h a l f b a k e r yBunned. James Bunned.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
This would look just like any other
web-based email service. You would have an email address and a password and some storage area and possibly IMAP services. However, no emails can be sent to this service except by previously nominated, vetted email addresses.
What this means is that if all
the banks, online auction houses, etc. sign up to this service, this would be a single place where you can receive all your 'corporate' email without spam or phishing attacks.
Organisations would have to sign a code of conduct (no mass mailings, etc.) before being allowed in but would be keen to join because of the added security and customer trust in this email channel.
[link]
|
|
How do you stop spammers spoofing email addresses? The fact that I can do it leads me to suspect that just about anyone can. |
|
|
Easy - the link between the accredited email senders and the web-based email service doesn't need to be by normal email - it could be any proprietary system or (simply) by PGP-signed email. Any transmission protocol jointly agreed by the accredited senders and the service will do. |
|
|
You can do this already without introducing "web-based" into the equation. That is, e-mail clients can be authenticated against message submission agents, and MTAs can be authenticated against each other. |
|
|
The "either you're in or out" security model doesn't scale to large networks. The more particpants there are, the more likely it is that one of them gets compromised; the more useful a target is the participant; and the harder it is to move everybody to a clean, new network. For any such system, expect some participating hosts to be compromised, and design for that. |
|
|
The translation from a signed code of conduct into a technical mark that delivery can be based on is another independent element that can be performed by any sort of bonding agency - you give them money, they give you a key; if they receive enough complaints, they pay the money to the people who complain, and withdraw the key. |
|
|
Note to self: Find time to contact the banks, clearinghouses, and notification services that have not only responded to my initial request but have also kept me up to date with periodic mailings. I should really dump them based on their loyalty equation alone. |
|
|
[jutta] I don't really understand why you
say it wouldn't scale. If this is a service
like Yahoo Mail and 1000 corporations
are accredited to send email to Yahoo
addresses and no one else is, then
anyone who needs to receive email from
these 1000 corporations will get a
Yahoo email address. |
|
|
I should probably avoid being the first one to comment on IT based ideas. It can lead to looking silly. |
|
| |