Re: Email replacement system?
- From: Landmark <dontmailme@xxxxxxxxxxxxxxxx>
- Date: Fri, 05 Aug 2011 03:11:57 +0100
Mike Lovell <mike.lovell@null> wrote:
Just a kind of outline at the moment, with some finer details missing
but anyone have any constructive criticism and/or suggestions on the
off the top of my head, there are these potential problems that I
think you'd need to address:
1) I currently have some pretty good spam filters and its rare for any
spam to get into my inboxes, (or for good mail to get rejected by the
spam filters). The spam filtering uses a broad range of techniques
including content analysis. If the mail system only sent me a
notification of an email, I'd still have to download it so that the
spam filters can evaluate it, so I don't see that it has much of a
spam reduction benefit from that point of view.
2) Some spammers use read notifications, web bugs etc, to try to
determine which recipients are worth spamming again because they
opened the mail and read it. With the sorts of systems you are talking
about, they wouldn't need such complications because the server
holding the mail copy could log who reads their mail and when. It
would also have privacy implications for non-spam mail as well. Now I
know a lot of businesses who think it would be a benefit to know
exactly the date and time that their email was read by the recipient,
but I'd prefer to keep my privacy.
3) Some malicious mails contain rather large attachments, e.g. if they
are sending an infected file. If the spammer only had to send out a
small notification instead of the whole file, and only see it
downloaded by people who actually open the mail, he'd avoid wasting
bandwidth and might actually be able to send out more spam, not less.
4) ISPs who implement outbound virus scanning etc would no longer be
able to detect anything in the outbound mail. They'd all look the same
as legitimate mails.
5) The idea that generating the encrypted checksum is going to be time
consuming and therefore expensive for the spammer (but not for the
recipient) is flawed. Most spam is sent out using compromised
machines. The spammer is already stealing bandwidth and cpu. How will
it matter to him if a compromised machine runs a little slower still?
Most zombied PCs have plenty of spare processing cycles. The
limitation on spam sending is usually the bandwidth and the existing
filters and blocks, not the processing power of the infected host.
6) How long does the sending server keep email? The other day I sent
someone a document and received an autoreply back to say she is on a
sabbatical and won't be back at her desk until next January. No
problem, the mail will still be there for her when she gets back to
work. Under your outline, is the mail server expected to keep mail for
as long as it is unclaimed? Suppose you send someone a mail to an
obsolete Hotmail account. Would the sending server have to keep the
mail forever, even after Hotmail has closed down the acocunt?
I think we've already got plenty of tools for dealing with spam,
phishing and viruses, and coming up with another technical fix isn't
going to be that productive, unless you are 100% sure that it is a
permanent solution to all problems. Right now, we need to address the
issue of so many people getting their PCs zombied. Maybe it needs
better protection built into Windows etc. Maybe it needs better
firewall software so that more people block direct-to-MX from their
PCs. Maybe it needs more ISPs to block direct-to-MX from consumer
space, more blocking of ports used for zombie remote control, and more
use of community blacklists to cut off the machines being used to send
out the spam. I'm not saying any of those is easy, but I think they
are all easier than trying to come up with yet another alternative to
- Prev by Date: not getting my email
- Next by Date: Re: Email replacement system?
- Previous by thread: not getting my email
- Next by thread: Re: Email replacement system?