Re: RFC: Email 2.0: Segmail

A lot of interesting thoughts here. It addresses one part of the spam problem: the spam getting through to your inbox. What it doesn't help with is another part: the traffic of spam. Lots of bandwidth is being used by spam, and this may have no effect. Nay, I propose it will have no effect.

I base this on the domain server that I do run for an ever-shrinking Fidonet network in Toronto, Canada. The vast, vast majority of email that hits my poor server is junk. It's also mostly blocked at the source. How I know it's junk? Because the majority of email addresses that these people are attempting to hit don't exist, and never did. A significant portion is addressed to addresses that were defunct 5 years ago (and, for the pedantic of us, still are). And the next biggest group is spam for real, live email addresses. And then legitimate traffic.

Thus, using a setup like you propose, which may make my life a bit easier when reading my inbox, won't reduce the strain on the server by the large amounts of junk that it will receive, some of which will still be stored by the server until you retrieve it and Segmail rejects it.

By rejecting mail and rotating your email address, the domain will actually get more junk mail to handle, which Segmail will need to sort through, as spammers send their spam to all your outdated email addresses that they've harvested - you're giving them a much longer list to spam against, even if you don't actually see a single one in your inbox.

That said, if you take it with its shortcomings, it seems pretty neat. It does, however, stop me from sending friend A's email address to friend B - since I don't know what the email address for A is that will be valid for B. And if both A and B use Segmail, we're going to have a hard time connecting without A and B both trusting me to hand off the password-encrusted email address and deleting it right away.

I suppose that part of my concern with this is that your solution does more to hide spam than cure it, which could give a false impression to those who don't know what you're doing under the covers. Many people would be fooled into thinking that you've solved a problem when the amount of bandwidth available to their network hasn't actually improved, thus the cost of their bandwidth won't get better, but it may possibly get worse. That said, if the whole world were doing this, perhaps spammers would give up and that would have the beneficial effect - but you'd have to hit critical mass first.

Just my 2 cents CDN.

Comment on Re: RFC: Email 2.0: Segmail

Replies are listed 'Best First'.
Re^2: RFC: Email 2.0: Segmail by tirwhan (Abbot) on Sep 24, 2005 at 08:46 UTC
Tanktalus, have you tried tarpitting the senders which inundate you with spam to old email addresses? This could considerably lower the bandwidth chewed up by spam for you. Just a thought. Update: fixed link (thanks Tanktalus ;-)	[reply]
Re^3: RFC: Email 2.0: Segmail by Tanktalus (Canon) on Sep 24, 2005 at 14:56 UTC
That's a pretty neat idea (you should retry your link - it doesn't point to the tarpit entry ;->). As it is, I've reduced the bandwidth by getting my SMTP author to reject email when my filteraddress perl script says to reject it, and then to disconnect after about 4 incorrect commands - most MTAs that send spam seem to ignore the reject command, and just send the rest of the email immediately anyway, which results in hundreds of bad commands to my SMTP server. So the SMTP server now just disconnects after a few bad commands, and I don't even see the rest of the email - it's blocked partway through the header. The tarpit idea is even better - if I could just delay the rejection by a second or two, then disconnect after 4 bad commands, that could have a beneficial effect. At least that system is a good multitasker with usable threads ;-) otherwise I could overload the system with this - all these extra processes waiting around.	[reply]
Re^2: RFC: Email 2.0: Segmail by tomazos (Deacon) on Sep 24, 2005 at 03:07 UTC
Thanks for your comments. The sharing problem is no problem. If you give your email address for person A to person B, it will still work - but you and person B are now in the same "segment" together. That means if the address gets compromised than person A will have to rotate the address for both of you. Still a damn site better than rotating the address for everyone in your address book. :) As for the traffic caused by spam - I like your suggestion. Everyone use Segmail and they'll all give up. :) -Andrew. Andrew Tomazos \| andrew@tomazos.com \| www.tomazos.com	[reply]