is not meant to reduce spam. Rather than helping to reduce spam Gingras claimed that the point is to allow users to verify who important messages are really from, like a message from your bank or credit card company."

8 of 197 comments (clear)

  1. Thats my motto. by Bill,+Shooter+of+Bul · · Score: 5, Insightful

    Its much easier to succeed, if you never try anything difficult.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  2. Won't help a bit by Opportunist · · Score: 5, Insightful

    Remember the paper from Harward dealing with phishing and why it works?

    People don't even notice security features. They don't notice HTTPS, they don't notice certificates, they don't even notice bogus URLs. Why should they notice a "verified" mail (or lack of this verification)?

    And those who do already know how to deal with phishing mails, they are already capable of discriminating between fraudulent and legit mails.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. In other words, we'll still get spam by GrumblyStuff · · Score: 5, Insightful

    So this is just a paid for whitelist?

    Hello, McFly?! If I'm expecting emails from my bank, I'll be putting them on my safelist anyway! Them and everyone in contacts, emails for forum notifications, newsletters that I want.

    This doesn't seem to be doing anything other than making money for someone else.

  4. Anyone detect hypocrisy? by suv4x4 · · Score: 5, Interesting

    Goodmail's service is built around one single idea: easy to pitch to CEO's of large mail providers.

    The providers get paid, and they get a good excuse for charging those fees. End of story.

    If Goodmail's intentions were genuine, they wouldn't charge the "businesses" for every separate mail provider, but create globally valid certificates and then discuss with mail providers of accepting them.

    However who would care to accept the certificates if he doesn't get the dough (the fees)? So there, we arrive at what Goodmail did.

    Can you imagine paying up completely independently to every single ISP in the world so it can accept your SSL certificate? Yea, it's THAT bad...

  5. Can't login by Anonymous Coward · · Score: 5, Funny

    It appears that site you posted, http://666.43.123.666/bankofamerica/mylogin.php, has already been slashdotted. Anyone know a mirror where I can login to my account?

  6. Trust but verify. That it's crap. by DysenteryInTheRanks · · Score: 5, Funny
    The only real solution to stop from being misled by online con artists is to examine each link in a chain of Internet communication to ensure it is from a trustworthy, reliable source.

    Email address, Web URL, refering party -- each should be bulletproof BEFORE you extend your trust. Otherwise, you might get scammed.

    Take this article. We know it's reliable and trustworthy. How?

    Well it was submitted by "anonymous reader," who has posted many a fine gem on this here site.

    Then it was filtered by an "editor" named "ScuttleMonkey." How can you not trust a monkey? Monkeys rock!

    Then, when you click on the link, you see you have been taken to "Spam Daily News," a bastion of journalistic integrity that makes the New York Times look like the New York Times before Judy Miller got fired.

    Finally, the whole thing originated from a little place we like to call "Slashdot." I think the quality of this brand needs no elaboration.

    So as you can see, it is not hard to recognize a secure, reliable, not-at-all-misleading-or-shady chain of Internet links. Happy surfing!

  7. They presented to my organization by StanSmith · · Score: 5, Interesting

    I spent an hour beating them up on a number of issues, much to the embarrassment of my 'far too ready to sign anything' CTO.

    Their VP kept harping on how "it will tell users they can trust your mail". My point that the real challenge was getting users NOT to trust things was not well received, to say the least. I also mercilessly attacked their constant assertion that their widget is "unspoofable", on the simple grounds that a similar widget in a similar location would be sufficient to fool many users.

    My CTO has been asking me when we're going to implement Goodmail ever since. Khaaan!

  8. We already have a better way to do this by NightHwk1 · · Score: 5, Interesting

    GnuPG / PGP signing, with peer-based levels of trust. Or even better: get the public key direct from your bank when you first log in to your account. Added bonus, you have the option of turning on encrypted email.

    This might bring up the question of encrypted spam, but your keyring would act as a whitelist. If some random person sent you an encrypted or signed message, then you would be presented with a message asking if it should be accepted.

    All we need is a simplified way to do this for the general public. Too bad Thunderbird doesn't come with Enigmail preinstalled. We'd probably need something else for webmail. (FF extension?)