ContentsTopim2000 ConceptsSecurity and Spam

Security and Spam

How can you ensure that your method of verifying identities cannot be exploited to "harvest" mail addresses for spamming?

The point is, the "closed-door" concept. Even if everybody has teoretically access to all mail addresses on the globe, it's of no use, as

  1. Almost nobody retreives Email from an unknown sender (without further looking)
  2. You always can reach the sender, so the advantage of the anonimity spammers abuse is not given.
There are a lot of consecuences of the "mail storage on sender side" concept, which assure that abuse will not increase beyond manageable limits, and there are also a lot of acompanying mecanism, like Quality Advertising which will allow the user to filter out unwanted Email even before it hit's her/his mailbox, if at all it will be received.

The mail storage may be exploitable by people probing for unread outgoing mail.

The notification message send to the recipient contains a per message challenge, encrypted with the public key of the recipients "account". To retreive a message from a mail storage, this challenge has to be shown to the mail storage server, now encrypted with a one time key sent by the notification. It will be difficult for an intruder to desencrypt the challenge, and fake the other half of the one time key.

Sender Blacklisting will require an enormous sender/recipient database on every mail server that will increase exponentially in size as well as the mail processing time as the Internet grows.

First of all, The "closed-door" aproach initially performas as "deny-all" blacklist, and the user starts to whitelist senders she/he trusts. A whitelist will not likely be growing exponentially but at most linear with age of the account.

A lot of Email will not be sent to, but collected. If a consumer wants to get advertisement mails she/he goes to advertising sender accounts and reads anonymously what is there.

As with blacklists, it will be more likely, that ISP's block senders which send unsolicited Email. As black-sheeps are easily identified - they cannot hide. ISP's will be interested to only have few of them, else notifications coming from their server could be blocked and they'd loose their users - remember, that it easy to migrate to another ISP, which can even be on another continent, without loosing your Email address!

Another model is to hand out temporary access keys per senders which are stored as credentials on the senders globally accessable registry. If the recipient finds out that she/he does not like to receive anymore mail from the sender, she can simply revoke the key.

Spammers can trawl for addresses. The protocol will have to report which are valid and which are invalid. Then they sell the list to other spammers like they do now.

There is no point in selling information anybody can retrieve for free on the Internet.

If you're still getting the spam, what's the point of switching to a new protocol?

There's a diference between unsolicited Email and Spam. im2000 gives the user complete control over the first one. The last one will never stop to exist, because people trust people, and this does not work out in all cases. However with im2000 every person who suddenly starts to think, for example, that her/his friends love letters suddenly fade over to stoking will be able to block him/her out, if this stops the other from stoking is the question.

Jorge.Lehner@gmx.net

ContentsTopim2000 ConceptsSecurity and Spam