Previous Politech message: http://www.politechbot.com/p-04735.html --- To: <declanat_private> Subject: Re: More on Earthlink's email challenge, Mailblocks lawsuit Date: Fri, 9 May 2003 09:15:09 -0600 Organization: MailSoap, Inc From: Kevin Zollinger <kevin-dated-1052925219.5088b1at_private> X-Delivery-Agent: TMDA/0.59 X-TMDA-Fingerprint: /nYiHKxXMQIZ8xJZ0+6tC0tg2Rs Declan, We have a very small company (Very small!) called MailSoap that we started because we wanted to offer challenge-response that worked to people like my Grandparents. We started with some open source software written by Jason Mastaler (http://tmda.net) and added a custom interface to webmail. We worked with Jason and his merry band of programmers to make sure that our system was configured properly. We've been using the software for well over a year with great results. I'd like to respond to a couple of your points. First, you are concerned about the lack of a Turing test from ipermitmail. TMDA, and therefore MailSoap only requires that a first time sender respond to the challenge email. In the 18 months that we've been testing the system we've only have 6 pieces of spam get through. The vast majority of all spammers use invalid return email addresses, and those spams are deleted immediately. Those that are foolish enough to use a real email address don't respond to the challenge. Second, because we have verified that their email address is a working one we can choose to take action against them. I have a law firm on standby for such actions, but to be honest I've had two spams make it through this year, and didn't sue. Because I've only seen those two spams I don't really have the anger needed to start the lawsuit anymore. Second, you are concerned about privacy policies. You should be concerned about them. I think that ours is very good (http://mailsoap.com/privacy.php) and agree that these are important. I don't think that anyone will have any concerns about ours, but would be happy to respond to any critics! Ours is a service intended to protect "people like us" from spam and virii. We have no intentions of abusing people, their privacy or their time in a lame attempt to get rich. Third, you discovered a flaw in the mechanism at ipermitmail. Other venders have had similar problems and as long as they all start from go instead of leveraging the work that has already been done we will continue to see broken implementations of CR email systems. As you know CR email systems started in mailing list software 10 years ago. There is no reason for an email vendor to ignore 10 years of development when they develop their software. If your email client is standard compliant you should only need to authenticate once with us. If I send you the initial email you won't need to authenticate at all! I am not saying that we are perfect, only that we've had a much longer period of shake out than others. Finally, you are right to be concerned about the impact CR will have on email lists. That has been one of the toughest issues to come to grips with. TMDA offers a keyword address that allows me to subscribe to an email list with an address that does not require confirmation. If you search your subscriber list for kevinat_private you won't find it. I subscribed with a keyword address that looks something like kevin-politech.5h1dg55at_private The string of numbers is a short bit of encryption intended to ensure that no one other than me can setup a keyword address, and in this case has been changed from the real one. As a final thought, there is a proposal to standardize the method used to mark system generated email. As users of email we should support this effort, and once the standard is set we should all hold our email providers responsible for their implementation of the standard. We already try to determine if a message has come from a mailing list or a robot so that we don't send inappropriate challenges, but without a standard it is pretty hit and miss. I would hope that with your support we can get a standard method to identify machine generated emails so that we can act appropriately. As always, I enjoy your list and you work. If you should choose to share my thoughts feel free to do so. You can even include my email address if you would like. Keep up the good work. Kevin Zollinger kevinat_private Co-founder of MailSoap, the home of trouble free email! ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 09 2003 - 08:38:44 PDT