Mail Spammers Beware! - Your time has come

So, we’ve all been there. We download an app and months later after forgetting even the name of this app, we continue to receive emails about the latest features or what they plan to release as features in our mailbox. When we get bored of individually deleting these emails(or worse the spam marketing you never cared abt), we see the ever illusive caption:

We’ve now got the option to literally go to the company/spammer that’s been annoying us and request, well that they stop annoying us. Sometimes we even need to log in and prove it’s us before doing so and of-course by this time, we’ve forgotten any credentials we might have had. So it starts off with a password reset, followed by a new email confirmation and then back to unsubscribe and a message saying “You’ve successfully unsubscribed”

That’s pretty much a crappy process.

  • Why is it that when we the consumers want to not be spammed, we need to “request” not being bothered from the same people that are causing this nuisance?
  • Why can’t spammers ever be the ones to care more about their inbox than the end users?
  • What’s the guarantee that unsubscribing really gets us unsubscribed from our spammers?

^^ All valid questions :). So when @dirvine & @anon86652309 walked into the office on Thursday and said “Viv you want to hear this out. Think we might have a neat solution for mail spam.” I was more than interested to hear them out. Currently in the SAFE network when your MPID(your public id’s) send messages to another public Id, they travel to the recipient via his close group and if they are not online, the message stays with the recipients close group until he comes back online. When the user gets back online, he gets a few notifications with all these offline messages.

What David proposed here was to not send these messages past the sender’s close group(got your attention yet?) and in it’s place only send a tiny packet notification(by tiny we mean reallyyyyy small) to the receiver informing him “You’ve got mail”. Now if the receiver has not blacklisted the sender the actual mail is retrieved by the receiver’s close group else the sender is paying(via space) for these mails clogging up his mail quota. Now any user’s said outbox is a fixed size(prolly variable by rank and sorts. Let’s skip details right now). So if a user is not online to receive his email’s or if he “blacklists” a sender, they end up never actually getting mails from the sender instead of a masked Junk folder. Tricky bit here is when the receiver blacklists the sender, his close group will silently drop the notification packets from the sender thus intentionally causing the sender to end up with a clogged up outbox. The sender needs to now ensure he doesn’t end up spamming himself(ah times have changed) which is going to block him from sending any new mails once full. If the recipient was offline when the mail was sent to him, he still gets notified of this action and the message is retrieved by the network for the recipient if the sender wasn’t blacklisted.

It’s great that blacklisting a sender here is only at the recipient’s side, but still impacts the spammer. He doesn’t have to go to the spammer and ask him to play nice. He really just deals with his own inbox and the network takes care of the rest. Kind of starts showing the power of the SAFE network to be unique than a copy of today’s internet. As a spammer, ah well sucks to be you I guess :slight_smile:

There are quite a few ways this helps App dev’s making mail clients spend their time in app features than deal with the sheer handling of spam for their user’s let it be via Junk mail folders, mark as Spam, signing up to services to unsubscribe from Spam.

  • Mail client’s can now even try to synchronize say blacklists across friends/family to more effectively block spammers before a user is affected directly.
  • If a normal user does get a clogged outbox (too many recipients off-line) their apps can take the message back and resend it when that user speaks to them, or simply retry after an interval. If spammers pretend to act like normal users, they then need to pay attention and behave exactly like one at which point they become a user :slight_smile:

This is like the personal ranking/rating mechanisms discussed in the forum, but is real-time and individual, which is great as the network does not need to calculate a persons rate, but the network members do so in real-time. This is possible in the SAFE network as close-groups have this authority to manage nodes and they are not owned by any entity, except maths. We can surely expect to see some more very surprising uses of this as we roll the testnets out. This is an important design pattern in truly decentralized networks.

If you’ve read this post until this point, I’m sure your next question is “Great. When can I have this already?” which would definitely be replied with “Patience pls :). This is an idea that needs to get implemented in the system libraries and should make it’s way to the testnet’s. You guys will definitely hear more about it’s details as it gets implemented and can track/contribute to the process via JIRA”. You can also check the work going into the MPID - Design Docs.

17 Likes

@Viv thanks for sharing this!

2 Likes

Brilliant! This feature will get noticed by everyday users.

5 Likes

Amazing, especially if on a stats or intelligent culling basis this type of process can be generalized to search to weed out unwanted commercial spam (with switch to flip it off if someone wants that.) But great.

Love this. I can blacklist you now @Viv :wink:

4 Likes

Okay, so the spammer sends a junk mail message to user@dot.com.org. Does the user’s SMTP gateway accept this email or not?
If yes, how does that stop spam?
If not, how can you get this email later?

This is for mail messages in the SAFE network, if you’re sending a message to user@dot.com.org, network isn’t doing anything for you at this point.

A client app to facilitate migration could detect it’s a SMTP mail address than a SAFE network MPID and switch the sending functionality, however this doesn’t have anything to do with the network itself.

When this feature is live and tested, if a user gets spammed in the traditional mail system, it’s probably time they switch to use SAFE network MPID’s for mail :slight_smile:

3 Likes

I see, so there’s also a new client.

It’s a tough nut to crack. For example a spammer would simply remove the content checking part to be able to send spam at will. Then you’d have to have signed email apps that are impossible to break (and probably - for all practical purposes - they’d be like closed source because you couldn’t change them, if there’s a checksum/PGP signature-checking mechanism).
And if you’re only reachable by this MaidSafe address, you couldn’t really (unless there’s a gateway) subscribe to any mailing list or receive email from the outside, could you?
Also, you couldn’t send email to the outside world because your messages (coming from nowhere, basically, no DNS/MX record, etc.) would be characterized as spam, right?

We’ll see how it goes. For now I’m slightly pessimistic about this particular app/use case scenario.

To build a messaging app on top of MaidSafe, that makes sense (it could be called maidmail :smile: ). But to build “traditional” mail and route it via MaidSafe would be very complex.

Think you’re still confused with this. Just to be clear there is no content checking the network or an app’s doing. What I meant with:

is that a mail client app that’s capable of handling Safe network messages “or” regular SMTP stuff, could based on the recipient address alone differentiate if it’s a SAFE MPID address(safe://someone) or the other(someone@something.some-suffix) and use the protocol that caters for the address. As soon as you’re not using the network, the network isn’t going to be able to help you.

Yes this post and this feature currently is very much about maidmail and not the network trying to influence what happens outside it. Hope that clarifies your doubt.

Thanks for clarifying that in detail.

I may be confused about this, though: if the app filters Safe network messages or SMTP, but only Safe network messages are actually filtered then traditional (SMTP) email must be filtered the traditional way. Can you clarify this?

Yes this is all SAFE messaging and will not affect SMTP as that’s a different system. If we can do something later than great, for now though I think we secure SAFE first then see what else we can do. For the moment this is all SAFE mail :smiley:

5 Likes

I like this a lot. Very nice, and one hell of a selling point - as users will “get” this from day one, even easier than the SAFE aspect.

It seems to hang on how this works, which I don’t understand:

I understand that we make it hard to spam by effectively limiting the amount of undelivered messages using a storage quota for the sender’s outbox, and that this will somehow be related to rank, and if I read the above correctly, this includes some kind of “behaves like a regular user” detector in the code.

The devil is in the detail! Is this thrashed out in any detail yet.

First spammer responses might be to:

  • keep messages small (use links, less images, keep text limited)
  • set up multiple accounts
  • cycle messages that have not delivered between the outbox and some other space (you mention regular users needed to be able to recall and later resend if their outbox gets full - so could a spammer exploit this)

Spamming happens now because it costs next to nothing to send, which means an extremely low hit rate still pays. A “hit” might be visiting a legitimate website, a legitimate sale, or deceiving the recipient into installing a malware payload. Any of these could be a high payoff.

To defeat some spam, even a lot, just means shifting more cost onto the spammer.

To defeat most/all of it, we need the cost to outweigh the potential rewards, or rather to make the net reward less attractive than some other activity. Its hard to know what this might be. I guess it would push spam towards high value targets (malware on targeted individuals - but hopefully that will be hard on SAFE because of anonymity).

Sounds very promising - I’d love to understand the detail more and probe it. Thanks for sharing this.

1 Like

Please also add the much requested HashCash feature. So that I can get paid Safecoins to be SPAMMED. Don’t forget the DailwithaSmile knob, this will enable me to set a price how many Safecoins I want, in return for a message.

Btw this message is also:
https://images.duckduckgo.com/iu/?u=http%3A%2F%2Fwww.oliverthring.com%2Fwp-content%2Fuploads%2F2010%2F10%2Fspam.jpg&f=1

As much as I’d like to see all these features (I’m talking about HashCash, not anti-spam), I’m concerned the breadth of ideas is growing too wide. As a basic rule, resource constrained teams should first do one thing and do it well.

Is anyone expecting spam to be a problem on the MaidSAFE network? I thought it’d make sense to follow the usual practice (Skype, Whattsapp) and simply block all non-contacts from contacting you. Problem solved, no?

correct.

this part isn’t right. There is no “behaves likes a user” detector in code. What I meant by that was a spammer trying to spam is just like any user who might have filled his outbox. They need to cancel or take back their messages from their outbox and try again later. Important part is this effect is felt directly by the spammer than the recipient. Benefits of this feature are to pretty much act from the user’s side and have the effect ripple to the sender without a user needing to go and request the spammer to stop spamming them.

4 Likes

Ok, so does the scheme depend on it being hard for spammers to move mails between their outbox and some other storage?

Maybe we need a “cost of recall”, something a “normal” user will hardly do, and not notice, but if done a lot would quickly make spamming cost too much to be worthwhile?

1 Like