Ending spam is possible. Any email provider can do this without any regulation, neither government nor industry help is needed (but they can help).
The underlying issue is that spam is anonymous on multiple levels. We can't tell who sent it, or how they got your email. They need to get your email from somebody. With this system, we can easily figure out how they got your email and attack the problem at that end.
All current emails look like this:
username@url.com
The username identifies which specific person you are sending the email to, the url identifies which server will do the last mile.
My plan uses a new standard, an email address with three parts. Put a tag in the middle. I suggest using a "!" to separate it, just as the @ separates the username and the url. It doesn't have to be a "!", in fact, if different domains use different symbols, it enhances the security (by making it harder to tell what is the username and what is the tag). "!" works particularly well in this example because we can pronounce it as 'bang', just as "@" gets pronounced as "at".
Parts of my new enhanced email address:
username!tag@url.com
Your email server strips off the !tag@url.com and delivers that email to username, but also does the following.
1) Check to see if you have an active folder for all "!tag" emails. If it exists, it places that email in that folder, and moves that folder to the top of your folder list.
2) Then checks to see if you have an inactive folder with !tag. If you do, it knows that email is likely spam and puts it in your spam folder, labeling it as "inactive tag".
3) If you don't have any folder (active or inactive) for that tag (or it has no tag), it goes in a general "untagged" folder. When you open that email, it immediately asks if you want to create an active folder or declare it spam (creating an empty folder for it and then making that folder inactive.)
Example: you are username "jdoe", and your email server url is gmail.com. Enron asks you to give an email address. You respond "jdoe!enron@gmail.com" When your sister asks for your email, you tell her your email is "jdoe!family@gmail.com"
If Enron sends you real email it goes to your Enron folder. But suppose Enron get hacked (and admits it) - suddenly you start getting viagra spam addressed to jdoe!enron@gmail.com. Not a big deal, you tell Enron that your new email address is jdoe!enron1@gmail.com and you make !enron inactive.
Now suppose Enron actually makes it a practice of selling email accounts. When jdoe!enron1@gmail.com starts getting spam, you know where they got your email.
Your IT admin guy can call them up and complain, you can start a twitter war site page complaining about Enron selling emails, and/or (if your government has the right laws) you can sue them because you have evidence of what they did. Legitimate businesses will quickly bow to pressure and stop selling emails.
If enough people do this, the practice of selling emails will die out. Sure, people will still scrape emails and sell hacked emails, but we made it harder for them and easier to go after
But it doesn't matter if this doesn't happen. You already know they are selling your email address and can stop communicating with them. Just let their emails go to your spam folder. If they can't be trusted with your email, they probably can't be trusted for any other purposes.
Also note, your email is automatically folder-ed for you, with a minuscule amount of extra work on your part (thinking up tags and clicking "active folder" when the first email comes in.)
The underlying issue is that spam is anonymous on multiple levels. We can't tell who sent it, or how they got your email. They need to get your email from somebody. With this system, we can easily figure out how they got your email and attack the problem at that end.
All current emails look like this:
username@url.com
The username identifies which specific person you are sending the email to, the url identifies which server will do the last mile.
My plan uses a new standard, an email address with three parts. Put a tag in the middle. I suggest using a "!" to separate it, just as the @ separates the username and the url. It doesn't have to be a "!", in fact, if different domains use different symbols, it enhances the security (by making it harder to tell what is the username and what is the tag). "!" works particularly well in this example because we can pronounce it as 'bang', just as "@" gets pronounced as "at".
Parts of my new enhanced email address:
username!tag@url.com
Your email server strips off the !tag@url.com and delivers that email to username, but also does the following.
1) Check to see if you have an active folder for all "!tag" emails. If it exists, it places that email in that folder, and moves that folder to the top of your folder list.
2) Then checks to see if you have an inactive folder with !tag. If you do, it knows that email is likely spam and puts it in your spam folder, labeling it as "inactive tag".
3) If you don't have any folder (active or inactive) for that tag (or it has no tag), it goes in a general "untagged" folder. When you open that email, it immediately asks if you want to create an active folder or declare it spam (creating an empty folder for it and then making that folder inactive.)
Example: you are username "jdoe", and your email server url is gmail.com. Enron asks you to give an email address. You respond "jdoe!enron@gmail.com" When your sister asks for your email, you tell her your email is "jdoe!family@gmail.com"
If Enron sends you real email it goes to your Enron folder. But suppose Enron get hacked (and admits it) - suddenly you start getting viagra spam addressed to jdoe!enron@gmail.com. Not a big deal, you tell Enron that your new email address is jdoe!enron1@gmail.com and you make !enron inactive.
Now suppose Enron actually makes it a practice of selling email accounts. When jdoe!enron1@gmail.com starts getting spam, you know where they got your email.
Your IT admin guy can call them up and complain, you can start a twitter war site page complaining about Enron selling emails, and/or (if your government has the right laws) you can sue them because you have evidence of what they did. Legitimate businesses will quickly bow to pressure and stop selling emails.
If enough people do this, the practice of selling emails will die out. Sure, people will still scrape emails and sell hacked emails, but we made it harder for them and easier to go after
But it doesn't matter if this doesn't happen. You already know they are selling your email address and can stop communicating with them. Just let their emails go to your spam folder. If they can't be trusted with your email, they probably can't be trusted for any other purposes.
Also note, your email is automatically folder-ed for you, with a minuscule amount of extra work on your part (thinking up tags and clicking "active folder" when the first email comes in.)
No comments:
Post a Comment