Once again I appreciate any and all constructive criticism.
I have several objections to your system, which I have not seen you
respond to.
1) I am in charge of a fairly popular web-accessible database, which requires
a password for access. Sometimes people will forget their password, but
then they can type in their ID number and have the password sent to the
e-mail addresss they provided when they registered. This is a fully
automatic process. If those users were using your system, my mail to
their address might well bounce, as the address hight have become
invalid. I am not willing to accept the extra burden of processing
those bounces, and I assume the same will be true for many others who
maintain a similar system, and this might mean a significant
inconvenience for anyone actually using the system - a system which
involves brealing a number of existing systems will not be popular.
The automatic generation of sub-addresses makes it less likely that the address
that was given to your site will be deactivated but yes, your concern is
justified. If someone deactivates the sub-address and if they have not
white-listed you then the reminder email you send them will bounce. One can
accept this as an inherent flaw with the system or you can address it in one of
the following ways:
-When they are typing in their ID number you can have a clear reminder posted
such as: WE WILL NOT HANDLE BOUNCES AT THIS SITE. IF YOU DEACTIVATED THE
SUB-ADDRESS THAT YOU GAVE US THEN YOU MUST ADD REMINDER(_at_)DATABASE(_dot_)COM
TO YOUR WHITE-LIST BEFORE REQUESTING A REMINDER FOR YOUR PASSWORD.
-I imagine that if my system became very popular then there would be services
in the developing world that would process these bounces for maybe a tenth of a
cent a piece. So if you are willing to spend $50 then you can get 50,000
bounces decoded by this service. I imagine that these services will become
very popular with businesses that do transactions over the internet. Of course
if you are a spammer and you want to decode 100 million bounces a day then this
same service will cost you $100,000 every day.
2) Your mails might look like spam to some spam filters - there are
filters that notice the transmission of a large number of substantially
identical messages and attachments, and automatically learn to
identify those mails spam. This will happen quicker if your
system ever responds to a forged mail address which happens to be
a spam trap. There are systems that will consider anyone who mails
to a spam trap to be a spammer, and censor all future mail from that
user/server combination. Basically, what I am saying is that your
system is just not compatible with some existing anti-spam solutions.
This is a good point but I admit that I am not qualified to respond to this
criticism. Many large companies such as Ebay, Paypal, and Amazon send out mass
mailings and filters allow these emails through.
Maybe someone out there with knowledge of these filters can either suggest the
appropriate workaround for this issue, or barring that maybe they can confirm
that this is a problem with no reasonable solution. I would like to know.
I will say that if you are actually using my system then this will not be a
problem since email sent with the correct sub-address will bypass content
filters.
3) Your system does not work at all for addresses which people expect to
find like "postmaster", "webmaster", "sales", "support", "info",
"abuse" and so on. People are just not going to appreciate a message
telling them to use a different addres - in particular if it arrives as
a graphical attachment.
I assume you are asking what happens when you send email to, say, the computer
support department of Dell computer. I really can't imagine that Dell would
use this system to guard their support department. This system is more suited
for email accounts belonging to individuals.
4) Old e-mail addresses never die. I am still receiving the occasional
spam to an address I used ONCE to post a Usenet message back in '89.
That address is now redirected to a spamtrap and working nicely as
such. Now, if I started constantly switching e-mail addresses, I would
eventually be receiving multiple copies of every spam message - one
or more to each address. This would just mean increased load for my
server, and as I have to pay for my incoming traffic, I do not
appreciate tht increase.
I guess this is a general argument against the concept of any temporary or
disposable email address. This could be directed against Zoemail, Reflexion,
Yahoo's AddressGuard, Spam Gourmet.... It would also apply to the email
address I'm using now since I did not want to use my primary email address in a
public forum.
You may be right, but so far there has not been an uproar over the concept of
disposable addresses. Some people question if spammers would ever try to prune
their list of expired addresses. I suspect that if 99% of a spammers list was
made up of clearly expired addresses then they would be motivated to prune the
list - but I admit that this is just speculation on my part.
You also asked what I meant by a typical user. Some people cannot use this=
system such as certain business people, people who insist on keeping an ac=
tive email address in an easily harvested form on website, or people who ar=
e afraid of being cut off from correspondents who use a graphics incapable =
email system.
Also include everyone wanting to participate in a public discussion board,
Usenet group or any other similar servide which publishes your e-mail.
In fact, just about the only ones who could use the syetem are those who
can keep their e-mail address secret - but even that does not work in
practice unless they never send out mail. E-mails will get out and
spammers will harvest them.....no matter what.
I don't have to speculate as to if the automated generation of sub-addresses
will be an effective tool against spam. Services such as Zoemail and Reflexion
are used successfully by many people. My system is an expansion and improvement
of their proven technology.
Thank you,
Michael Kaplan
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg