|
Re: spam
2003-05-28 23:47:48
Do we have to solve *the* spam problem? How about a much simpler, solvable
problem that perhaps a large majority of email users struggle with?
The hard problem is how to allow people to be generally accessible by email,
but not so accessible that they get tons of spam. In other words, how they
can participate in a public forum -- say a newsgroup or mailing list --
allowing other individuals to contact them with non-spam, while keeping the
spam out.
The easy problem is how to allow two consenting parties to communicate via
email without interference from spam. Not everyone feels it's necessary
that they participate in a public forum. Many would be happy if just the
easy problem were solved.
The easy problem has not been solved satisfactorily. Some options:
1. Get multiple email accounts. Some are throw-away accounts. Some are
closely guarded, but eventually end up compromised.
2. Change email addresses from time to time. For many users, that, to them,
means changing ISPs.
3. Just learn to live with spam.
4. Try a filter and live with false positives.
Those are the options available to average email users. For more capable
users, there is another option:
5. Some clever ad hoc solution. Like putting a special string in the
subject line.
As this easy problem is a truly solvable problem, and one that many people
care about, why not solve it in a standard way?
See my further comments below...
Anthony Atkielski wrote:
[snip]
I think, though, that a more effective method would be to find something
that one can require on each message and that is not trivially easy for a
computer to do automatically.
For example, the various admininstrations passing through the White House
have long had a policy of establishing a "secret number" or similar text
that must be placed on any incoming letter that is to be forwarded directly
to the President or his family with minimal screening. The President and
family then give this number to a select few people. Any correspondence
without the number goes through all the usual screening.
This works because the number is an out-of-band datum that the average
sender is not likely to have. It is communicated from human being to human
being, and isn't to be found anywhere in public. So it cannot be
automatically added by a machine, nor can unauthorized people add it.
A simple e-mail implementation of this would be to place a random string in
the subject line of a message intended for a specific recipient that serves
the same purpose as this "secret number." The string would be different for
each recipient, and the only way to obtain it would be through some
out-of-band process (such as contacting the recipient by phone, or
something). Since there would be no record of this anywhere that spammers
could harvest, it would be impossible for spammers to include these numbers
on outgoing mail. Very simple, and very effective. It would, however, be
nice to have e-mail clients that automated this, by allow for a secret
number field in address books that would make it possible to insert them
automatically on outgoing mail (most clients already provide a way to filter
for such numbers on incoming mail).
As Anthony's suggestion implies, the solution is simple. It works like
this: You can get into my email imbox because I authorized you to get in.
You prove that you are authorized by presenting the "secret" that I provided
to you.
While some would prefer to re-engineer the entire Internet mail system, I
just see that average users would be happy if email from their relatives,
friends, co-workers, and acquaintances went into one folder, while
everything else went into another folder, automatically. Why is that so
hard to do? Why isn't it done?
Personally, I think that plus aliases (also called subaddresses) are the
best way to solve the easy problem. But I would be thrilled to see the
problem solved for the sake of Joe Average User by whatever technique: plus
aliases, secret number in the subject line, new mail header field, or any
other good idea. Once that problem is solved sufficiently, we can go back
to our research problems.
BTW, some commercial enterprises are on to this idea in a big way. Just as
one example, there is ZoEmail (www.zoemail.com).
Digital signatures and similar authentication would work but are overkill.
All you need is some bit of information that spammers cannot harvest, and
the above random string fits that purpose. Spammers might pick up your
address on a newsgroup or Web site, but they'd have no way of discovering
your secret number.
That simply provides message integrity ...
Hash it and sign it with the public key of the recipient. That would work,
because spammers would not have the public key, whereas legitimate senders
would.
However, I think the secret-number concept described above would be much
similar and would be just as effective.
--
Doug Sauder
Hunny Software, Inc
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: spam, (continued)
- Re: spam, Anthony Atkielski
- RE: spam, Tony Hain
- Re: spam, Anthony Atkielski
- Re: spam, Valdis . Kletnieks
- Re: spam, Anthony Atkielski
- Re: spam, Dave Aronson
- Re: spam, Iljitsch van Beijnum
- Re: spam, Dean Anderson
- crypto-spam, Dave Aronson
- Re: crypto-spam, Dave Aronson
- Re: spam,
Doug Sauder <=
- Re: spam, Anthony Atkielski
- Re: spam, Eric A. Hall
- Re: spam, Dean Anderson
- Re: spam, Iljitsch van Beijnum
- Re: spam, Vernon Schryver
- Re: spam, Iljitsch van Beijnum
- Re: spam, Vernon Schryver
- Re: spam, Andrew Shore
- Re: spam, Graham Klyne
- Re: spam, Vernon Schryver
|
|
|