jongrose Posted August 12, 2005 Share Posted August 12, 2005 I've been thinking about some improvements to the Spamcop mail system recently, and I thought there may be some ways to improve the service. Some of these have probably already been requested in the past, so I apologize in advance if they have. But, I would appreciate it if someone would forward these along to the SysOps and admins of the network. 1) Increased mail storage. With Gmail, Yahoo, and other free email services offering huge amounts of storage space, I think the time has come to go beyond our 25mb capacity. Obviously, hard drive prices are decreasing, and space is becoming easier to come by and access, so I think account upgrades for paying members would be a nice bonus. 2) Spamcop SMTP server. This is one thing I really haven't liked with Spamcop since the beginning. I use my providers SMTP (as most people do) who access SC through POP3. However, I think it is prudent to launch an SMTP server. Obviously, with the security and features SC already utilizes, I'm sure this could be implemented pretty easily, and used very security. We can already send email through the Webmail, so why not through our email clients? 3) SPF/Domain Keys/Sender ID support. This goes along with the above message, and if SC was running their own DNS and SMTP servers, these new protection schemes could be implemented to function with SC. We are, afterall, the leader in reporting spam and technology dealing with it, so I think one or all of these systems could be implemented. 4) Thunderbird (or Outlook) plugin for Spamcop that allows users to report their email the same way as logging into the webmail. I realize Spamcop has a forwarding address, but I think this would make ease of reporting spam much easier and not be hard to implement. 5) A permanent anonymized return address. Whenever you send a munged report, your address is hidden with a numeric sequence in the front of it (12345[at]spamcop.net) to hide your identity when reporting. How about the ability to create a static return address like this, so you could post your address without fear of being harvested with your identity matching. I realize you can amend +whatever to your SC address, but not all forms will accept a '+' character into their forms, and this also gives away the first part of your email address, and the addon can easily be stripped off. Another interesting concept is the Mailinator approach, which uses a system to create a 'disposable' email address of sorts. 6) More country based filters. Ideally, I would like to see the option of blocking every country. I had requested a Phillipines filter awhile back and never heard anymore of it. I seem to get quite a bit of junk from the Phillipines lately. I would also like to see blacklist functions where IP/hostname ranges can be defined by the user individually for their own account. This would allow a user to define what they personally want blocked, and not fudge up the rest of the network blocklist and what other users want and need. Couple other ideas... option to filter by language, or unicode characters (say you only speak english and you get a message in Chinese or in unicode characters that the client can't read? Those could be filters. Mixmaster support. More PGP support with a key generated when the account is first opened and give the user the option to attach the key to their signature, and upload it to public keyservers. That's all I can think of for now... Link to comment Share on other sites More sharing options...
Wazoo Posted August 12, 2005 Share Posted August 12, 2005 PGP - http://forum.spamcop.net/forums/index.php?showtopic=3413 http://forum.spamcop.net/forums/index.php?showtopic=3080 http://forum.spamcop.net/forums/index.php?showtopic=1000 PGP support with a key generated when the account is first opened and give the user the option to upload .... hardly a secure way to handle things ... if you're going to install/use PGP, your key/pass codes are part of that installation ... I sure wouldn't want to try to figure out how to support all the issues involved with creating this type of data, probably connecting non-securely, not having a clue what a "pass phrase" is, much less what a good one is .. knowing full well that within 10 minutes, that magic phrase will be forgotten anyway .... folks think I'm grumpy now <g> unicode query was moved to this forum just within the last day or two ... answer there is still the same ... I've not chased down the data .. BL by country ... got a reference? does it work (well)? With all the movement of APNIC, LACNIC, etc., etc. .. is it up to date and stay that way? Response times for some of the existing lists has been an issue in the past. permanent anonymized return address ... ???? history already exists that spammers have user reportIDs as e-mail addresses in their spew ... why would you think that using a numeric address (which some ISPs don't allow either) would make such a big difference? Thunderbird (or Outlook) plugin for Spamcop ..???? as compared to folks that POP/forward their e-mail to their own app that already does this ... there are plug-ins available for Outlook, have you checked the FAQ ... Thunderbird is obviously waiting for someone to write the code .... (but ehy try to POP a webmail server that does in fact already offer IMAP/POP/forwarding to another account?) Spamcop SMTP server ... already begged for a number of times ... lots of issues involved, some of it boils down to simple time availability. Despite blowing out the FAQ here to try to head off some issues, JT is simply overwhelmed by the e-mails already going direct to him for all kinds of support ... a lot of it not having anything to do with a SpamCop Filtered E-Mail Account .... and again pointing out that providing support for the SpamCop system is only part of his actual business ... Increased mail storage .... with the issues demonstrated by collecting too much e-mail in one's account, what and where would the gain be by increasing the allowable space? (again, an item existing in the FAQ here already) Not knocking the requests/suggestions, just not sure that you looked around very hard before coming up with the list ...???? Link to comment Share on other sites More sharing options...
agsteele Posted August 13, 2005 Share Posted August 13, 2005 Hi jongrose! Thanks for taking time to suggest improvements in this forum. I think this is a very helpful way to unpack the issues behind improvements and attempt to gain consensus on whether the ideas are worth pursuing. I have comments on some of your ideas. 1) Increased mail storage. 2) Spamcop SMTP server. 4) Thunderbird (or Outlook) plugin for Spamcop 5) A permanent anonymized return address. 6) More country based filters. option to filter by language, or unicode characters More PGP support with a key generated when the account is first opened and give the user the option to attach the key to their signature, and upload it to public keyservers. 31614[/snapback] I don't see any great benefit in increased storage to many users but I suppose those that use the Spamcop mail account as their main online presence might find that useful. I anticipate that it is ultimately a cost and time issue. Someone has to make time to increase the disk space and there has to be the capability for all members to use the full allocated amount. So some extra disk purchases would likely be needed. I doubt you'll see this in the short term but it could be useful to some. As Wazoo notes, the SMTP server is a regularly requested feature. However, there are many good reasons to avoid this and it is largely unnecessary and, indeed, inefficient. It is always better to send through your 'local' SMTP server to reduce bandwidth use. As you say, you can use the ISP's SMTP server. The plug-in could be useful but somebody has to write it If there's anyone willing to have a go then I don't suppose anyone will stop them but, as you note, you can forward to your mail reporting address. I have an alias in my mailbox and simply forward the message to that short alias and it is every bit as quick as opening a plug-in and doing the necessary. I can't think of any reason I'd want or need a permanent anonymised address. If it was permanent that would defeat the object of preventing my real address from being spammed or abused. The unwanted messages would reach me because it was permanent. My understanding from your suggestion isn't that Spamcop mail provides an anonymous remailer but otherwise I don't see the benefit. I can certainly see the potential for more filtering whether via country-based blocklists or unicode characters. I'm not sure what other countries you'd include that are not already included and who would maintain the blocklists. I'm sure that if you had particular country blocklists in mind that they would be included if appropriate. I'm sure, though, that the PGP ideas you suggest would not be sufficiently secure. I certainly wouldn't want a PGP key generated on my behalf. The whole point about public key encryption is that the 'owner' retains complete control of their private key. A public key generated by a third party on my behalf is not secure and provides no assurance to the recipient. Neither can I decrypt anything sent to me without the private key. I presume you are thinking of use within the webmail interface alone and I guess the encrypt/decrypt could be made to work but I'd not be happy with this option as described. Thanks for taking time to propose ideas. Let's see what others have to say. Andrew Link to comment Share on other sites More sharing options...
jongrose Posted August 13, 2005 Author Share Posted August 13, 2005 PGP - http://forum.spamcop.net/forums/index.php?showtopic=3413 http://forum.spamcop.net/forums/index.php?showtopic=3080 http://forum.spamcop.net/forums/index.php?showtopic=1000 PGP support with a key generated when the account is first opened and give the user the option to upload .... hardly a secure way to handle things ... if you're going to install/use PGP, your key/pass codes are part of that installation ... I sure wouldn't want to try to figure out how to support all the issues involved with creating this type of data, probably connecting non-securely, not having a clue what a "pass phrase" is, much less what a good one is .. knowing full well that within 10 minutes, that magic phrase will be forgotten anyway .... folks think I'm grumpy now <g> Yes, I agree that PGP is a complicated system. In fact, I think the fact that it's so complicated is probably one of the main reasons that the majority don't use it. However, with increased privacy concerns from many sources (of which I'm sure I don't have to go into) I think encrypted email is becoming more and more necessary. The idea of having an internal SC PGP system came to me after I used some of the newer breeds of PGP for the first time recently. I used to use MIT's version, which was then bought out, spun off, made free, and recommercialized (which added to the confusion) until I stumbled upon Enigmail, a Thunderbird plugin. It works with GnuPGP to launch a wizard, create a key with passcode for you, and implement buttons in the email client to encrypt, decrypt, upload your keys, and include them in your signature. It is very easy to use and a great addon. The problem being again is the lack of other people wanting to use it, or not seeing the need for added security when emailing. Anyway, that might be something beyond the reach of SC, but it was just a thought I threw out there. BL by country ... got a reference? does it work (well)? With all the movement of APNIC, LACNIC, etc., etc. .. is it up to date and stay that way? Response times for some of the existing lists has been an issue in the past. The lists I'm referring to are from www.blackholes.us (can't seem to access it ATM). My idea would just be to give more options for these blacklists under the Spamcop Tools -> Blacklist filters for each country. I mentioned the Phillipines for example, and that seems to be where I am getting a large portion of spam from recently, although I have no idea if that reflects on any network wide or global trends, I would just like to see a country wide filter for them. Otherwise, manual filtering set within the account so I can go in and say I want to block email from *.ph IP ranges or something along those lines. Whether or not the existing blocklists are functioning properly or with IP ranges constantly changing, I don't know. permanent anonymized return address ... ???? history already exists that spammers have user reportIDs as e-mail addresses in their spew ... why would you think that using a numeric address (which some ISPs don't allow either) would make such a big difference? This idea came to me from reading an article (I don't remember where) about how when you sign up for a craiglist account, they assign you with an anonymous forwarding address. This way, it prevents revealing your identity and tracks where the email was harvested from if you're getting spam to that address. Like I mentioned, I utilize the myemail+yahoo[at]spamcop.net feature, but that reveals my identity prior to the '+'. I don't know if I'm fully explaining it, this is just a brainstorm idea. Thunderbird (or Outlook) plugin for Spamcop ..???? as compared to folks that POP/forward their e-mail to their own app that already does this ... there are plug-ins available for Outlook, have you checked the FAQ ... Thunderbird is obviously waiting for someone to write the code .... (but ehy try to POP a webmail server that does in fact already offer IMAP/POP/forwarding to another account?) I mention Thunderbird because of it's open source nature and the ability to write noncommercial plugins that are supported by a community. I have looked at a few Outlook/OE plugins for spam (one of them used the SCBL I believe) but they weren't that great. Spamcop SMTP server ... already begged for a number of times ... lots of issues involved, some of it boils down to simple time availability. Despite blowing out the FAQ here to try to head off some issues, JT is simply overwhelmed by the e-mails already going direct to him for all kinds of support ... a lot of it not having anything to do with a SpamCop Filtered E-Mail Account .... and again pointing out that providing support for the SpamCop system is only part of his actual business ... I thought IronPort was managing most of the SC business... I looked at their page and noticed all their nice rack servers for mail and I thought that maybe SC could just use one of those. I don't know exactly what the business model is for SC, but I assume for a person to use SC as their sole email address, SMTP is an inevitability. I am not a great fan of webmail myself, but I believe as email evolves (Such as with SPF, etc) that something along the lines of a sendmail server would be beneficial overall. Anyway, I'm sure you've had this arguement before many times - but SC as an email service provider is in competition with some large companies that provide more space, pop/smtp, spam and virus filtering and etc. How so before they will provide similar reporting services for their free users? Increased mail storage .... with the issues demonstrated by collecting too much e-mail in one's account, what and where would the gain be by increasing the allowable space? (again, an item existing in the FAQ here already) I'm not sure I understand your response, but I'll glance over the FAQ. I don't see how increased space could be a bad thing. Since Google Mail upped the antie with 2GB storage, increasingly other email providers are following a similar path. Not knocking the requests/suggestions, just not sure that you looked around very hard before coming up with the list ...???? I tried searching for PGP, SPF, and Sender ID.... but Invision board (as most all other boards) don't like searching for words under 4 characters. I did do a Google site search, but the results weren't that great. Anyway, this was just a basic brainstorm of ideas I came up just as suggestions, I'm not trying to force them down anyones throat or imply that SC is a bad service. Link to comment Share on other sites More sharing options...
jongrose Posted August 13, 2005 Author Share Posted August 13, 2005 I have comments on some of your ideas. I don't see any great benefit in increased storage to many users but I suppose those that use the Spamcop mail account as their main online presence might find that useful. I anticipate that it is ultimately a cost and time issue. Someone has to make time to increase the disk space and there has to be the capability for all members to use the full allocated amount. So some extra disk purchases would likely be needed. I doubt you'll see this in the short term but it could be useful to some. That's true, but it seems to me that if Google, Yahoo, and others can offer free email with vastly larger amounts of space, then it must not be that difficult to implement. HDDs are becoming extremely cheaper, and along with it, we're seeing much more storage space all over the web. Not to mention with the advent of much larger file sizes for attachments and so forth it's just an evolutionary process to increase space on any system like web hosts, email, and even your own person PC (my first harddrive was ~100mb) As Wazoo notes, the SMTP server is a regularly requested feature. However, there are many good reasons to avoid this and it is largely unnecessary and, indeed, inefficient. It is always better to send through your 'local' SMTP server to reduce bandwidth use. As you say, you can use the ISP's SMTP server. I'm sure it saves SC bandwidth, but again, this is a paid email service. I would expect a full ranges of services from such, such as POP/SMTP. Is cost a continued problem for SC even after the buyout? The plug-in could be useful but somebody has to write it If there's anyone willing to have a go then I don't suppose anyone will stop them but, as you note, you can forward to your mail reporting address. I have an alias in my mailbox and simply forward the message to that short alias and it is every bit as quick as opening a plug-in and doing the necessary. Yes, someone will have to write it. Although I understand XML is not a complex language. The thing about forwarding the email from within the client is you can't just open the email and click forward. You have to to manually view the source, paste it into an email and then forward it. A small task, but I'm sure it could be easily automated with a reporting plugin and would cause less bounces back from SC and have a more efficient process. I can't think of any reason I'd want or need a permanent anonymised address. If it was permanent that would defeat the object of preventing my real address from being spammed or abused. The unwanted messages would reach me because it was permanent. My understanding from your suggestion isn't that Spamcop mail provides an anonymous remailer but otherwise I don't see the benefit. As I mentioned in the reply to Wazoo, how I got the idea from craiglist. The other thing is that increasingly the need for anonymous email is becoming more prevelant. If you're not familar with the Mixmaster Anonymous Remailer System have a look. As the EFF reports, bloggers and the like are becoming under increased scrutiny for having to publish personal data. Although I don't know if SC needs this level of anonyminity, I would assume that this could be easily implemented considering that each time you report a spam, a new return address going back to you for munged reports is generated. So, it would have the dual feature of not revealing your identity, as well as tracking to where the mail was harvested from. I can certainly see the potential for more filtering whether via country-based blocklists or unicode characters. I'm not sure what other countries you'd include that are not already included and who would maintain the blocklists. I'm sure that if you had particular country blocklists in mind that they would be included if appropriate. I personally think that there should be an option for a block list for every country on the planet. Spamming is coming more and more from compromised zombie networks in third world country computers, so they can change rapidily. I also never expect email from outside the US, except under rare circumstances, and even then it would just be dropped into my held mail folder where I could view it. This is just an option to make the SC service more personallized and individuallized. Obviously, not everyone would want to turn it on, but some people may, and that gives people just another option to filter their mail. I'm sure, though, that the PGP ideas you suggest would not be sufficiently secure. I certainly wouldn't want a PGP key generated on my behalf. The whole point about public key encryption is that the 'owner' retains complete control of their private key. A public key generated by a third party on my behalf is not secure and provides no assurance to the recipient. Neither can I decrypt anything sent to me without the private key. I presume you are thinking of use within the webmail interface alone and I guess the encrypt/decrypt could be made to work but I'd not be happy with this option as described. The main contradiction in PGP is the fact that it is supposed to be severly secure, yet no one uses it. So, you have the trade off of having an already generated key or none at all. Take a look at which is an encrypted email system that encrypts emails two and from Hushmail users, and users who use PGP. It is a very secure system, and very easy to use because it requires almost no user interaction. It may be less secure, and you might have a slightly greater chance of someone breaking your key, but still my arguement is that if no one uses it as it is, a little security is better than none at all. As time goes on and PGP becomes more widespread, easier to use, and more and more implemented, then those issues could be addressed. Thanks for the comments. Link to comment Share on other sites More sharing options...
dbiel Posted August 13, 2005 Share Posted August 13, 2005 Just as a reminder about storage quotas, at present this is a non-issue. Unlike many email providers that have hard limits on storage which if exceeded result in blocked mail; SpamCop does not have any hard limits. The recommended limit is just that, recommended. If necessary it can be exceeded. As with all systems, the more mail that is in your box, the more time it takes to process and open up the file each time you log in. Some people have experienced other problems when they left too much mail pile up. Again, refer back to the FAQ previously referenced. Also, take a look at the sub forum, How to use SpamCop filtered Email, especially the link to "How I use SpamCop" there are some excellent examples which just might give you a different insight on how SpamCop can be used, and while you are there, consider adding your own example. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 13, 2005 Share Posted August 13, 2005 but SC as an email service provider is in competition with some large companies that provide more space, pop/smtp, spam and virus filtering and etc.31630[/snapback] SC is an email filtering service more than an email service provider. Also, you keep mentioning space limitations....at present there are NO spece limitations with spamcop. They may be listed but they are not enforced. The limitation is a practical one based on the webmail software in use. The more messages that need to be filtered upon login, the longer that login takes until the session times out. There is (was) a beta test of the newest version but I have seen no movement on that front in months. I no longer use it because of the reporting limitation. Link to comment Share on other sites More sharing options...
agsteele Posted August 13, 2005 Share Posted August 13, 2005 Yes, someone will have to write it. Although I understand XML is not a complex language. The thing about forwarding the email from within the client is you can't just open the email and click forward. You have to to manually view the source, paste it into an email and then forward it. A small task, but I'm sure it could be easily automated with a reporting plugin and would cause less bounces back from SC and have a more efficient process. 31631[/snapback] I'll not comment on the other bits than to say, although the SpamCop Email service is, as you note, a paid for service I pay for it for the unsolicited mail filtering not for the Email service. As you point out there are many services available without a cash price that offer just as good a service for Email. They don't offer the excellent junk mail filtering that I get with my SpamCop Email account. Now to the mail plug-in. It is much easier to avoid the opening the message, viewing the source, copying and pasting. In the mail program I use I simply open the message as normal, click Forward with the original message as an attachment and type in the alias I've created with my Email reporting address - 3 mouse clicks and type in an alias. I'm happy with that but if anyone else is willing to step up and write a Thunderbird plug-in it would be welcomed I'm sure. Andrew Link to comment Share on other sites More sharing options...
Lking Posted August 13, 2005 Share Posted August 13, 2005 That's true, but it seems to me that if Google, Yahoo, and others can offer free email with vastly larger amounts of space, then it must not be that difficult to implement. 31631[/snapback] You do get what you pay for. I have noted in this fourm several postings complaining about gmail. Don't I remember when google started offering gmail there was a big to do about them wanting the mail stored on their drives so they could scan it to see what your interest were and "provide you better searches." Of course the free part is paid for by all the add you get to see while reading your mail - and who knows what with the information mined from your mail. It is a little counterintuitive to suggest that SC, the screge of invasive spam, should offer the same services that others offer for free by invaiding your privacy. Link to comment Share on other sites More sharing options...
Wazoo Posted August 13, 2005 Share Posted August 13, 2005 Credit needs to go where it's deserved ... it was Phil Zimmermann that came up with PGP. Even the current 'commercialized' version offers a free - not for commercial use package. The "difficulty" boils down to the "being secure" part of the plan, definitly a problem when trying to work within a Windows environment <g> main contradiction in PGP is the fact that it is supposed to be severly secure, yet no one uses it Yep, been that way for many, many years. Again, the tradeoff between ease-of-use and actual security. The dichotomy of its use can't be overlooked .. some offices making it mandatory, some countries treating its use as an illegal act. they assign you with an anonymous forwarding address. This way, it prevents revealing your identity and tracks where the email was harvested from if you're getting spam to that address. The FAQ here also contains a link to sneakemail.com, which is just what you describe. Is cost a continued problem for SC even after the buyout Though not cognizant of the business arrangements (none of my business) ... IronPort is supporting/maintaining the Reporting/BL side of the house ... e-mail, newshroups, and this Forum are still on JT's hardware on the other coast. As above, IronPort's hands are not 'here' The SpamCop Filtered E-mail Account is based on the "Filtered" part of the package. The free-reporting is an extra benefit. IronPort (thus far) has nothing to do with this side of the SpamCop system (as noted in many of my posts about the freedom I've been allowed thus far in doing things 'here' like the Forum version of the FAQ) searching for PGP, SPF, and Sender ID.... but Invision board (as most all other boards) don't like searching for words under 4 characters. I did do a Google site search, but the results weren't that great The 4-character thing is an SQL matter, set to not index all those short words (a, an, the, if, but, etc.) Searches on your items 'here' would have only pulled up problems with those 'features' .. like SPF destroying "forwarding" ... basically, technolgy that is not ready for prime-time .. hmm, kind of the same situation you used to describe PGP, deployment and utilization ..... Link to comment Share on other sites More sharing options...
jongrose Posted August 15, 2005 Author Share Posted August 15, 2005 You do get what you pay for. I have noted in this fourm several postings complaining about gmail. Don't I remember when google started offering gmail there was a big to do about them wanting the mail stored on their drives so they could scan it to see what your interest were and "provide you better searches." Of course the free part is paid for by all the add you get to see while reading your mail - and who knows what with the information mined from your mail. It is a little counterintuitive to suggest that SC, the screge of invasive spam, should offer the same services that others offer for free by invaiding your privacy. 31641[/snapback] Well, Google is now just one of many. I mentioned it mostly because it set an industry standard, and most other free web based emails upped their space too. As far as the privacy policies go, I can't really comment as I haven't reviewed them all. Not to get too far off topic, but the Google Adsense ads are generated on-the-fly though, so it's basically just scanning for text keywords to create an ad link based upon that. I use POP3 to retrieve my Gmail, so I never see the ads, although they still could be scanning it. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 15, 2005 Share Posted August 15, 2005 Well, Google is now just one of many. I mentioned it mostly because it set an industry standard, and most other free web based emails upped their space too. As far as the privacy policies go, I can't really comment as I haven't reviewed them all. 31671[/snapback] And AGAIN, as stated in the FAQ, there is NO implemented space limitation for SpamCop webmail. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.