Change Displayed Text SizeGrow Displayed Text SizeShrink Displayed Text Size
 

Wednesday, January 28, 2004

101 Ways To Save The Internet

While airport hopping on the way back from Tortola over x-mas, I picked up the January Wired with the article ["101 Ways to Save the Internet"]. The section covering spam caught my eye, since almost every measure listed was something that at one point or another was part of Evil Toaster. Here's my "response" to the article....

ANTISPAM TOOLBOX
None of these is a magic bullet. But together, they can force junk mail down to levels we can all live with.
Items 26-33


26 Pass the Do Not Spam list Chuck Schumer's Senate bill sticks American inbox bombers with steep fines and creates a special circle in hell for those who send porn to tots. It's not 100 percent enforceable, but neither is the speed limit on Interstate 80.


27 Automate the FTC Replace the Federal Trade Commission's manual email address for reporting spam (uce@ftc.gov) with a nationwide collaborative filtering service like Cloudmark's SpamNet.


28 Simplify disposable addresses



Disposable email addresses are pretty easy right now. Check out [jetable.org]. How useful a disposable address is, however, is debatable. Mailing list software should be able to handle users posting with disposable addresses, but so far I don't think many mailing list interfaces will handle them correctly. Anonymous email is something completely different - anonymous remailers are still very awkward to use.
Both disposable and anonymous email should be easier to use within EvilToaster. "Reply Anonymously" and "Reply Disposable" are options.

29 Stop email forgery A geeky feature called Reverse MX makes it impossible to masquerade as gwbush@whitehouse.gov.



Reverse MX has it's own problems. You can read a good explanation of it's weaknesses [here]. Basically, it would not scale for an email provider like Hotmail or Yahoo. It would be nice to just ditch SMTP and come up with something better, but it's doubtful that will happen anytime soon. If a compelling SMTP replacement with some kind of backwards compatibility were introduced it's difficult to say wether or not it would be adopted. A straight up replacement for SMTP would require updates to every email client on the planet- and that's not going to happen. Transparent changes on the server side are what's really required.

30 Scramble archived addresses Online archives of mailing lists are a treasure trove for spammers. Give members the option to have their addresses scrambled in posts.



Easier said than done. Four or five years ago I was working on a project to take the skunk-works mailing list archives into the late 20th century - convert them to HTML, make them searchable, etc. One of the problems I never made much progress on was ofuscation techniques that would work. Most of the techniques in use today are very easy for an email harvester to code around.

31 Enable digital signatures Crypto certificates are the most reliable way to tell email friend from faux. ISPs and corporate IT guys should pass them out as a competitive advantage.


While it's getting easier for Geeks to work with digital signatures and certs - I recently enabled a Thawte personal cert in Mail.app by following [these instructions]. It's still not easy, and it's error prone, and there's no way I could ever explain it all to my Mom. So it's not going to happen. And no matter how widespread and secure digital signatures are, there's always Outlook to make it irrelevant.

32 Build friend-of-a-friend filters Think of it as Friendster for your inbox. Everyone on our list can email everyone on yours, but outsiders have to fill out those annoying SpamCop forms.


It's a nice thought - what's being described here are the kinds of trust metrics and trust webs that systems like [advogato.org] use. I examined and experimented with using a trust metric system based on advogato in Evil Toaster and came to the conclusion that only a large ISP could really do it successfully.

33 Create a P2P email program We directly trade MP3 files, instant messages, and now phone calls without the bother of backend servers. So why not email messages?


It's called instant messenging dude, try it.

1/28/2004 10:29:00 PM ] [  0 comments  ]
[archives]
A good quick laugh