|
|
I've been giving some thought to the email spam/malware/adware delivery problem. Despite significant gains over the years toward combating email spam, it's still a big problem.
Gmail set the standard with their approach using aggregate community behavior data to decide what's ham and what's spam, but it only helps Google mail users. Bayesian and other spam-scoring schemes have produced various levels of success. Major anti-spam portals have also produced significant results.
Yet, email spam continues to be a growing problem, particularly now that it's a major delivery platform for malware and ransomware distributors.
Most solutions look at spam largely from the viewpoint of the content of emails. I've been thinking about it in terms of who the senders are.
Reputation is a big concept these days, yet for some reason it doesn't seem to be considered a big concept in combating email spam. Certainly, there are some systems that measure and use reputation to some degree, but it's nowhere near universal. I think perhaps that it should be.
I've been toying with the idea of starting an open source project from this perspective (unless someone can point me to one that already exists that does most of what I'm talking about here). My thinking is still in its early stages, but it runs along the following lines:
I. Provide plugins for Outlook, Apple Mail, Windows Mail, Thunderbird, and other email clients that do the following:
a. Provide users with a one-click way to whitelist favored correspondents. Build a button or link into each email thread in their client. If the user's correspondent is not whitelisted, the button or link offers "Whitelist" and "Blacklist" as clickable options. If the opposite is true, then it offers "Unwhitelist" and "Blacklist" as options. One click does the job.
b. Provide users with a simple, built-in way to set up email client encryption. Users find it daunting to set up local encryption, to say the least. It should be more widely and easily available.
1. Software negotiates most of the setup work with certificate providers like Comodo who offer individual certificates. User is only asked to provide personal data requested by the CA for issuing the certificate. Software does everything else.
2. Cloud tracks public keys.
3. Client optionally checks DMARC/DKIM/SPF for users whose email providers don't adequately check this stuff server-side.
c. Periodically (daily?) send data to a cloud that tracks simple ratings of user's interactions with their correspondents.
1. Whitelisted correspondents get a high score.
2. Correspondents who end up in the user's junk/spam folder get a low or negative score.
3. Others get a neutral score.
4. Data includes frequency of correspondence with each correspondent.
d. Three folder levels created and used: inbox, junk, and "new correspondents".
1. "New correspondents" would be senders that client hasn't seen before and that don't end up in the junk folder right off the bat because it already scored as likely spam.
2. Inbox would be for emails from whitelisted correspondents and possibly from correspondents with very high reputation scores.
e. Integrate local bayesian scoring already supplied by the client into this system as well.
II. Provide cloud or distributed network to track:
a. User scoring of correspondents
b. Public keys for client encryption
c. "Neighborhood" scoring ... who tends to correspond with clean correspondents, and who tends to correspond with shady correspondents?
d. All cloud accounts are scored on-going based upon their interactions with other correspondents. Scores are assigned based on their histories, with special weight toward their most recent histories.
e. Correspondent scores are available to clients for easy checking.
This isn't a complete outline, by any means, but it's a start.
Thoughts?
|
|
|
|
|
Your viewpoint intrigues me; I would like to subscribe to your mailing list
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
It's early days. I don't have a mailing list set up yet. I'm still just exploring the possibilities. But thanks for expressing interest!
|
|
|
|
|
This is a very interesting idea.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
I agree (despite my probably misquoted Homer Simpson reply).
Who the Hell flagged it as spam?
If anything, it's a discussion that guys like us should be having.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: Who the Hell flagged it as spam? I don't see anything about being flagged. It just got caught by the filters, I have released the message
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
The only problem with this is the spammer often hijack e-mail addresses. There was one time when mine was hijacked to sell fake rolexes. For the next 2-3 weeks, I was getting bounced emails form every-which-way, coming from blockers that recognised the text.
Cheers,
Mick
------------------------------------------------
A programmer is a person who always checks both ways when crossing a one-way street.
|
|
|
|
|
Were they the good fakes with almost real sweep?
Any left? How much?
Sin tack
the any key okay
|
|
|
|
|
It's a valid concern! That was why I included the bit about checking DMARC/SPF/DKIM for users whose email providers don't check them closely. But that may not be a complete solution.
|
|
|
|
|
SMTP is both a blessing and a curse. While it succeeds in making it painless for users to send email, it also makes it all to easy to spoof somebody's email address (which you could probably buy a million of them for $20 if you know where to look). With .Net, I wrote an email spoofing application that created a nearly identical email (HTML and all) to that of my director of information security at the time in less than 20 minutes. I found the process informative but the security team did not.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Foothill wrote: found the process informative but the security team did not. Did they at least react to it and improved the system?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
An interesting question, but how do you improve the system in a way that counterfeit copies can't be made of the emails sent within it?
|
|
|
|
|
That's why I am asking the question
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
And that's why I'm proposing vetting the sender!
|
|
|
|
|
I wrote the program to test how a new ticketing system responds to spoofed emails. The system didn't detect the spoofing but, luckily, we had the foresight to have an automated confirmation response generated and sent to the sender whenever a security email was received and a ticket created. The spoofee, if they were paying attention, would see that a security request was made for an email that they did not send.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Member 13118628 wrote: Most solutions look at spam largely from the viewpoint of the content of emails. I've been thinking about it in terms of who the senders are.
I wish companies would stop using email services that have a reply-to/sender line like "sent by wgaf-3521861-a-s-33455@whatever on behalf of SomeCompany"
Kind hard to set up filters when their address changes everydamntime.
|
|
|
|
|
GenJerDan wrote:
I wish companies would stop using email services that have a reply-to/sender line like "sent by wgaf-3521861-a-s-33455@whatever on behalf of SomeCompany"
Well, with the system I'm proposing, companies that choose to do that will risk having their emails ending up in spam filters, like they do today.
Even without my system, I suspect they'll find it's even more of a problem to get their emails delivered as time goes on.
I'm curious though ... have you seen any like that where they weren't sending some kind of commercial email message? Which companies?
|
|
|
|
|
Walt Thiessen wrote: I'm curious though ... have you seen any like that where they weren't sending some kind of commercial email message? Which companies?
I get them like that from Corel for general announcements and such. And another one, that I can't recall off-hand, but the same sort of "on behalf of" nonsense.
There've also been a number of emails from one or another company where the domain changes randomly, like a.email.somecompany.com, b.email.somecompany.com, etc. Not impossible to set up for, but a pain in the butt when I have 12 different rules for the same source.
|
|
|
|
|
GenJerDan wrote: I get them like that from Corel for general announcements and such. And another one, that I can't recall off-hand, but the same sort of "on behalf of" nonsense.
Yes, that's what I thought. "General announcements" are basically low-grade spam messages. They're going to see lower and lower open rates over time.
|
|
|
|
|
If I were to pursue this project, I'd be looking for help from others to create it. Just wondering how many might want to help?
|
|
|
|
|
|
"Works on my machine."
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
I guessing that they do not want to have all zones to come on at the same time, causing the water pressure to drop and therefor limit the volume of water that gets to any specific zone.
but, yes, devices like these, or light/socket timers, central heating systems, solar controllers etc. can be pretty bad...
|
|
|
|