I just got emailed by someone I'd never heard of; I replied. However, their mailbox is "protected" by ChoiceMail, and so I got back a verification challenge. However, Thunderbird marked it as junk mail so I nearly missed it. Had I done so, after four days my carefully-written email would have been sent to the bit-bucket and neither side would ever have known.
My beef: these systems suck. But, if companies must offer them, why can't they make them suck less by also offering an (authenticated) SMTP server which the customer could use? Then, when the communication was initiated by their customer, they could automatically add the recipient to the whitelist.
That would cut down the irritating "please authenticate yourself" email to the situations where the other party initiates contact - which, for an average random person, is probably about 50% of the time. And those 50% of cases are those where the other party is more motivated to jump through hoops - because they had a desire to start a conversation in the first place.
Even more smartly, if they find two ChoicePoint customers whitelisting each other, thereby establishing a simple trust network, then their whitelists could be merged. So if A writes to B, "email my mate C", and all are ChoicePoint users, there's no challenge email, because B is on A's whitelist, and A and C's whitelists are merged because they email each other.
Posted by gerv at June 8, 2006 2:03 PMHave you seen "Challenge-Response Anti-Spam Systems Considered Harmful" at http://kmself.home.netcom.com/Rants/challenge-response.html ?
Posted by: Jesse Ruderman at June 8, 2006 2:23 PMAny automatic merger of whitelists will fail in the long run. If a spamming company has the service, it could whitelist some spamming addresses, and pretty quickly no one can tell where they came from. And believe me, they have incentives for doing that.
I believe in a junk classification system that is more flexible than binary, though. Being friend of a friend would increase an e-mail's trust points, so that it gets marked as "possibly real". Giving the computer only two choices increases the damage when it chooses wrong.
Posted by: Tiago Silveira at June 8, 2006 2:58 PMTiago said: Any automatic merger of whitelists will fail in the long run. If a spamming company has the service, it could whitelist some spamming addresses, and pretty quickly no one can tell where they came from. And believe me, they have incentives for doing that.
You think I didn't think of that? :-) Read again about how I suggested it works. In order for the spamming company's address to be on your personal whitelist, you need to have sent mail to that address. And why would you have done that?
Posted by: Gerv at June 8, 2006 3:30 PMTrust rings can work - just look at http://www.getoutfoxed.com/
You can trust 2 hops away, but not 3 hops - it prevents spammers from getting very far. Plus, once you realize that someone is a spammer you just kill them from your trust and the problem is solved.
Posted by: greggles at June 8, 2006 3:36 PMBut how do you determine who a message if "from"? From headers are completely untrustable and SMTP envelope senders are not much better. It is not unusual for spam to come "from" someone you know.
Posted by: Stuart Johnston at June 8, 2006 6:27 PMAnother way to do the trust-ring thing is to use LOAF, which is GPL'd and available at http://loaf.cantbedone.org/ -- one of the LOAF co-authors has become rather famous lately...
Posted by: Nancy McGough at June 8, 2006 8:25 PMStuart: If outgoing mail (from which this information is being calculated) is being sent via authenticated SMTP through the Challenge-Response company's servers, then only the company's users can log in and send it. The company can check that the From: header being used matches the account that has been used for the SMTP login, and not create a trust relationship if it doesn't.
Posted by: Gerv at June 8, 2006 8:29 PMI say compagnies should all implement domainkeys. This means an auth smtp server, a ptr entry in the compagny's DNS. And then you are sure the sender can be trusted (except on mailing lists because they change the header portions of the emails) - from being from the said compagny. I'm wondering if mofo/moco does implement domainkeys on it's servers.
Then another auth solution is something like enigmail - but this is far too geeky.
Posted by: Ludovic Hirlimann at June 9, 2006 5:43 AM1) joe@choicemail sends email to gerv@mozilla
2) gerv@mozilla reply to joe@choicemail message goes through
-- this is what you are suggesting in your 2nd paragraph, right?
3) Now, random spammer sends email forged as gerv@mozilla.org to joe@choicemail and the message goes right through!
Posted by: Stuart Johnston at June 12, 2006 7:50 PMBTW, PC Magazine recently reviewed a C/R system that uses subjects (> 14 char) to automatically accept replies.
http://www.pcmag.com/article2/0,1895,1963154,00.asp
Posted by: Stuart Johnston at June 12, 2006 8:24 PMStuart: How is that problem specific to the idea of combining whitelists? The fact that spammers can forge email from people on your whitelist is a problem with all CR systems; my suggested improvement doesn't really change much.
Gerv
Posted by: Gerv at June 12, 2006 9:51 PMMy reference was to your suggestion of automatic whitelisting based on outgoing email. I suppose you are right, though. If you are whitelisting based on outgoing mail from the user or web clicks from the recipient, either way, whitelisting is fundamentally broken (without spf, etc.).
In any case, I agree, C/R sucks!
Posted by: Stuart Johnston at June 13, 2006 2:46 PMI was a happy MailBlocks customer and they absolutely implemented auto-whitelisting. The majority of my friends & contacts never had to deal with self-authentication because I had written to them first. Alas, Mailblocks was bought & killed by AOL.
Posted by: Andy at June 13, 2006 4:58 PM