E-Mail
Guardian™
(email-guardian.com)
Guarding
Your E-mail in Ways You Control™*
|
Understanding
the E-Mail Guardian Process
You
send an e-mail to Alice
with her password = #>
|
#>
Internet
>>> (spam) >>>
|
E-Mail
Guardian
|
#> Alice
|
You <#
|
E-Mail
Guardian
|
<<<
(spam) <<< Internet
<#
|
<#
= Alice sends an e-mail
to you with your password
|
Here
we Compare E-Mail
Guardian™
to Other Spam Blockers
(This
was written mostly during 2004 but little has changed.)
Spam
is now an enormous problem because the customary
e-mail address is connected directly to the
Internet without any form of protection. This
means that anyone who gets your e-mail address
gets to send you e-mail whether you want it
or not. Ryan Singel in Wired News1
writes, "... spam is no joke. ISPs [Internet
Service Providers] have said junk e-mail now
constitutes 60 percent of all e-mail traffic.
Howard Beale of the Federal Trade Commission
told Congress this spring that "spam threatens
to destroy e-mail."" Speaking of the
hazards of spam Mr. Singel also wrote, "Unwanted
e-mail remains especially pernicious for children
and people with dialup connections, e-mail-enabled
cell phones or PDAs." We believe that
after laws are passed to limit this form of
harassment we can still expect that more clever
ways will be found to circumvent them. E-mail
scams are growing in number. And then there
are those that write viruses or virus programs
and attach them to e-mail that can install
themselves as soon as you open an attachment.
These programs can enslave your computer to
infect more computers or they can install
key-stoke programs that can learn security
codes, etc. So we need a solution that we
can trust, that when used properly, will prevent
these things from happening.
Note
1: In an article by Ryan Singel called Spam
Pitches Are Mutating Faster, Wired News,
10/28/2003.
There
are several methods used to try to identify and stop spam, like
keyword blockers and Bayesian filters2.
What these programs do is stop your e-mail for a moment, scan the
words, and then sort and send them on (to your Inbox, Trash, or
to another location for further analysis) based on what they might
contain. But serious spammers also use their own programs to try
to trick these programs. By contrast E-Mail
Guardian™ 'asks' every e-mail to identify itself.
It says, show me your valid password or go away! And when converting
for use in other languages it does not have the language translation
barriers inherent in keyword blockers and Bayesian filters. This
means that, regardless your language of use, you don't need to hire
an army of people to create and constantly update software to filter
your e-mail and you don't need to use a separate e-mail service
just to block spam; a simple password is all that's required.
Note
2: From the same article Ryan Singel writes:
"Bayesian filters use complex statistical
techniques to classify messages by analyzing
the words and headers of past e-mails. Based
on constantly updated data, they then score
incoming e-mails and tag them as real, spam
and possible spam."
Antispam
genetic filtering. There is a community-based
model for this method called Cloudmark.
To make this method work the company collects
rejected e-mails from all members of the community.
Then each rejected e-mail's origin is recorded,
analyzed and classified by the main filtering
system. If the e-mail source is identified
as producing spam future e-mails from that
source are blocked for all users in the community.
Like keyword blockers and Bayesian filters
we think of this type of spam filtering as
hindsight detection. Obviously they can never
be 100% accurate, and can be seen as never-ending.
In fact, Cloudmark says it analyzes
over 100 million rejected e-mails a day! In
terms of being a simple to use and trouble-free
process the Cloudmark website also has a long
list of what to do if this or that happens.
Challenge-response
spam filtering. Imagine the following:
You want to speak to a neighbor you don't
know, so you walk over to his house and you
knock on his door. Instead of opening the
door, inviting you in and speaking to you,
he says, prove to me who you are first (because
he doesn't know you or trust you). Since you
didn't think to bring your wallet or any identification,
you need to walk home to get your identification.
Later, you bring him proof of identity and
he responds to you. This scenario is the premise
of challenge-response spam blockers. Our personal
experience is that we sent an e-mail to someone
without calling first to identify ourselves.
A few hours later (because the Internet is
now sometimes bogged-down with viruses and
spam) an automatic message came back asking
us to prove that we were human (and therefore
probably 'okay' for the sender to respond
to) by asking us to copy a code that an automatic
spamming program could not copy and respond
to. Once the second e-mail was sent with the
code entered we waited for what would happen
next. The next day we got a response from
the sender to our original e-mail. Yes. It
works. But as a method that challenges every
e-mail that may contain spam it surely has
the potential to cause an enormous traffic
jam on the Internet.
Coupled with the continued use of a conventional
e-mail address book that is susceptible to
hijacking we believe E-Mail
Guardian™ to be a better solution.
There
is a method that only lets e-mail through
when the e-mail address is in your e-mail
address book. This method is a good way
for us to begin showing preference for the
password technique because it's using a form
of recognition, rather than trying to figure
out if the e-mail contains spam, but we think
that using conventional e-mail address books
is a bad method overall and that this method
of recognition fails to take into account
at least two considerations. The reasons we
think using addresses in address books is
a bad method overall will be explained when
analyzing ZoEmail. The two considerations
not taken into account are: 1) it doesn't
allow you to receive e-mail from people who
are not in your address book; 2) it doesn't
take into account problems like receiving
bogus e-mails that appear to be coming from
people you know, but are not3.
Note
3: This is known as spoofing, and spoofing
is disguising an e-mail to appear like it's
coming from an e-mail address belonging to
someone you know, but it's not.
We
pay tribute to the door, one of the world's
greatest practical needs!
Door
Knock,
clack, buzz, ring or use your password to
get permission to get beyond it!
At
this point in the evolution of the crazy out-of-control
world of the Internet, think
what the world might have been like before
people used doors!
Don't
you think that it's time that we all began
to take some control of our own individual
world by asking others to get permission to
enter our personal space? Doesn't everyone
want some level of personal control? E-Mail
Guardian™
gives you control over the e-mail portion
of the Internet that is your personal space,
just like installing a door. Choosing to use
a service instead is like moving up to a gated
community - it makes you feel safer but you
still need to be careful and do all the work
according to the community rules. Maybe it's
better; maybe it's not, depending on what
is offered.
Can
you depend on those who legitimately send
you e-mail to use your password? Why not?
If they understand the problem and want their
e-mail to be received, not blocked, why not?
Wouldn't you do the same for them?
Helping
you to Understand
To
be clear, we are not talking about sending
or sharing 'digital certificates' here4,
although we recognize that the continued
use of digital certificates are an important
way to prove who the parties are and for creating
secure e-mail (SSL5), and
we are not talking about domain keys6.
We are simply talking about a code you gave
to another, like the word 'friendly3' that
the sender sends back as proof of permission
to be accepted. When automatically sending
the password we usually put it in the e-mail
header7, just to keep it
out of the way, but it can also be entered
manually and sent in the subject line. Either
way, because spammers cannot read our e-mail, E-Mail
Guardian™ is the Internet equivalent of a secret door
knock between two parties, not a 'registered'
identification code or mark that is controlled
by a third party8. E-Mail
Guardian™ compares the ID's
(one in the Password Register and one in the
e-mail) then allows those e-mails that contain
a match, and trashes or deletes all others
according to your preset instructions. Since
spammers would not have access to the personal
ID or special code, spam is eliminated. Since
the personal ID is under your control you
are able to change it at anytime, if you even
needed to.
Note
4: (From the on-line dictionary at whatis.techtarget.com)
"A
digital certificate is an electronic "credit
card" that establishes your credentials when
doing business or other transactions on the
Web. It is issued by a certification authority
(CA). It contains your name, a serial number,
expiration dates, a copy of the certificate
holder's public key (used for encrypting messages
and digital signatures), and the digital signature
of the certificate-issuing authority so that
a recipient can verify that the certificate
is real. Some digital certificates conform
to a standard, X.509. Digital certificates
can be kept in registries so that authenticating
users can look up other users' public keys."
Note
5: (From InstantWeb.com) SSL is "Secure
Sockets Layer (SSL) A protocol
designed by Netscape Communications Corporation
to provide encrypted communications on the
Internet."
Note
6: To limit spam Yahoo.com recently proposed
domain keys. A domain key, as we understand
it, would essentially be another form of digital
certificate, and far too complicated and restrictive
than is necessary for this application, and
would not allow you to decide which e-mail
is to be received.
Note
7: (From the dictionary at InstantWeb.com)
The header is "the part of an electronic
mail message ... that precedes the body of
a message and contains, among other things,
the sender's name and e-mail address and the
date and time the message was sent."
It is also "The portion ... preceding
the actual data, containing source and destination
addresses, error checking and other fields.
"
Note
8: Like the patented Servicemark service provided
by Habeas.com.
And like Habeas we can deliver e-mail to over
300 million email in-boxes worldwide.
ZoEmail
Recently,
a new e-mail service was announced - ZoEmail,
US patent #5,930,479. It offers a password system within
the e-mail address, a process originally patented by AT&T Labs.
At first we thought this method was the best way to block spam,
and voided our patent application. But after careful review of the
differences we believe our method is even better. Because we spent
a good portion of time reviewing it, we will spend some time explaining
the differences:
.
|
ZoEmail
|
™ <#
E-Mail Guardian
#> ™
|
1 |
E-mail addresses over time usually get listed, known and harvested
by spammers. Since the password is in the e-mail address there
will be a need for you to keep changing passwords to reduce
or prevent spam. |
A password is only included during legitimate and purposeful
email correspondence. It's placed in the e-mail header, which
cannot be seen unless you actually receive an email that includes
a password. This makes it less likely that a password would
be discovered. So even if your e-mail address becomes known
to spammers spam is blocked (because it doesn't have a proper
password). |
2 |
By
virtue of the combined password and email address ZoEmail puts
your password in the address book of others, which means that
your e-mail address (no matter how unique) is now susceptible
to address book hijacking and resending to others in your name. |
We
do not put the password in any address book so if someone receives
e-mail in your name (without a password) it would still be blocked. |
3 |
For
ZoEmail to prevent spoofing (see note 3) they must assign or
compare the ZoEmail to another name or e-mail address, which
means they must also store this information somehow. |
To
prevent spoofing E-Mail Guardian just looks for a password. |
4 |
The possibility exists of you receiving your own special ZoEmail
with a virus attached, sent from someone else's address book,
although ZoEmail will probably be able to delete the virus with
virus protection software |
Viruses can come from many sources - you should always use virus
protection software. |
5 |
Yes. You can keep your ISP (Internet Service Provider) for surfing
the Internet but you must subscribe to the ZoEmail service for
e-mail because once your e-mail address is altered your current
ISP can no longer recognize it. |
The passwords used to stop spam are separate from your e-mail
address so you don't need to use any special e-mail subscription
service unless you want to, but you will need to download and
install E-Mail Guardian
to work with your e-mail program. |
6 |
To
make the protection work you must first send each new e-mail
address to the receiving party. |
You
do not need to send an e-mail first, although you need to somehow
tell others the password they can use. |
7 |
You
are dependent on a 3rd party subscription service to receive
your e-mail. |
You
are not dependent on a third party to receive your e-mail. |
8 |
You
must pay ZoEmail for extra e-mail storage space if you use more
than they allow, when this storage space is most probably already
available on your computer. |
You
store your own messages on your own computer as you do now without
any additional cost in storage space. |
9 |
By having a 3rd party webmail service store your personal messages
on the Internet you increase or decrease the risk of having
information you consider to be private and confidential read
by others, depending on your computer settings. |
Your
personal and private information is not at any increased or
decreased level of risk because it's still in your computer,
not in a server on the Internet. |
10 |
- |
In
our opinion E-Mail
Guardian
is easier to use. |
The
most significant difference between the two approaches is that E-Mail
Guardian™ compares passwords to determine acceptance
or rejection using any e-mail program that we can support,
recognizing that an e-mail address is a navigation tool to get e-mail
from one Internet location to another, while ZoEmail accepts or
rejects passwords only within its own e-mail addresses. ZoEmail
is part of a family of what's known as DEA's (disposable e-mail
addresses) that are offered by a number of private label e-mail
service providers9. The difference between them
is that ZoEmail is using a combination password and e-mail address
that is patented.
Are
you saying that you do not recommend ZoEmail? No! We are saying
that ZoEmail's provides a very good method to block spam. But given
the ability to work with other programs, and provide protection
at the server level,
E-Mail
Guardian™
is even better.
Note
9: DEA e-mail services allow you to add e-mail
addresses or change your email addresses for
different purposes. For example your provider
might let you create or have e-mail addresses
like, sam1@deaexample.com, sam2@deaexample.com,
sam3@deaexample.com, etc.
TurnTide
is the final e-mail spam blocking technique
we will discuss. We confess. We are not knowledgeable
enough to judge this product. They claim that
their routers do 'TCP traffic-shaping' by
detecting spam right back to the source, and
then they throttle it down so much that the
spammer cannot even deliver it. They say they
analyze e-mail and let the good e-mail through.
"But spammers have a problem. Instead
of a spammer crippling your network and clogging
your bandwidth, it's the spammer who gets
bogged down. The spam never gets to leave
the spammer's computer." For large e-mail
system providers this might indeed be the
best solution. But if it's that good they
may have a big problem, because a free speech
advocate might just say 'take your hand away
from my mouth!' Free speech is powerful stuff!
We think this argument will eventually prevail
and we will again need our own individual
spam blockers.
We
have not compared prices on any product because
we believe that any service that provides
a good way to block spam and stop viruses
is worth a fair price - consider the value
received.
Additional Features
E-Mail Guardian™ has the ability to selectively admit or deny other forms of communication, like voice-mail and live video. When these features are more widely used we intend to configure E-Mail Guardian™ to allow the user to control these forms of communication in a more advanced version of this product.
E-Mail Guardian™
has the ability to provide password protection at the server level to reduce network traffic that each individual e-mail account user can control, or ISPs (Internet Service Providers) may use to help reduce filtering costs.
Simple to understand, quick to setup and easy to use. A user-friendly process with few restrictions.
E-Mail Guardian™ proves that good solutions can also be simple ones.
And the Best Part is...
E-Mail
Guardian™ makes protecting from spam far better, cheaper and easier because it puts it in the hands of the user where it rightfully belongs. (And everyone wins!)
|