enciphered e-mails as a SPAM countermeasuer
It is not about Okopipi but generally about SPAM.
I have an idea that looks good to me - I belive it could work, but it is so simple that it is hard to belive it is not yet introduced...
The idea is: Electronic Signature of each e-mail.
If every email sent, would have a signature of the sender and if email software of everyone would have the function "to not accept not-signed emails" then the volume of SPAM in the world would drop radically, or even the Spam would disappeare complety?
If the system would work, it would look like that:
1. There are few "Signature-Servers" in internet.
2. If you apply there you can get your own unique signature.
3. Then if you have the signature, your email software add it to each email (it encypher it with it), so you send only encyphered emails.
4. If someone received your email, it is "written" on it "Encyphered by the signature from ABC Company".
5. Then the receiving software contacts the "ABC Company" to get the code to read the email.
6. In perfect situation everyone has the signature, and everyone accept only signed emails.
7. If someone abuses email to send the spam then the receiving person can claim him to the "Signature Server".
8. Then after, let say, 50 claims, the server cancel the validation of Signature of the spammer.
It should work....!? Isn't it?
Right now the spammers send millions of emails from one place. Of course it is some written "John Smith" or "Jane Brown" - different every time, but the sender is the same.
With the "Signature Servers" the spammer can send only up to 50 emails then he has to change the email address and start again.
(What is more, if the authorisation in "Signature Server" has to be done by a person ("read the strange numbers" check) then I belive all spammers has to quit their job and star doing something else....
For the beginning it could start with some "Signature Server", and some software that divides:
- signed emails (for sure no spam)
- unsigned emails (spam or not spam - not sure)
Then gradually the number of users should increase, when it reach i.e. 90% of internet then they will probably see that in "unsigned emails folder" there is only spam so they will finally stop it (no unsigned emails accepted)
And that is all :)
Isn't it simple?
If there is any weak point in my idea please let me know.
Regards,
M. Szeptycki
Similar entries
Poll
Recent comments
- PaydayLoans
2 weeks 2 days ago - Online Auto Loans
2 weeks 6 days ago - Re: Instant Cash Advance
5 weeks 4 days ago - Used Auto Finance
6 weeks 4 days ago - Bad Credit Auto Finance
6 weeks 4 days ago - Re: Okopipi was a good idea...! Really!
9 weeks 5 days ago - Re: Myers Briggs Personality Test
9 weeks 5 days ago - Re: Myers Briggs Personality Test
10 weeks 3 days ago - Re: No Credit Auto Finance
14 weeks 3 days ago - Shenanigans !
23 weeks 3 days ago
Syndicate
How would you get started?
There are a series of ideas like this that are out there -- the problem with *all* of them is that they don't do anything unless most email users are using them.
When you start out, you might be able to convince a few hundred people to use your system. At that point, 99.999% of the email your users get will be UNsigned. They can't just start rejecting unsigned email, because that would mean rejecting valid email.
Unfortunately, that means the system doesn't help them at all. They can report spam to the main servers, but none of the spammers will be registered, so they won't be punished.
So... eventually those few hundred people will stop using the system, because their spam isn't affected. The spammers won't mind -- they just send spam normally, and everyone (even the few hundred people in your program!) will receive it.
For any plan like this, you have to consider how it will work (and how it will help people) while it's still small... because if it doesn't, it'll never become big.
This is why the BlueFrog (and Okopipi) idea is good. It starts hurting spammers even while it's small. Just a few hundred people get hit with the same spam, and the spamvertized site suddenly has to filter out a few hundred false order submissions, by hand, from their real orders, plus try to stop their ISP from shutting them down due to a few hundred complaints. It hurts. A few of them clean their lists, and users notice the difference and spread the word. As thousands and tens of thousands of users sign up, the spamvertized sites are hurt even more, and it keeps scaling up.
clean up
Ok fungus I agree wif you but how do we do that so everyone is on the same page. . there seems just so many ways to acive that.. give us some examples of how to do that. .
Scrapiron
Signatures...why it won't work.
Most spam is sent by compromised "bot" machines.
If they've compromised your machine, they've got your signature.
Spammers don't care if your signature gets revoked or not. They'll send as much spam as they can, if it's only 50 spams, that's fine by them.
As for you? You'll be constantly without a valid signature, and every time you get for a new one it'll be "used up" in minutes.
size does matter
50 emails or 100 000 emails - the difference does matter.
for the spam sending companies the efficiency of their work is extremly low, most of the spam is deleted not read, not neded and so on, I think less than 1% of the spams are read, and the less then 1% of read spam makes the user to do some action i.e. enter on some www etc.
the only chance for them to increase the profit is to send as many emails as possible.
I don't know what is the number of "bot" machines on internet, but if spammers send only 50 emails from each and then loose it (becouse the owner warned by the server cleaned it) then we have some spam: 50 x number of bots, for some time, and then THAT IS ALL :)
no more spam in the internet.
I belive that the company which used to send 100 000 or 1000 000 of emails a day and had some profit of it, has to send only 1000 of it, then they just simply give it up and start some other activity.
what do you think?
m.szeptycki
Size doesn't matter....
I belive that the company which used to send 100 000 or 1000 000 of emails a day and had some profit of it, has to send only 1000 of it, then they just simply give it up and start some other activity.
what do you think?
A spammer doesn't have to send millions of spams, he just have to send more than all the other spammers out there (so that he's the most likely to get the money).
At the moment that's millions/billions of spams but it could just as easily be thousands (or even hundreds).
Spam won't stop simply because the volume goes down.
Only as long as you don't
Only as long as you don't clean up your infected machine. This would also be a good thing since it would alert owners' attention to the fact that their computer is compromised and get them to secure it. The less computers spammers have in their botnets the better.
Clean-ups
This would also be a good thing since it would alert owners' attention to the fact that their computer is compromised and get them to secure it.
If your strategy relies on people being to keep their machines clean then it's not going to work, especially against malware which knows when it should "hiberbate" for a while.
Another big problem is that bots can cause havok in the system by submitting fake spam reports thus making life miserable for everybody. Any working system has to be fully automatic and self-correcting or it won't work.
The real solution lies in changing the mail protocols, but anything which changes the protocols (even if backwards compatible, eg. a small verifiable attachment) seems to be completely ignored. I've been proposing schemes like yours for years but nobody's interested.
Bill Gates promised that spam would soon be a thing of the past, and Microsoft really could use it's monopoly to end spam by patching Outlook/Hotmail to fix the protocol (everybody else would be forced to follow suit).
eg. If Microsoft announced that "On January 1st 2007 we'll be doing XXXX" then everybody would have plenty of time to update their mail software. It would be an almost painless transition to a spam free world.
So far they're not showing any signs of doing it, and I think it's pathetic.
fake spam reports
Another big problem is that bots can cause havok in the system by submitting fake spam reports thus making life miserable for everybody. Any working system has to be fully automatic and self-correcting or it won't work.
good point!
I didn't think about it.
one one side the owner of "bot" computer in case of often "signature cancelation" get know that there is something wrong with his computer and he has a chance to fix it.
on the other side, in case of "bot" computer sending fake spam reports, the person accused to be a spammer should be informed after each claim by the server, then this person can inform the "bot" computer's ower: "there is something wrong with your comp...."
it can looks that there is much "informing" each other, by people, not automated, but it is unusual situation. what we are talking about is that someone has a computer that does what ever he wants! it is a serious state, and in such situation a would be very greatfull if anyone would inform me that there is something like that going on.
what is more, for each "spam report" there must be spam email attached - encyphered so no possibility of faking it, then in the worst case even some really ugly "bot" computer can claim only the number of emails that he receives from one person.
(usually 2 people do not sent to each other more than 50 emails in a week, so there would be plenty of time to check the situation...)
how about this solution?
regards,
m.szeptycki
What about Hotmail...?
Your plan seems to be centered around individual users. How would somthing like Hotmail fit in?
how about this solution?
what we are talking about is that someone has a computer that does what ever he wants!
Yes!
it is a serious state
Yes!
and in such situation a would be very greatfull if anyone would inform me that there is something like that going on.
I know many people who are sitting in front of their machines and every ten seconds an advert for something will open on their screen. They just close it and keep on going because they really don't know what to do about it.
To you or me it would be intolerable but for them it's all just another part of using a computer.
how about this solution?
I'm not sure it will ever work no matter how you alter it because you're relying on other people to fix their machines. If their machines aren't fixed then the whole system can be subverted by them.
checkout
checkout http://www.messagelevel.com/
It digitally signs your email either from webmail, outlook, or any windows email program.
Free to signup for signing, no signup needed to authenticate.
It seems similar to pgp, a ring of trust for email.
pet meds
Another problem...
one one side the owner of "bot" computer in case of often "signature cancelation" get know that there is something wrong with his computer and he has a chance to fix it.
If your whole plan relies on these people being able to clean up their machines then it will probably fail. There's enough clueless people out there to keep spammers in business forever.
There's also enough bot machines who's owners use Hotmail (or whatever) so they will never notice they're infected by their email going wrong.
Another big problem with your scheme is mailing lists: Imagine a mailing list which sends out 100,000 mails a week to subscribers. There's a big delay between the first people to read the mail and the last people. If fifty of the people on the list decide they don't want to read it any more and report it as spam, or if fifty of them are in a bad mood, or if fifty are infected by botware, or... whatever, then the whole mailing list collapses for that week. Most of the people on the list will have the mail rejected by the server.
The right way..
Does it work? What's with the automated emails by forums, newsletters, content notifications, mails by formmailers ... ?
Domain Keys?
That sounds a lot like Yahoo Domain Keys. Many servers now support it, but not even all of the major ones do.
http://antispam.yahoo.com/domainkeys
The only problem with it is many servers do not currently support it. The idea is that once the majority of the major servers are using the service to allow email signed to go through a short spam check and then right through. Email not signed would be largely bounced back to sender.
There is also SPF(Sender Policy Framework) Which dictates what servers may send email on behalf of a server.
http://www.openspf.org/
They even have a nifty tool to check to see whether or not your email provider uses either technology.
Domain Keys and SPF
I am not sure if I understand well the Domain Key and SPF idea.
But for me it looks it is pretty automated and centralized.
What I suggest is an "distracted" netlike system - the decision has to be taken every time ba a person:
"Is it spam or not?"
And it is done on each computer, so no central attack of Spammers can stop it.
The "Signature Servers" are also kind of "open source project"
Every one can start the signature server by himself, then email users can only decide "Do you trust to XXX server?"
This can protect the internet against the spammers that would like to run the fake signature server.
Since there can be many servers in the internet there is no chance for any attack on a server by spammers, in fact the more servers exist it is better....
Maybe the next step would be a net of servers, becouse some small local servers wouldn't be probably accepted by users all over the world, so maybe servers should be signed as "XXX server, the member of ZZZ group"...
How about this?
m.szeptycki
Re; Electronic Signature - Pefect, I Love It.!!
Thank you so much M. Szeptycki ... U have thought about this I can see ...
I don't fully understand the whole logistics in your idea, but, I'm Loving It.!!
I believe this is absolutely what we need, U have my vote, & it gets a 2-thumbs-up from me.!!
It's a small detail, but I'd like to see a 25 or less count instead of the 50 proposed tho.??
Reading your post just raised a glimmer of hope with a "YES", this could actually work.?? - I'm now excited.!!
I'm just wondering if this will also catch the 'Forged Headers' as a signature 'Must' be present to go thru.??
Keep us informed, OR, if anyone can follow thru in putting this idea together, that'd be a great start.!!
Sometimes simple things end up being the best, tho, programming will still need 2 B done, this does sound GREAT.!!
------- I'd love to see feedback & replies to this idea because It's Interesting.!!, " I Love It " ... What do U's all think.??