This would look just like any other web-based email service. You would have an email address and a password and some storage area and possibly IMAP services. However, no emails can be sent to this service except by previously nominated, vetted email addresses.What this means is that if all the banks, online auction houses, etc. sign up to this service, this would be a single place where you can receive all your 'corporate' email without spam or phishing attacks.Organisations would have to sign a code of conduct (no mass mailings, etc.) before being allowed in but would be keen to join because of the added security and customer trust in this email channel.-- hippo, Jan 17 2005 How do you stop spammers spoofing email addresses? The fact that I can do it leads me to suspect that just about anyone can.-- wagster, Jan 17 2005 Easy - the link between the accredited email senders and the web-based email service doesn't need to be by normal email - it could be any proprietary system or (simply) by PGP-signed email. Any transmission protocol jointly agreed by the accredited senders and the service will do.-- hippo, Jan 17 2005 You can do this already without introducing "web-based" into the equation. That is, e-mail clients can be authenticated against message submission agents, and MTAs can be authenticated against each other.
The "either you're in or out" security model doesn't scale to large networks. The more particpants there are, the more likely it is that one of them gets compromised; the more useful a target is the participant; and the harder it is to move everybody to a clean, new network. For any such system, expect some participating hosts to be compromised, and design for that.
The translation from a signed code of conduct into a technical mark that delivery can be based on is another independent element that can be performed by any sort of bonding agency - you give them money, they give you a key; if they receive enough complaints, they pay the money to the people who complain, and withdraw the key.-- jutta, Jan 17 2005 Note to self: Find time to contact the banks, clearinghouses, and notification services that have not only responded to my initial request but have also kept me up to date with periodic mailings. I should really dump them based on their loyalty equation alone.-- reensure, Jan 17 2005 [jutta] I don't really understand why you say it wouldn't scale. If this is a service like Yahoo Mail and 1000 corporations are accredited to send email to Yahoo addresses and no one else is, then anyone who needs to receive email from these 1000 corporations will get a Yahoo email address.-- hippo, Jan 17 2005 I should probably avoid being the first one to comment on IT based ideas. It can lead to looking silly.-- wagster, Jan 17 2005 random, halfbakery