spam sucks, more spam sucks even more.
i've seen a weird trend lately that my personal email adress is on phishingschemes, paypal pyramids, newsgroup free i-pod garbage etc, dunno why but that sucks. I don't get alot of spam btw, think 99% is filtered, still i have an idea, dunno if it's allready outhere.

When making an email someplace, i think if there is a website between the 2 parties that authenticate users to contact you via a onetime pincode, if they have given the pin, the users gets a signiature which then authenticates againt the emaillist and my email account, so no one is allowed to email me unless they got a pin from the special made website who hadles these issues. It's a onetimer only, so not much trouble to do it. After that one can email me forever, unless i go again to that site and block hem or her, then that users will need a new pin but does not get it, cause he or she is blocked.

makes sense? :))

You think about a big service by mail providers which can give or not some kinds of tokens for any users to send email to you ?

If I'm right, it looks like captcha.
Validate your session, while it's valid, flood...
You can be spam until you report it's a spam, that's only need a user/bot that retrieve the pin code I guess.

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Yeah somthing like it, only i must "flag" the users email when he request a PIN, so nothing can be send to me without my permission. So he could flood my box, but then i "flag" him false in the sys. and that's that, don't think spammers would take such workarround for 1 email?

If there is some notion of cooperation between spammers, there could be.
(one email address can send to you lots of real spam content in lots of email...)

But by the way, I think this kind of techniques that try to test that it's a human... is not a very good orientation for the long term (even if it can be nice for a short life forum/cms/etc.)

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

maybe i misread, but what i got from it is that he wants to keep only a whitelist of valid email addresses that can send emails to him.. which can already be done manually in many email providers filters section. This solution won't work for everybody though. If its your primary work one and you email many clients or strangers.. expect some non-delivered replies from them :/

It will indeed cut down on the spam you receive, significantly. but also makes you much harder for friends/clients to contact. But i agree it would be nice as an option.. instant message programs all already have this optional whitelist feature - email providers should consider it.

By the way though, like most security-thru-obscurity ideas, spammers will get around it should it catch on. Since this is the email equivalent to a referrer check + cookie check.

-maluc

I made a little flowchart to visualize it:

Maluc:

Quote

maybe i misread, but what i got from it is that he wants to keep only a whitelist of valid email addresses that can send emails to him.. which can already be done manually in many email providers filters section. This solution won't work for everybody though. If its your primary work one and you email many clients or strangers.. expect some non-delivered replies from them :/

Totally block all mail, send a reply message where they can sign for a key, when they got a key, it's is macthed against his/her e-mail, so next time they can e-mail me forever until i "flag" their key false again in my admin. :)

Quote

It will indeed cut down on the spam you receive, significantly. but also makes you much harder for friends/clients to contact. But i agree it would be nice as an option.. instant message programs all already have this optional whitelist feature - email providers should consider it.

Yes, but a onetime key request, doesn't seem to much of a fuss i guess. If they really wanna mail me, they can do that also for one time only.

Quote

By the way though, like most security-thru-obscurity ideas, spammers will get around it should it catch on. Since this is the email equivalent to a referrer check + cookie check

Not quite, the email is being send to the "keymaker" or "maintainer" like: mynewemail@keymaker.com, and by default everything is blocked, until i log into it and flag the e-mails who may send me mail.

That's about it of my idea.

well you do realize that email addresses can be forged at will right..? i get spam everyday coming from security@paypal.com and tonyblair@parliament.co.uk

should it become commonplace, it's only a matter of time before spammers start obtaining whitelists for each email of return addresses to spoof. Furthermore, worm spams will go unhampered.

As a personal defense for spam it should work great though. But for myself, i send just as many emails to non-friends as i do for friends. So it isn't very feasible for me n others with similar habits.

Oh, a side benefit (or annoyance), is that you can't use this email for signing up for new accounts/forums at websites. So hopefully it will keep your email off spam lists to begin with. ^^

-maluc

Yeah i understand what you mean, though with _sending mail_ this is not a problem, only when they first want to e-mail you then there is that extra onetime step.

you could modify records (domains) for a short period (say an hour) in your admin before signing up at a boards. but there are many free emailaccount sites which you can use it for, it's not a good way to store those signup mails anyway in your personal account.

so yeah, i don't see that much limitation.
the strangest thing i thought about is that we must sign into sites to contact people etc, but email is always way open for everyone, thats why SPAM.

i dunno, im willing to make a little step to get a pin and be relieved of spam till the end of my days, seems worth it for me.

Interesting, im sure i have seen or heard of this idea else were...

I might be wrong..but

If you block all email by default then ask for confirmation of the senders address by some key or code...that might work on a small scale.

What if mail company A and B both run this system, if someone from company A emails someone from Company B neither company will receive the mail because both email systems require validation before accepting and passing on the email.

Correct.

Only it's a onetime proposal, the mail is being accepted, only it requires a onetime code only. So, when requested and accepted the mail is forwarded. Then, if this is an abuser you simply block their mail access in your admin.

I'm sure there are many unseen hooks in it, like falsified mail, or mail spoofing, but it could be overcome by some good engineering I think.

Im not sure i quite follow you, why would a key work better as identification than just the mail address? I mean, why not just make a white list with mail addresses instead of PINs?

What about if i send a mail to myself?

-------------------------------
http://fr3dc3rv.blogspot.com