E-mail v. Spam

[reldnahkram]

I'm not sure what got me thinking about this (especially at 6:30 AM). But I found myself pondering the feasibility of a giant e-mail white list, possibly run by the government (actually, on second thought, maybe not) or perhaps a large, benevolent company (perhaps one with lots of storage space, lots of bandwidth, a somewhat new e-mail service, and a history of not being evil).

System users would need two e-mail addresses, a public and a private. Mail sent to the public account is forwarded to the system and checked against the white list. If the sender is on the white list, then the message is forwarded to the private account. There should be some sort of system to ensure that only mail that passed through the white list is shown at the private account (PGP signing would probably work).

Access to the system would be by invite only, but members would get unlimited invites. Any member can add an e-mail address to the white list, a small number of complaints (2<=n<=10) are needed to unwhitelist an address. There will be a demerit system such that people with a history of adding spam senders to the list will get their accounts revoked.

Users would get periodic notification of non-white listed e-mail, and the sender will get a message saying that, if he knows the recipient personally, he should contact her and have her add his address to the white list and invite him to the system. Users will be able to set addresses and domains for which they don't want to see notification. Users will also be able to allow certain addresses or domains to pass through, enabling people to get e-mail that others might consider spam (many e-commerce sites, for example).

In looking back on this at the end of the day, I'm not sure it's that great of a system. I feel like the filter system works reasonably well, and this system is, perhaps, too complex for Joe Internet-User.

Comments

[uncleamos]

(perhaps one with lots of storage space, lots of bandwidth, a somewhat new e-mail service, and a history of not being evil)

Tell us when such a company exists. :P

[reldnahkram.livejournal.com]

I edited this from perhaps the one to the current.

[miraling.livejournal.com]

::snickers::

[irilyth]

This is entirely achievable, right now, with PGP; but the barrier to entry is too high for Normal Folks.

One way to think about your proposal is that the verification of the "signature" is done by looking up the sender's address on the whitelist server, rather than by checking the signature against a key server. The main advantage over PGP is that the user doesn't have to create keys, get them signed by someone already on the server, send the key to a server, and then use special software to talk to the server.

The main disadvantage I can think of offhand is that it doesn't do anything to prevent forgery. If I know that reldnahkram@whitelist.net is on the whitelist, why wouldn't I just forge my spam as coming from that address?

[tirerim.livejournal.com]

Exactly. Whitelists work for individual people because it's very difficult for a spammer to guess what addresses are on one's whitelist, but if everyone is on the whitelist, that wouldn't be a problem. It might be a little harder for spammers to obtain addresses to forge if everyone were sending mail with their private addresses, and only giving out their public addresses, but it would still be possible.