Re: Email replacement system?

Mike Lovell <mike.lovell@null> wrote:

Just a kind of outline at the moment, with some finer details missing
but anyone have any constructive criticism and/or suggestions on the
concept?

Hi Mike,

off the top of my head, there are these potential problems that I
think you'd need to address:

1) I currently have some pretty good spam filters and its rare for any
spam to get into my inboxes, (or for good mail to get rejected by the
spam filters). The spam filtering uses a broad range of techniques
including content analysis. If the mail system only sent me a
notification of an email, I'd still have to download it so that the
spam filters can evaluate it, so I don't see that it has much of a
spam reduction benefit from that point of view.

2) Some spammers use read notifications, web bugs etc, to try to
determine which recipients are worth spamming again because they
opened the mail and read it. With the sorts of systems you are talking
about, they wouldn't need such complications because the server
holding the mail copy could log who reads their mail and when. It
would also have privacy implications for non-spam mail as well. Now I
know a lot of businesses who think it would be a benefit to know
exactly the date and time that their email was read by the recipient,
but I'd prefer to keep my privacy.

3) Some malicious mails contain rather large attachments, e.g. if they
are sending an infected file. If the spammer only had to send out a
small notification instead of the whole file, and only see it
downloaded by people who actually open the mail, he'd avoid wasting
bandwidth and might actually be able to send out more spam, not less.

4) ISPs who implement outbound virus scanning etc would no longer be
able to detect anything in the outbound mail. They'd all look the same
as legitimate mails.

5) The idea that generating the encrypted checksum is going to be time
consuming and therefore expensive for the spammer (but not for the
recipient) is flawed. Most spam is sent out using compromised
machines. The spammer is already stealing bandwidth and cpu. How will
it matter to him if a compromised machine runs a little slower still?
Most zombied PCs have plenty of spare processing cycles. The
limitation on spam sending is usually the bandwidth and the existing
filters and blocks, not the processing power of the infected host.

6) How long does the sending server keep email? The other day I sent
someone a document and received an autoreply back to say she is on a
sabbatical and won't be back at her desk until next January. No
problem, the mail will still be there for her when she gets back to
work. Under your outline, is the mail server expected to keep mail for
as long as it is unclaimed? Suppose you send someone a mail to an
obsolete Hotmail account. Would the sending server have to keep the
mail forever, even after Hotmail has closed down the acocunt?

I think we've already got plenty of tools for dealing with spam,
phishing and viruses, and coming up with another technical fix isn't
going to be that productive, unless you are 100% sure that it is a
permanent solution to all problems. Right now, we need to address the
issue of so many people getting their PCs zombied. Maybe it needs
better protection built into Windows etc. Maybe it needs better
firewall software so that more people block direct-to-MX from their
PCs. Maybe it needs more ISPs to block direct-to-MX from consumer
space, more blocking of ports used for zombie remote control, and more
use of community blacklists to cut off the machines being used to send
out the spam. I'm not saying any of those is easy, but I think they
are all easier than trying to come up with yet another alternative to
SMTP.
.

Relevant Pages

  • Re: ~~~ Lindsay Lohan Reveals all ~~~
    ... re-appear in a different guise? ... I pay for an "individual.net" account and they have really good spam filters ... For the good of people who use a service with good spam filters, ... refrain from responding to spam as the spammer never reads these responses ...
    (rec.photo.digital)
  • No Starch Releases "Ending Spam"
    ... DEVELOPER OF DSPAM EXPLAINS TECHNOLOGY BEHIND SPAM FILTERING ... has announced the release of "Ending Spam: ... Starch Press, ... generation spam filters, sys admins who need to implement them, gearheads ...
    (comp.os.linux.announce)
  • FAQ: Canonical list of questions Beavis refuses to answer (V1.50) (was Re: Fighting email spam and a
    ... newsgroups, so almost no one will see this spammer's attempt to convince people to use spam filters that he and his criminal buddies can easily beat, and to avoid the only type of spam filters that they _can't_ beat. ... If your Challenge-Response spam filter works so well, why are you munging your address, when posting to Usenet? ... If spammers avoid forging real E-mail addresses on spam, then where do all these bounces everyone reports getting come from? ...
    (comp.mail.misc)
  • Re: Email replacement system?
    ... I currently have some pretty good spam filters and its rare for any ... The server system could even take care of validation. ... I would envisage the concept relying on a web of trust, you'd deny a message purely based on it's verifiable sender. ...
    (comp.mail.misc)
  • Re: TalkTalk spam filters
    ... My Prismemail account has not filtered one spam either because it has not been passed a single spam email by the TalkTalk mail server. ... There is no spam header in any of the TalkTalk emails. ... A simple trigger word or even "FWD: Re:" in the subject will trigger the TalkTalk spam filters. ...
    (uk.telecom.broadband)