|Welcome to the Monastery|
RFC: Email 2.0: Segmailby tomazos (Deacon)
|on Sep 24, 2005 at 00:47 UTC||Need Help??|
I've just presented a draft spec of this system to a private members-only site I am running.
As, if this does go ahead in any way shape or form - it will be implemented in Perl (of course) - I wanted to bounce it off my fellow PerlMonks too.
Let me know what you think:
This is a specification for a non-existant software system codenamed "Segmail". It doesn’t exist yet – nor may it ever.
++ BACKGROUND ++
The problem with current email infrastructure is that the From address of an email message is based on the honor system.
Anyone can send a fake message to you, and make the message look like it has come from someone else or simply "no one at all".
This is one of the biggest causes of spam. The ability to send email anonymously means that once someone gets your address and sends you email, there is no way to (a) identify them; and/or (b) stop them from sending you email.
Over time, the problem compounds, and you receive more and more junk email.
Current junk email filters are either not very accurate, or require a real correspondent to “jump through a hoop” by answering a challenge/response.
The only way currently to really stop junk mail is changing your email address. This is a pain, because you have to tell everyone you know that you have a new address. Doing it more than once a year is impractical.
++ PROS & CONS ++
With that in mind, lets talk about the Pros & Cons of this new theoretical system called “Segmail” which I am going to specify.
Segmail is compatible with normal email. You can use Segmail to exchange email with someone that doesn't use Segmail, and still get all of the benefits described.
Furthermore, it allows you to continue to use your current email client software (Outlook, Eudora) and even in many cases your current Internet Service Provider and mail server.
Compared to existing systems, Segmail is 100% accurate. That means no false positives. No real mail will be marked junk. Almost no junk email will get through (at least much less than any current system).
Segmail allows you to accurately identify who is sending you email (or at least who gave them your email address). This is not technically possible with current systems.
As a corollary, Segmail allows you to block an individual correspondent from sending you email. This is not technically possible with existing systems (as they can't identify who is sending the email).
Segmail does not require your contacts to “jump through a hoop” with a challenge/response.
The downside is that you can’t give people your email address unless you have Internet access handy to use Segmail. You need Segmail present to generate your email address. You will see why.
Also, your email address looks really long and ugly. This is only really a problem when you have to write it down, or give it to someone over the phone.
Thirdly, you have to change your email address once, when you first start using Segmail. You cannot use Segmail with your current email address.
++ ENTER SEGMAIL ++
Segmail itself is implemented as an email proxy. You check your email through it via POP/SMTP with a normal email client. (eg Outlook, Eudora, etc). Segmail then talks POP/SMTP to your real email server on your behalf.
A domain is setup for each Segmail user such that any incoming message to that domain goes to their POP mailbox. Eg - For John Doe, the domain might be john.doe.com – so any message to email@example.com, firstname.lastname@example.org and email@example.com goes to John’s POP mailbox – and through Segmail.
Segmail maintains a database with your address book in it. You can access it via a normal user interface (web, native, wap, whatever).
Segmail generates and stores a random password for each entry in your address book.
It uses this password to generate a different email address for each entry in your address book. These email addresses "segregate" the exposure of your email address(es) - hence the name.
++ SENDING MAIL ++
When you send a message, Segmail checks to see if the recipient is in your address book - if not, a new entry is automatically created.
Next, Segmail changes the From address of your outgoing message to a new address. The new address contains the password associated with the recipient.
For example. - suppose John Doe had a friend, Tom Smith.
The secret password that Segmail generated for Tom Smith is gh3f3gh3. Segmail would change the From address of John's outgoing message to be "firstname.lastname@example.org".
The "john-tom" bit is to help keep track of it by humans. (It's John's address given to Tom). Segmail itself is really only interested in the password.
Basically, each person, company, or indeed any place where your email address is exposed – is given a different email address for you. Each of these email addresses has a “password” in it, so that it can’t be guessed.
Each person sees a different email address for you.
++ SETUP ++
As part of the setup process, when you first put your address book in Segmail, it gives you the option of sending out a “my email address has changed” to each of your contacts. Each contact receives a different email address for you (as in the example above).
The user interface to Segmail presents the option of generating a new entry manually. This allows you to generate an address for the places where you expose your email address down other channels, other than by sending email.
For example: Filling in your contact details at your bank. You go to Segmail, create a new entry “bank” in your address book. Segmail gives you an address like "email@example.com" – which you then give to your bank.
++ RECEIVING MAIL ++
When Segmail receives mail it checks to see if the password is valid. If it isn’t, it marks it as junk (bounces it, deletes it, challenge/responses it, moves it to a different folder, whatever).
If it is valid, it lets the message through. If the From address does not match the entry in the Address Book, a warning is added to the bottom of message that contains the original address of the correspondant in the address book.
Segmail allows you to "block" or "rotate" an entry in your address book.
When an entry is "blocked" it no longer accepts mail with that password. You would do this if you start recieving unwanted mail through that address.
When an entry is "rotated", a new password is generated and the old one marked old. When a message is received at the old one, an automatic message is sent to the correspondent saying “My email address has changed. Please resend your message to my new address. My new address is BLAH” – where BLAH is the encoded email address with the new password in it.
++ ADVANCED: WEB EXPOSURE ++
A special entry could be placed in the address book under "web", specifically for the address you will place on your web site (if you do so). It could be linked to Segmail, to automatically rotate every few days. A web-exposed email address is one of the most common sources of unwanted mail, by making the address stale every few days it would go a long way to curbing it.
Physical business cards can be rotated as well, but most likely over a longer time period than a few days.
++ FEEDBACK ++
Please consider the following questions:
1. Are there Pros of Segmail not mentioned?
2. Are there Cons of Segmail not mentioned?
3. Can you think of any constructive improvements or changes to this system?
4. What do you think of it in general?
Thanks for reading!