MS, non-MS, and "email" as we know it
[1/6] from: REBOLlist2:juicybits at: 11-Jul-2003 18:59
Email as we know it will evolve, but will it really be called something else? What will
it be called? I think it depends on what app(s) get the critical mass. Maybe it will
just be called spam-free email?
A lot of people will automatically reject a Microsoft solution, and will even deny it
after it has achieved critical mass and major market share. Am I the only one here who
thinks their 2003 Outlook is going to be a major spam killer? What could be more secure
than to only accept email from senders who are in your contact database? For me, adding
someone (or the From address of a mailing list) to my contact db will be a small price
to pay, to *completely* eliminate spam.
The only major question left might be, what will be the easiest ways to add new, friendly
and business contacts to our contact database. At worst, it might require a web-based
authentication system, eg a human sender might have to enter a machine-non-readable password
in order to get into your contact db, the first time around. Instead of giving someone
your email address, you could give them an url where they can authenticate themselves,
and/or maybe the web server will forward an authenticated email to you so you can quickly
add the the sender's address to your contact db. I can think of other ways to authenticate
new senders, but it's not so important that a standard exists at this level. (Eg, even
without a web server, all your email app would have to do would be to automatically respond
to non-authorized senders with a "please authenticate yourself with this human-only readable
password".) Black lists or filters won't even be necessary, in a completely white-list
(plus first-time authentication) system.
Meanwhile, even for people who will never use MS software, or who have their own business
agenda reason why they automatically reject them, it seems to me like MS's solution will
still become the first, viable standard, and needs to be paid attention to. Show me how
I'm wrong about this. I am *not* pro-MS. However, for those of us (esp myself) who have
been thinking about other solutions, we still won't be able to deny MS their huge power
any time in the near future. I think now is the time to be the first ones to jump on
the first viable anti-spam bandwagon... or be left behind.
Yes, a major evolution in email authentication and delivery *is* imminent.
--Ken.
____________________________ ____________________________
Ah, you hate Microsoft too! So comrade, ven do vee plan to defect?
[2/6] from: joel:neely:fedex at: 12-Jul-2003 8:22
Hi, Ken,
Just thinking out loud... (and there *is* REBOL relevance
further down! ;-)
Ken Cadby wrote:
> A lot of people will automatically reject a Microsoft solution,
> and will even deny it after it has achieved critical mass and
> major market share.
>
This list is the *last* place I'd ever have expected to hear
market share cited as a measure of fitness. (Have you turned
on a television lately? ;-)
> Am I the only one here who thinks their 2003 Outlook is going
> to be a major spam killer? What could be more secure than to
> only accept email from senders who are in your contact database?
> For me, adding someone (or the From address of a mailing list)
> to my contact db will be a small price to pay, to *completely*
> eliminate spam.
>
What do those questions have to do with Outlook? There are already
products available for whitelisting and other forms of spam control.
The fact that Microsoft (again) may copy features invented elsewhere
doesn't lead me to conclude that my problems will go away. (After
all, the fact that they -- belatedly -- entered the browser market
and then used their monopoly position to interfere with that market
hasn't prevented pop-up ads, pop-under ads, nor browser-based holes
in security!)
In almost no time Google pointed me to
http://tmda.net/
> TMDA is an OSI certified software application designed to
> significantly reduce the amount of SPAM/UCE (junk-mail)
> you receive.
(Unix server based)
http://au2.spamassassin.org/index.html
(a cross-platform tool, written in Perl)
At the client side, Mac OS/X Mail contains Bayesian spam detection
which can be trained/tuned for the user's preferences. Netscape 7.1
has similar features.
However, the real solution is server side, so that I don't waste the
connect time or cpu cycles on my desk/lap dealing with the garbage.
The company where I work implements spam detection/routing centrally,
with the digital sewage routed to separate storage. I suspect that
service providers who would offer similar capabilities would find a
ready audience.
> The only major question left might be...
>
You outlined an approach for contact origination that seems quite
reasonable (especially if implemented server-side), and is also
clearly implementable in REBOL. Such an implementation has the
added virtue of being platform-neutral.
This could be developed either as a mail client, a server-side
tool, or packaged as a service-by-subscription.
> ...
> Show me how I'm wrong about this. I am *not* pro-MS. However, for
<<quoted lines omitted: 3>>
> ones to jump on the first viable anti-spam bandwagon...
> or be left behind.
Re "other solutions", have you looked at Jabber?
Having been involved in computing for my entire career (beginning
with my first programming course in 1968), I have absolutely *no*
faith that big, entrenched corporations will save the world. In
fact, history (within my career) tells me that sooner or later
they begin to believe their own PR, think of themselves as the
center-of-the-world/source-of-all-good-bits and get blindsided by
a great idea from the little guys. (Do you think REBOL is a good
idea? 'nuff said)
Burroughs, DEC, and Data General all had great ideas, and made
significant contributions to the development of computing (both
academically and in the marketplace), but missed the significance
of the high cost of totally proprietary platforms.
IBM totally missed the desktop/distributed computing paradigm shift.
Microsoft ignored networking until Novell proved its viability for
the business market. Microsoft (in the person of Bill Gates) made
public remarks disparaging the significance of the Internet.
In the last two cases, Microsoft was able to use market position
and financial resources to turn the ship around. At some point
there will come an idea that is sufficiently (and likely culturally)
different that The Computing Establishment won't recognize (or
embrace-and-extend) it quickly enough. (At that point most big
companies turn to the lawyers and/or the checkbook...)
We (the human race, collectively) don't yet understand the role or
value of high-bandwidth, ultra-low-cost communication. As usual,
the abusers of their fellow-men are quick to jump on a new concept
when they think they can turn it to their profit/ad/vantage, but
that's only temporary.
Consider the abuse of the telephone (and telephone owners) by the
junk-phone-call industry. A range of interesting responses have
occurred, from unlisted numbers to caller ID, to state- and US-
wide "do not call" lists. [Perhaps some of our international list
participants can educate me on whether the problem is as bad in
the world at large, and what's being done on the larger scale.]
I think it's too early to declare anything as a final solution
given the tremendous creativity unleashed on (and by) the 'Net.
(And I, speaking strictly for myself, don't want to invite an
800-pound gorilla with a fly-swatter to take up residence in my
house just because someone left the back door open and a few
mosquitoes slipped in... ;-)
Thanks for the stimulating post, and for listening!
-jn-
[3/6] from: joel:neely:fedex at: 12-Jul-2003 8:23
[I apologize if this is a duplicate. On my first attempt to
send it, my mail server glitched -- ironically enough! ;-]
Hi, Ken,
Just thinking out loud... (and there *is* REBOL relevance
further down! ;-)
Ken Cadby wrote:
> A lot of people will automatically reject a Microsoft solution,
> and will even deny it after it has achieved critical mass and
> major market share.
>
This list is the *last* place I'd ever have expected to hear
market share cited as a measure of fitness. (Have you turned
on a television lately? ;-)
> Am I the only one here who thinks their 2003 Outlook is going
> to be a major spam killer? What could be more secure than to
> only accept email from senders who are in your contact database?
> For me, adding someone (or the From address of a mailing list)
> to my contact db will be a small price to pay, to *completely*
> eliminate spam.
>
What do those questions have to do with Outlook? There are already
products available for whitelisting and other forms of spam control.
The fact that Microsoft (again) may copy features invented elsewhere
doesn't lead me to conclude that my problems will go away. (After
all, the fact that they -- belatedly -- entered the browser market
and then used their monopoly position to interfere with that market
hasn't prevented pop-up ads, pop-under ads, nor browser-based holes
in security!)
In almost no time Google pointed me to
http://tmda.net/
> TMDA is an OSI certified software application designed to
> significantly reduce the amount of SPAM/UCE (junk-mail)
> you receive.
(Unix server based)
http://au2.spamassassin.org/index.html
(a cross-platform tool, written in Perl)
At the client side, Mac OS/X Mail contains Bayesian spam detection
which can be trained/tuned for the user's preferences. Netscape 7.1
has similar features.
However, the real solution is server side, so that I don't waste the
connect time or cpu cycles on my desk/lap dealing with the garbage.
The company where I work implements spam detection/routing centrally,
with the digital sewage routed to separate storage. I suspect that
service providers who would offer similar capabilities would find a
ready audience.
> The only major question left might be...
>
You outlined an approach for contact origination that seems quite
reasonable (especially if implemented server-side), and is also
clearly implementable in REBOL. Such an implementation has the
added virtue of being platform-neutral.
This could be developed either as a mail client, a server-side
tool, or packaged as a service-by-subscription.
> ...
> Show me how I'm wrong about this. I am *not* pro-MS. However, for
<<quoted lines omitted: 3>>
> ones to jump on the first viable anti-spam bandwagon...
> or be left behind.
Re "other solutions", have you looked at Jabber?
Having been involved in computing for my entire career (beginning
with my first programming course in 1968), I have absolutely *no*
faith that big, entrenched corporations will save the world. In
fact, history (within my career) tells me that sooner or later
they begin to believe their own PR, think of themselves as the
center-of-the-world/source-of-all-good-bits and get blindsided by
a great idea from the little guys. (Do you think REBOL is a good
idea? 'nuff said)
Burroughs, DEC, and Data General all had great ideas, and made
significant contributions to the development of computing (both
academically and in the marketplace), but missed the significance
of the high cost of totally proprietary platforms.
IBM totally missed the desktop/distributed computing paradigm shift.
Microsoft ignored networking until Novell proved its viability for
the business market. Microsoft (in the person of Bill Gates) made
public remarks disparaging the significance of the Internet.
In the last two cases, Microsoft was able to use market position
and financial resources to turn the ship around. At some point
there will come an idea that is sufficiently (and likely culturally)
different that The Computing Establishment won't recognize (or
embrace-and-extend) it quickly enough. (At that point most big
companies turn to the lawyers and/or the checkbook...)
We (the human race, collectively) don't yet understand the role or
value of high-bandwidth, ultra-low-cost communication. As usual,
the abusers of their fellow-men are quick to jump on a new concept
when they think they can turn it to their profit/ad/vantage, but
that's only temporary.
Consider the abuse of the telephone (and telephone owners) by the
junk-phone-call industry. A range of interesting responses have
occurred, from unlisted numbers to caller ID, to state- and US-
wide "do not call" lists. [Perhaps some of our international list
participants can educate me on whether the problem is as bad in
the world at large, and what's being done on the larger scale.]
I think it's too early to declare anything as a final solution
given the tremendous creativity unleashed on (and by) the 'Net.
(And I, speaking strictly for myself, don't want to invite an
800-pound gorilla with a fly-swatter to take up residence in my
house just because someone left the back door open and a few
mosquitoes slipped in... ;-)
Thanks for the stimulating post, and for listening!
-jn-
[4/6] from: pwoodward::cncdsl::com at: 12-Jul-2003 9:22
Ken -
I see several problems with the "Accept mail from known contacts only"
approach. It's easy enough to implement in just about every version of
Outlook and Outlook Express since Office 97. Just create a filter that
moves all emails to your deleted folder if the senders email address is
_not_ in a list.
However this still ignores web sites that use email verification, or send
sales reciepts. There's just about no way to know what email address those
messages will be coming from. So, with MS's default approach coming up in
Outlook2003, this may create some problems. It's similar to the "Response
required to send" approach being used by ISPs like Earthlink.
For instance if you were an Earthlink subscriber, when my email to you hits
their email server, that automatically triggers an email back to me,
containing a clickable URL. I _must_ click the link in order for the email
to end up in your in-box. However, what if I am a machine? I'm the
US-Airways web server, sending you the reciept and itinerary for the tickets
you just bought. I will hardly be clicking the URL - and you'll get no
verification that your purchase was successful.
I think things like the "known contacts only" approach will work fine for
intra-office email. There's usually a known list of employees to draw upon
(a directory like LDAP or Active Server). But it starts to run into
problems with inter-office approaches (Lotus Notes allowed for cross
certification of user directories, and it was still a PITA), and email that
might come from other, legitimate sources - friends and family for instance.
The "response required" approach would work fine if every legitimate email
sent was from a human being; but that's just not the case when dealing with
e-commerce sites. And don't expect Amazon to make their outbound email
reciept address "known" when it could be used for abusive purposes.
Just my two cents - "known only" and "response required" are OK ideas, but
they do have flaws, and won't solve the Spam problem w/o introducing new
ones.
- Porter
[5/6] from: joel:neely:fedex at: 12-Jul-2003 9:02
Hi, all,
Speaking of irony, I think I just overdosed! After following
(and posting to) the discussion of email-etc, I browsed over
to Dilbert and saw today's cartoon:
http://www.dilbert.com/comics/dilbert/archive/images/dilbert2003071742312.gif
(Watch out for URL-wrap; I used the absolute image link in case
someone doesn't get to see this today...)
-jn-
Joel Neely wrote:
[6/6] from: carl::cybercraft::co::nz at: 24-Dec-2003 22:23
On 13-Jul-03, Porter Woodward wrote:
> Ken -
> I see several problems with the "Accept mail from known contacts
<<quoted lines omitted: 5>>
> send sales reciepts. There's just about no way to know what email
> address those messages will be coming from.
What about having a very short, formal format that unsolicited email
has to conform to to get noticed? Spammers could still use it, but
they'd be restricted to (say) messages of 60 characters or less and
with no HTML or URLs in. And perhaps also have an address-book that
allows for addresses to have an expiry-date.
--
Carl Read
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted