During a recent Slashdot story regarding a mailing-list being blocked, I came up with a simple idea to eliminate spam.
Someone has probably thought of it already but I was thinking that I should publish the idea before someone else patents the idea if it hasn't been patented already
The idea goes like this:
- Only white listed FROM sources can send to your base email address. So you can email me directly at my.name@my_company.com but only if you are on the whitelist.
- If you send an email to my base email address and you are not on my white list, you receive a reply with a link to an http site where you may need to provide some info and pass a CAPTCHA test.
If you pass the test either (a) you get an email address in the form my.name--1xhy2349zz0@my_company.com which you can use to reach me in later correspondence and not have to pass the CAPTCHA test. (b) You get added to my white-list. In either case, the mail that was sent doesn't need to be resent
If you don't pass the test and you are not on my white list, I don't want to hear from you.
- A potential improvement could be to accept emails if any of the CC'ed addresses matches a white listed address or if the email address used to reach me was assigned to an email address in the CC'd list. This would allow Reply-To-All to work w/o any major issues.
- If I want to register to a mailing-list, I generate the above address myself and provide it to the site.
Other alternatives include:
- Use an address without the my.name such as anonymous--12hjhyb8yh@my_company.com
- Use a self named address such as my.name--from-slashdot@my_company.com to easily identify the source responsible for an eventual leak.
- Check a special folder for a confirmation email. If the email server waits 5 to 10 minutes before sending the link, this gives you time to intercept the latest confirmation message and add the sender to the white list.
That's it. If any of the addresses get compromised, simply delete the "TO" email from the list of valid emails or remove from whitelist.
Deleting an email address could even provide an automatic unsubscribe message to mailing lists that provide the required interface
When replying, use either the base address or the secondary address - It doesn't matter. A smart email client would provide the ability to automatically add the "to" base addresses to your whitelist.
This method could easily be implemented by google, msn, yahoo and other web email service providers as well as email servers.
It's too simple there must be a flaw but I don't see any it.