Certified Email Not Here to Reduce Spam 197
An anonymous reader writes "Goodmail CEO Richard Gingras surprised Legislators and advocacy groups today when he announced that the CertifiedMail program being implemented by AOL and Yahoo is not meant to reduce spam. Rather than helping to reduce spam Gingras claimed that the point is to allow users to verify who important messages are really from, like a message from your bank or credit card company."
Thats my motto. (Score:5, Insightful)
As predicted (Score:1, Insightful)
Secondary Effects (Score:2, Insightful)
Won't help a bit (Score:5, Insightful)
People don't even notice security features. They don't notice HTTPS, they don't notice certificates, they don't even notice bogus URLs. Why should they notice a "verified" mail (or lack of this verification)?
And those who do already know how to deal with phishing mails, they are already capable of discriminating between fraudulent and legit mails.
Money (Score:4, Insightful)
In other words, we'll still get spam (Score:5, Insightful)
Hello, McFly?! If I'm expecting emails from my bank, I'll be putting them on my safelist anyway! Them and everyone in contacts, emails for forum notifications, newsletters that I want.
This doesn't seem to be doing anything other than making money for someone else.
Re:Secondary Effects (Score:5, Insightful)
The problem is, if most of the users were smart enough to realize that, we wouldn't have phishing because people wouldn't fall for it in the first place. I mean, it isn't exactly hard for users to realize that http://666.43.123.666/bankofamerica/mylogin.php [666.43.123.666] isn't a valid BOA website. If they can't figure that out, why do you think this will be any different?
*sigh*
Re:Won't help a bit (Score:3, Insightful)
May I point out that by combating spam one would 'implicitly' combat messages from data fishers?
Oh Really! (Score:2, Insightful)
Certified delivery of spam (Score:5, Insightful)
There Will Be Spam (Score:3, Insightful)
Just like every other problem the 'bad guys' face when exploiting the rest of the population, they will find away around this too.
The news will be that if this practice does go into wide usage, spammers will turn toward draining large, anonymous bank accounts to fund their e-mail influxes.
This 'tax' will only create more problems than necessary.
My advice: leave what isn't broken alone and if you do have problems, then I suggest you install a good e-mail filter to pick out the spam that does get through.
Nothing to see here. (Score:3, Insightful)
We've heard this before... (Score:2, Insightful)
Re:Secondary Effects (Score:3, Insightful)
Instead, they want to make money from legimate companies that want to get their messages to end users. This is a win win for the ISPs, but does nothing for end users.
As discussed many times here the only way to defeat spam is to choke off the money flow to the people that use spam to advertise. There are two ways to stop the flow of money. First is to go after the spammers and advertisers. So far this has proven ineffective. Second way is to go after the idiots that actually buy stuff from spammers. This should be relatively easy. Send out spam and when the idiots bite you get their IP addresses and their names and probably their credit card info. Then send the police around to their homes to confiscate their computers, cancel their ISP connections, and ban them from using computers or the Internet forever. It will take about a year or two to track all the idiots down, but once the flow of money has been stopped the spam will stop.
Can't we already do this... (Score:2, Insightful)
Re:Also (Score:2, Insightful)
Besides the obvious problem of everything being intercepted by NSA+AT&T in the first place, it will only make it more difficult to tell phishing from the real thing, mainly because you'll be expecting it to be trustworthy. Old phishing techniques may have used mass mailings which could be blocked by spam filters, but that's not necessarily the case any more.
broken way to fix phishing too (Score:3, Insightful)
so suddenly you have to pay for _all_ your mail just to maintain your credibility. and then what if you cross the spam-complaint level goodmail sets accidentally and they throw you off their system (as they are contractually obliged to do)? does that mean that nobody will ever trust your mails again? do you get to send out one last certified mail saying "okay from now on pay no attention to that little flag?"
it seems a really bad idea for a big company to place their credentials in trust with a third party and then let them charge them for every mail they send
Re:Won't help a bit (Score:3, Insightful)
I'll sort my own mail, thank you... (Score:3, Insightful)
uh, GPG (Score:2, Insightful)
Re:It's not so easy anymore. (Score:3, Insightful)
Re:We already have a better way to do this (Score:2, Insightful)
What happens when you lose you private key, and can't decrypt those important messages about your accounts and the cotracts for service (banking, deposit holding, interest etc are all contracted servies)? And then a tax audit, bankruptcy, or civil suit that requires legal discovery?
Without evidence to defend yourself, life is sooooo much mre difficult.
These sorts of reasons are why PGP, gpg and S/MIME never work in corporate environments - the problems are worse than the benefits.
Lyal
Of course it's not... Just like SPF. (Score:2, Insightful)
is a communication medium where you only accept people you "trust" and reject the
others). It's meant to protecte trademarks, and push responsibility away from the
sender (i.e.: "you should have checked who the mail came from, ours are signed).
Yahoo, and of course banks and other institutions who want to defend their
credentials love SPF and similar systems. They don't care about SPAM, they just
don't want to get blamed by customers and their insurers for phishing mails and
the like.
Re:Won't help a bit (Score:3, Insightful)
So instead of faking the signatures, you fake the most-used mail client's "signature-verified" icon instead.
True, a faked icon will appear in the mail rather than in the GUI's "chrome", as it should, but the problem is that most non-technical users don't notice such "subtle" distinctions.