Technical Solution to resolve the global "Email Spam" problem
Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad
Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael Von: members-discuss <members-discuss-bounces@ripe.net> Im Auftrag von Elad Cohen Gesendet: Sonntag, 26. April 2020 18:06 An: members-discuss@ripe.net Betreff: [SPAM] [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: <https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Vio lation> https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol ation The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" ( <http://example.com/nospam-notification-callback> http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad
Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can... Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de wrote:
Sorry Elad,
i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of.
In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
Silvan, You didn't even read the technical solution that I wrote, maybe you will read it first ? Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 7:29 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can... Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de<mailto:info@cowmedia.de> wrote: Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael
Hi Elad, There are many smart people on this world. I've been in IT for too long. If someone tells me they have a "technical solution" to spam I don't buy it because it's either so convoluted we can rather just turn email litterally off (as in, stop accepting email, close port 25 and go back to a "closed" world - like back in the days of compuserve? Where you get to-down-control. Reminds me of "New IP" with the top-down control. I read it to the point of reading about a centralized website, and stopped there We do not want top down control in this place, so obviously any top down control is doomed to fail from my point of view. The solution to spam is education. if people finally would stop falling for 419 Scams, they would cease to be if people would finally stop buying viagra online, they would cease to be spammed for if people would fall for the fake bride scams, I would not receive boobies by email anymore. but unfortunately, it seems at some of the spammers customers think with their genitals instead of their brain still. You can't fix this with a technical solution. so, make the customers go away by learning, the business dies down. simple economics. I belive in simple economics. BR Silvan On 4/26/20 4:37 PM, Elad Cohen wrote:
Silvan,
You didn't even read the technical solution that I wrote, maybe you will read it first ?
Respectfully, Elad ------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> *Sent:* Sunday, April 26, 2020 7:29 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem
Hi Michael,
this is not about any technical solution. This is Elad trying to position himself for the upcoming election.
This is an election campaign. Nothing more.
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever.
Silvan
On 4/26/20 4:22 PM, info@cowmedia.de <mailto:info@cowmedia.de> wrote:
Sorry Elad,
i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of.
In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
Tbh since the onset of the global pandemic and subsequent lockdown I’ve seen a huge decrease in both the amount of junk mail I receive and also the number of unsolicited phone calls I’m getting. It’s as if an entire continent has been told not to go outside, or even go to work, and very few of them have broadband available at home ... (or has a disaster recovery it plan in place) Anyway I confess I’ve switched off from most of these threads now but I sure know who I won’t be voting for as a result of the lengthy thread, so I guess some good has come from all of this :) – Jon Morby
On 26 Apr 2020, at 17:46, Silvan Gebhardt <silvan@unavailable.online> wrote:
Hi Elad,
There are many smart people on this world. I've been in IT for too long. If someone tells me they have a "technical solution" to spam I don't buy it because it's either so convoluted we can rather just turn email litterally off (as in, stop accepting email, close port 25 and go back to a "closed" world - like back in the days of compuserve? Where you get to-down-control.
Reminds me of "New IP" with the top-down control.
I read it to the point of reading about a centralized website, and stopped there
We do not want top down control in this place, so obviously any top down control is doomed to fail from my point of view.
The solution to spam is education. if people finally would stop falling for 419 Scams, they would cease to be
if people would finally stop buying viagra online, they would cease to be spammed for
if people would fall for the fake bride scams, I would not receive boobies by email anymore.
but unfortunately, it seems at some of the spammers customers think with their genitals instead of their brain still. You can't fix this with a technical solution.
so, make the customers go away by learning, the business dies down. simple economics. I belive in simple economics.
BR Silvan
On 4/26/20 4:37 PM, Elad Cohen wrote: Silvan,
You didn't even read the technical solution that I wrote, maybe you will read it first ?
Respectfully, Elad From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 7:29 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem
Hi Michael,
this is not about any technical solution. This is Elad trying to position himself for the upcoming election.
This is an election campaign. Nothing more.
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever.
Silvan
On 4/26/20 4:22 PM, info@cowmedia.de wrote: Sorry Elad,
i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
It is useless to reply to you before you will read the whole post. What you wrote is incorrect. Respectfully, Elad ________________________________ From: Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 7:45 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Elad, There are many smart people on this world. I've been in IT for too long. If someone tells me they have a "technical solution" to spam I don't buy it because it's either so convoluted we can rather just turn email litterally off (as in, stop accepting email, close port 25 and go back to a "closed" world - like back in the days of compuserve? Where you get to-down-control. Reminds me of "New IP" with the top-down control. I read it to the point of reading about a centralized website, and stopped there We do not want top down control in this place, so obviously any top down control is doomed to fail from my point of view. The solution to spam is education. if people finally would stop falling for 419 Scams, they would cease to be if people would finally stop buying viagra online, they would cease to be spammed for if people would fall for the fake bride scams, I would not receive boobies by email anymore. but unfortunately, it seems at some of the spammers customers think with their genitals instead of their brain still. You can't fix this with a technical solution. so, make the customers go away by learning, the business dies down. simple economics. I belive in simple economics. BR Silvan On 4/26/20 4:37 PM, Elad Cohen wrote: Silvan, You didn't even read the technical solution that I wrote, maybe you will read it first ? Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online><mailto:silvan@unavailable.online> Sent: Sunday, April 26, 2020 7:29 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can... Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de<mailto:info@cowmedia.de> wrote: Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael
Hi All, I generally lurk here but a small comment on this.. Reading the thread, my humble opinion: @Elad - noting the comments, I think I do agree that email problems / solutions might be better submitted as an RFC (https://www.ietf.org/standards/rfcs/) .. Ripe is a LIR mainly tasked with administering IP number resources. ... At the same time, I do love your obvious passion for addressing problems and looking freshly at possible solutions. Regarding the upcoming election - I have just had a look at the page with Candidate Biographies to judge a little how I might vote - at https://www.ripe.net/participate/meetings/gm/meetings/may-2020/candidate-bio... .. and I can't see you there, so would suggest please to submit / add a biography if this is not already in the works (and I hope all candidates do too). NB - be careful that if you do come up with a solution to fix spam once and for all then beware that you also put a USD $10 Billion value on your own head (this is the rough value annually of the anti-spam industry!) (Comment partly in jest, partly from experience and observation). I hope everyone has a good rest of the weekend. Regards Ben From: members-discuss <members-discuss-bounces@ripe.net> On Behalf Of Silvan Gebhardt Sent: 26 April 2020 17:33 To: members-discuss@ripe.net Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-candidates<https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-candidates> Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de<mailto:info@cowmedia.de> wrote: Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael
Hello Ben, Thank you very much. I don't believe that spamming will ever stop (if there is one thing that we can count on that will never change is human nature - and sadly people here believe that spammers will just stop spamming at some point), if spam will be defeated by email then spamming will be done with sms messages or by phone, currently electronic mail is the most profitable so it is most abused, and the current approaches to this problem are completely wrong - "The Spamhaus Project" are chasing after their tail, shooting everywhere, and not resolving the problem for many years. "I hope everyone has a good rest of the weekend." - Yes, I'm making sure of it. Everyone need to stay tuned because there is a new technical solution for tomorrow (how to dramatically lower DDoS attacks, a beautiful one). Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Ben Fitzgerald-O'Connor <Ben.Fitzgerald@Onega.net> Sent: Sunday, April 26, 2020 7:52 PM To: Silvan Gebhardt <silvan@unavailable.online>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi All, I generally lurk here but a small comment on this.. Reading the thread, my humble opinion: @Elad – noting the comments, I think I do agree that email problems / solutions might be better submitted as an RFC (https://www.ietf.org/standards/rfcs/) .. Ripe is a LIR mainly tasked with administering IP number resources. … At the same time, I do love your obvious passion for addressing problems and looking freshly at possible solutions. Regarding the upcoming election – I have just had a look at the page with Candidate Biographies to judge a little how I might vote – at https://www.ripe.net/participate/meetings/gm/meetings/may-2020/candidate-bio... .. and I can’t see you there, so would suggest please to submit / add a biography if this is not already in the works (and I hope all candidates do too). NB – be careful that if you do come up with a solution to fix spam once and for all then beware that you also put a USD $10 Billion value on your own head (this is the rough value annually of the anti-spam industry!) (Comment partly in jest, partly from experience and observation). I hope everyone has a good rest of the weekend. Regards Ben From: members-discuss <members-discuss-bounces@ripe.net> On Behalf Of Silvan Gebhardt Sent: 26 April 2020 17:33 To: members-discuss@ripe.net Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can... Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de<mailto:info@cowmedia.de> wrote: Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael
Elad, Please stop this. It is very clear here: https://www.ripe.net/participate/member-support/membership-mailing-lists what this mailing lists purpose is: "Purpose To enable RIPE NCC members to discuss membership-related issues that affect them and to facilitate members' input into RIPE NCC General Meetings and related matters." Your posts are not membership related issues in reference to RIPE itself. You are seem to believe that if its a technical issue related to the whole of the Internet, this is the place to discuss it. This is the 2nd subject line from you in two days I have had to tell my email client to delete now if it comes from this mailing list and contains your subject line, because to me, at this point, you are spamming this mailing list. IF you want your technical ideas to be heard and discussed, how about you go over to https://www.rfc-editor.org/ and learn what you need to do to draft an Internet RFC on the subjects, which is the only place you are going to get a) a global audience, and b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years. Thank you. -Nevin On Sun, Apr 26, 2020, at 12:12 PM, Elad Cohen wrote:
Hello Ben,
Thank you very much.
I don't believe that spamming will ever stop (if there is one thing that we can count on that will never change is human nature - and sadly people here believe that spammers will just stop spamming at some point), if spam will be defeated by email then spamming will be done with sms messages or by phone, currently electronic mail is the most profitable so it is most abused, and the current approaches to this problem are completely wrong - "The Spamhaus Project" are chasing after their tail, shooting everywhere, and not resolving the problem for many years.
"I hope everyone has a good rest of the weekend." - Yes, I'm making sure of it.
Everyone need to stay tuned because there is a new technical solution for tomorrow (how to dramatically lower DDoS attacks, a beautiful one).
Respectfully, Elad *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Ben Fitzgerald-O'Connor <Ben.Fitzgerald@Onega.net> *Sent:* Sunday, April 26, 2020 7:52 PM *To:* Silvan Gebhardt <silvan@unavailable.online>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi All,
I generally lurk here but a small comment on this..
Reading the thread, my humble opinion:
@Elad – noting the comments, I think I do agree that email problems / solutions might be better submitted as an RFC (https://www.ietf.org/standards/rfcs/) .. Ripe is a LIR mainly tasked with administering IP number resources. … At the same time, I do love your obvious passion for addressing problems and looking freshly at possible solutions. Regarding the upcoming election – I have just had a look at the page with Candidate Biographies to judge a little how I might vote – at https://www.ripe.net/participate/meetings/gm/meetings/may-2020/candidate-bio... .. and I can’t see you there, so would suggest please to submit / add a biography if this is not already in the works (and I hope all candidates do too).
NB – be careful that if you do come up with a solution to fix spam once and for all then beware that you also put a USD $10 Billion value on your own head (this is the rough value annually of the anti-spam industry!) (Comment partly in jest, partly from experience and observation).
I hope everyone has a good rest of the weekend.
Regards
Ben
*From:* members-discuss <members-discuss-bounces@ripe.net> *On Behalf Of *Silvan Gebhardt *Sent:* 26 April 2020 17:33 *To:* members-discuss@ripe.net *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem
Hi Michael,
this is not about any technical solution. This is Elad trying to position himself for the upcoming election.
This is an election campaign. Nothing more.
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever.
Silvan
On 4/26/20 4:22 PM, info@cowmedia.de wrote:
Sorry Elad,
i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of.
In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/nevin%40arcustech.com
Nevin, You are clearly full of interests. "b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years." If you don't know how to resolve the internet problems that affects all of us you should not disturb people who are doing it. What I'm writing fits under "related matters." There are people in Ripe that are trying to shut me up including you and you will not succeed. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Nevin Lyne <nevin@arcustech.com> Sent: Sunday, April 26, 2020 8:34 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Elad, Please stop this. It is very clear here: https://www.ripe.net/participate/member-support/membership-mailing-lists what this mailing lists purpose is: "Purpose To enable RIPE NCC members to discuss membership-related issues that affect them and to facilitate members' input into RIPE NCC General Meetings and related matters." Your posts are not membership related issues in reference to RIPE itself. You are seem to believe that if its a technical issue related to the whole of the Internet, this is the place to discuss it. This is the 2nd subject line from you in two days I have had to tell my email client to delete now if it comes from this mailing list and contains your subject line, because to me, at this point, you are spamming this mailing list. IF you want your technical ideas to be heard and discussed, how about you go over to https://www.rfc-editor.org/ and learn what you need to do to draft an Internet RFC on the subjects, which is the only place you are going to get a) a global audience, and b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years. Thank you. -Nevin On Sun, Apr 26, 2020, at 12:12 PM, Elad Cohen wrote:
Hello Ben,
Thank you very much.
I don't believe that spamming will ever stop (if there is one thing that we can count on that will never change is human nature - and sadly people here believe that spammers will just stop spamming at some point), if spam will be defeated by email then spamming will be done with sms messages or by phone, currently electronic mail is the most profitable so it is most abused, and the current approaches to this problem are completely wrong - "The Spamhaus Project" are chasing after their tail, shooting everywhere, and not resolving the problem for many years.
"I hope everyone has a good rest of the weekend." - Yes, I'm making sure of it.
Everyone need to stay tuned because there is a new technical solution for tomorrow (how to dramatically lower DDoS attacks, a beautiful one).
Respectfully, Elad *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Ben Fitzgerald-O'Connor <Ben.Fitzgerald@Onega.net> *Sent:* Sunday, April 26, 2020 7:52 PM *To:* Silvan Gebhardt <silvan@unavailable.online>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi All,
I generally lurk here but a small comment on this..
Reading the thread, my humble opinion:
@Elad – noting the comments, I think I do agree that email problems / solutions might be better submitted as an RFC (https://www.ietf.org/standards/rfcs/) .. Ripe is a LIR mainly tasked with administering IP number resources. … At the same time, I do love your obvious passion for addressing problems and looking freshly at possible solutions. Regarding the upcoming election – I have just had a look at the page with Candidate Biographies to judge a little how I might vote – at https://www.ripe.net/participate/meetings/gm/meetings/may-2020/candidate-bio... .. and I can’t see you there, so would suggest please to submit / add a biography if this is not already in the works (and I hope all candidates do too).
NB – be careful that if you do come up with a solution to fix spam once and for all then beware that you also put a USD $10 Billion value on your own head (this is the rough value annually of the anti-spam industry!) (Comment partly in jest, partly from experience and observation).
I hope everyone has a good rest of the weekend.
Regards
Ben
*From:* members-discuss <members-discuss-bounces@ripe.net> *On Behalf Of *Silvan Gebhardt *Sent:* 26 April 2020 17:33 *To:* members-discuss@ripe.net *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem
Hi Michael,
this is not about any technical solution. This is Elad trying to position himself for the upcoming election.
This is an election campaign. Nothing more.
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever.
Silvan
On 4/26/20 4:22 PM, info@cowmedia.de wrote:
Sorry Elad,
i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of.
In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/nevin%40arcustech.com
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/elad%40netstyle.io
Elad, No, I am not full of interest, what I have is a full mailbox of crap from you that has NOTHING to do with my membership IN RIPE. If you have issues with your Fees, or how you claim RIPE is not spending $30 million Euros properly, etc. Those are issues related to your membership in RIPE, and would be worth discussion on this list. I also am simply going to setup a more advanced filter that finds your name/email address anywhere in the incoming message and deletes it, but allows me to keep my normal membership in this mailing list intact. Have a nice day. -Nevin On Sun, Apr 26, 2020, at 12:58 PM, Elad Cohen wrote:
Nevin,
You are clearly full of interests.
"b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years."
If you don't know how to resolve the internet problems that affects all of us you should not disturb people who are doing it.
What I'm writing fits under "related matters."
There are people in Ripe that are trying to shut me up including you and you will not succeed.
Respectfully, Elad *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Nevin Lyne <nevin@arcustech.com> *Sent:* Sunday, April 26, 2020 8:34 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Elad,
Please stop this. It is very clear here: https://www.ripe.net/participate/member-support/membership-mailing-lists what this mailing lists purpose is:
"Purpose
To enable RIPE NCC members to discuss membership-related issues that affect them and to facilitate members' input into RIPE NCC General Meetings and related matters."
Your posts are not membership related issues in reference to RIPE itself. You are seem to believe that if its a technical issue related to the whole of the Internet, this is the place to discuss it.
This is the 2nd subject line from you in two days I have had to tell my email client to delete now if it comes from this mailing list and contains your subject line, because to me, at this point, you are spamming this mailing list.
IF you want your technical ideas to be heard and discussed, how about you go over to https://www.rfc-editor.org/ and learn what you need to do to draft an Internet RFC on the subjects, which is the only place you are going to get a) a global audience, and b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years.
Thank you.
-Nevin
On Sun, Apr 26, 2020, at 12:12 PM, Elad Cohen wrote:
Hello Ben,
Thank you very much.
I don't believe that spamming will ever stop (if there is one thing that we can count on that will never change is human nature - and sadly people here believe that spammers will just stop spamming at some point), if spam will be defeated by email then spamming will be done with sms messages or by phone, currently electronic mail is the most profitable so it is most abused, and the current approaches to this problem are completely wrong - "The Spamhaus Project" are chasing after their tail, shooting everywhere, and not resolving the problem for many years.
"I hope everyone has a good rest of the weekend." - Yes, I'm making sure of it.
Everyone need to stay tuned because there is a new technical solution for tomorrow (how to dramatically lower DDoS attacks, a beautiful one).
Respectfully, Elad *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Ben Fitzgerald-O'Connor <Ben.Fitzgerald@Onega.net> *Sent:* Sunday, April 26, 2020 7:52 PM *To:* Silvan Gebhardt <silvan@unavailable.online>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi All,
I generally lurk here but a small comment on this..
Reading the thread, my humble opinion:
@Elad – noting the comments, I think I do agree that email problems / solutions might be better submitted as an RFC (https://www.ietf.org/standards/rfcs/) .. Ripe is a LIR mainly tasked with administering IP number resources. … At the same time, I do love your obvious passion for addressing problems and looking freshly at possible solutions. Regarding the upcoming election – I have just had a look at the page with Candidate Biographies to judge a little how I might vote – at
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/candidate-bio... .. and I can’t see you there, so would suggest please to submit / add a biography if this is not already in the works (and I hope all candidates do too).
NB – be careful that if you do come up with a solution to fix spam
once
and for all then beware that you also put a USD $10 Billion value on your own head (this is the rough value annually of the anti-spam industry!) (Comment partly in jest, partly from experience and observation).
I hope everyone has a good rest of the weekend.
Regards
Ben
*From:* members-discuss <members-discuss-bounces@ripe.net> *On Behalf Of *Silvan Gebhardt *Sent:* 26 April 2020 17:33 *To:* members-discuss@ripe.net *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem
Hi Michael,
this is not about any technical solution. This is Elad trying to position himself for the upcoming election.
This is an election campaign. Nothing more.
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever.
Silvan
On 4/26/20 4:22 PM, info@cowmedia.de wrote:
Sorry Elad,
i know ist Sunday and some members of this mailling list have more
time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt
exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of.
In this specific case you want to outsource the servers job of
filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe:
https://lists.ripe.net/mailman/options/members-discuss/nevin%40arcustech.com
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/elad%40netstyle.io
-- -- Nevin Lyne -- Founder and Director of Technology -- Arcustech, LLC - https://www.arcustech.com/
Nevin, Ripe board not interested to provide detailed list of expenses with providers names in order for us all to know where the the LIRs money of 30 million euros per year is flowing - have to do with your membership in Ripe. Respectfully, Elad ________________________________ From: Nevin Lyne <nevin@arcustech.com> Sent: Sunday, April 26, 2020 9:04 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Elad, No, I am not full of interest, what I have is a full mailbox of crap from you that has NOTHING to do with my membership IN RIPE. If you have issues with your Fees, or how you claim RIPE is not spending $30 million Euros properly, etc. Those are issues related to your membership in RIPE, and would be worth discussion on this list. I also am simply going to setup a more advanced filter that finds your name/email address anywhere in the incoming message and deletes it, but allows me to keep my normal membership in this mailing list intact. Have a nice day. -Nevin On Sun, Apr 26, 2020, at 12:58 PM, Elad Cohen wrote:
Nevin,
You are clearly full of interests.
"b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years."
If you don't know how to resolve the internet problems that affects all of us you should not disturb people who are doing it.
What I'm writing fits under "related matters."
There are people in Ripe that are trying to shut me up including you and you will not succeed.
Respectfully, Elad *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Nevin Lyne <nevin@arcustech.com> *Sent:* Sunday, April 26, 2020 8:34 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Elad,
Please stop this. It is very clear here: https://www.ripe.net/participate/member-support/membership-mailing-lists what this mailing lists purpose is:
"Purpose
To enable RIPE NCC members to discuss membership-related issues that affect them and to facilitate members' input into RIPE NCC General Meetings and related matters."
Your posts are not membership related issues in reference to RIPE itself. You are seem to believe that if its a technical issue related to the whole of the Internet, this is the place to discuss it.
This is the 2nd subject line from you in two days I have had to tell my email client to delete now if it comes from this mailing list and contains your subject line, because to me, at this point, you are spamming this mailing list.
IF you want your technical ideas to be heard and discussed, how about you go over to https://www.rfc-editor.org/ and learn what you need to do to draft an Internet RFC on the subjects, which is the only place you are going to get a) a global audience, and b) find out that your "easy" solutions even if they make it through the RFC process likely will never be fully implemented by enough people to have an impact anytime within the next 10 to 15 years.
Thank you.
-Nevin
On Sun, Apr 26, 2020, at 12:12 PM, Elad Cohen wrote:
Hello Ben,
Thank you very much.
I don't believe that spamming will ever stop (if there is one thing that we can count on that will never change is human nature - and sadly people here believe that spammers will just stop spamming at some point), if spam will be defeated by email then spamming will be done with sms messages or by phone, currently electronic mail is the most profitable so it is most abused, and the current approaches to this problem are completely wrong - "The Spamhaus Project" are chasing after their tail, shooting everywhere, and not resolving the problem for many years.
"I hope everyone has a good rest of the weekend." - Yes, I'm making sure of it.
Everyone need to stay tuned because there is a new technical solution for tomorrow (how to dramatically lower DDoS attacks, a beautiful one).
Respectfully, Elad *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Ben Fitzgerald-O'Connor <Ben.Fitzgerald@Onega.net> *Sent:* Sunday, April 26, 2020 7:52 PM *To:* Silvan Gebhardt <silvan@unavailable.online>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi All,
I generally lurk here but a small comment on this..
Reading the thread, my humble opinion:
@Elad – noting the comments, I think I do agree that email problems / solutions might be better submitted as an RFC (https://www.ietf.org/standards/rfcs/) .. Ripe is a LIR mainly tasked with administering IP number resources. … At the same time, I do love your obvious passion for addressing problems and looking freshly at possible solutions. Regarding the upcoming election – I have just had a look at the page with Candidate Biographies to judge a little how I might vote – at
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/candidate-bio... .. and I can’t see you there, so would suggest please to submit / add a biography if this is not already in the works (and I hope all candidates do too).
NB – be careful that if you do come up with a solution to fix spam
once
and for all then beware that you also put a USD $10 Billion value on your own head (this is the rough value annually of the anti-spam industry!) (Comment partly in jest, partly from experience and observation).
I hope everyone has a good rest of the weekend.
Regards
Ben
*From:* members-discuss <members-discuss-bounces@ripe.net> *On Behalf Of *Silvan Gebhardt *Sent:* 26 April 2020 17:33 *To:* members-discuss@ripe.net *Subject:* Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem
Hi Michael,
this is not about any technical solution. This is Elad trying to position himself for the upcoming election.
This is an election campaign. Nothing more.
https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever.
Silvan
On 4/26/20 4:22 PM, info@cowmedia.de wrote:
Sorry Elad,
i know ist Sunday and some members of this mailling list have more
time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this?
You try to find or present solutions to problems that doesnt
exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of.
In this specific case you want to outsource the servers job of
filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up).
We are completely the wrong audience group for your emails.
Michael
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe:
https://lists.ripe.net/mailman/options/members-discuss/nevin%40arcustech.com
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/elad%40netstyle.io
-- -- Nevin Lyne -- Founder and Director of Technology -- Arcustech, LLC - https://www.arcustech.com/
Hi Silvan, ok maybe it seems you are right but to me this is exactly the opposite of a campaign. Maybe i know now his name, but definitive I does recognize his lazyness when it comes to things. A non-value that is not required in the Executive Board. I would definitive not vote for him. Michael Von: members-discuss <members-discuss-bounces@ripe.net> Im Auftrag von Silvan Gebhardt Gesendet: Sonntag, 26. April 2020 18:30 An: members-discuss@ripe.net Betreff: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can didates Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de <mailto:info@cowmedia.de> wrote: Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael
Michael, Because I don't develop for all all the patches for the networking stacks ? maybe you will want me also to go physically router by router in all the 500,000 routers that needs to be updated and to upgrade them myself ? Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of info@cowmedia.de <info@cowmedia.de> Sent: Sunday, April 26, 2020 8:00 PM To: 'Silvan Gebhardt' <silvan@unavailable.online>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Silvan, ok maybe it seems you are right but to me this is exactly the opposite of a campaign. Maybe i know now his name, but definitive I does recognize his lazyness when it comes to things. A non-value that is not required in the Executive Board. I would definitive not vote for him. Michael Von: members-discuss <members-discuss-bounces@ripe.net> Im Auftrag von Silvan Gebhardt Gesendet: Sonntag, 26. April 2020 18:30 An: members-discuss@ripe.net Betreff: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Hi Michael, this is not about any technical solution. This is Elad trying to position himself for the upcoming election. This is an election campaign. Nothing more. https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can... Elon, just save your next typing. You will immead scream that I am running an "illegal cyber defamation campaign" against you. Sure. whatever. Silvan On 4/26/20 4:22 PM, info@cowmedia.de<mailto:info@cowmedia.de> wrote: Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael
Michael, Handling SPAM wasn't designed anywhere, and we can see the results of how SPAM is currently handled - email spammers are winning. "You try to find or present solutions to problems that doesnt exist" - Spam problem doesn't exist ? An optional implementation can be made for the email server, so it will work with the kind of non-gui email clients of less than 100 lines of code. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of info@cowmedia.de <info@cowmedia.de> Sent: Sunday, April 26, 2020 7:22 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Technical Solution to resolve the global "Email Spam" problem Sorry Elad, i know ist Sunday and some members of this mailling list have more time as on a busy working day but are you really again (see the other topic) posting an idea in this list were we cannot do anything about this? You try to find or present solutions to problems that doesnt exist. While you think a lot on your ideas technically, please note that this is only 1/3 of the things you need to take care of. In this specific case you want to outsource the servers job of filtering SPAM out competely to the client. This is not how this was designed. You are thinking that email clients always have a UI or at least some bigger code behind it that is able to do a lot of stuff. There exist email clients in the world that have only <100 lines of code and are only text based (as email is from the ground up). We are completely the wrong audience group for your emails. Michael Von: members-discuss <members-discuss-bounces@ripe.net> Im Auftrag von Elad Cohen Gesendet: Sonntag, 26. April 2020 18:06 An: members-discuss@ripe.net Betreff: [SPAM] [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad
Hello, I'm not sure if you are aware but SPF is doing something similar but a lot easier to setup : it tells all the servers to accept or deny an email depending on the server sending it. Unfortunately for SPF, just like your system, everyone is not using it. If every domain was using SFP properly, all webservers could simply block emails sent through unauthorized servers and that'd be it ! But people are just not concerned enough to setup SPF on all their domains and domains without SPF setup properly or just not setup are the ones used to send spam and succeeding ... So sad ... Have a nice day ! (and I'm not sure this mailing list is here to discuss enhancement to The Internet, there are other places to better do that, I'm sure) Frederic Vagner HaiSoft
Hello, In email servers, even if they have SPF check configured, DMARC DNS record can override it (if DMARC DNS record is not set or if the field p value in DMARC DNS record value is "none", nothing will happen by the email server even if the SPF check will fail), it means that any domain owner can allow (using the DMARC DNS record) for any email address of his domain to be spoofed by any attacker in the internet, to my opinion the user needs to be fully protected in his email client due to it and also to check regarding SPF in his email client (and not to rely on the email server which is relying on DMARC DNS record which is set by the domain owner). Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Frederic Vagner <haisoft@haisoft.net> Sent: Sunday, April 26, 2020 7:31 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hello, I'm not sure if you are aware but SPF is doing something similar but a lot easier to setup : it tells all the servers to accept or deny an email depending on the server sending it. Unfortunately for SPF, just like your system, everyone is not using it. If every domain was using SFP properly, all webservers could simply block emails sent through unauthorized servers and that'd be it ! But people are just not concerned enough to setup SPF on all their domains and domains without SPF setup properly or just not setup are the ones used to send spam and succeeding ... So sad ... Have a nice day ! (and I'm not sure this mailing list is here to discuss enhancement to The Internet, there are other places to better do that, I'm sure) Frederic Vagner HaiSoft _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/elad%40netstyle.io
Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net
-- Unser Familien-Blog: https://brumm.family
On 26 Apr 2020, at 17:50, Matthias Brumm <matthias@brumm.net> wrote: Do you have an ellaborated guess, how much computing power that would need?
The billions of dollars/euros that will be generated from the creation of IPv4+ will fund the massive server infrastructure. Simon
LOL No, actually, NoSpam.org will be able to finance itself by providing delivery service to all the 'mailing list' email addresses with their newsletters. All the Income will go to the 5 RIR's and to the ccTLD registries for them to provide better services to their members. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Simon Lockhart <simon@slimey.org> Sent: Sunday, April 26, 2020 8:04 PM To: Matthias Brumm <matthias@brumm.net> Cc: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem On 26 Apr 2020, at 17:50, Matthias Brumm <matthias@brumm.net<mailto:matthias@brumm.net>> wrote: Do you have an ellaborated guess, how much computing power that would need? The billions of dollars/euros that will be generated from the creation of IPv4+ will fund the massive server infrastructure. Simon
and that will fund a Orwellian mass surveillance on the go as well as a "nice" byproduct On 4/26/20 8:04 PM, Simon Lockhart wrote:
On 26 Apr 2020, at 17:50, Matthias Brumm <matthias@brumm.net <mailto:matthias@brumm.net>> wrote: Do you have an ellaborated guess, how much computing power that would need?
The billions of dollars/euros that will be generated from the creation of IPv4+ will fund the massive server infrastructure.
On Apr 26, 2020, at 20:04, Simon Lockhart <simon@slimey.org> wrote:
On 26 Apr 2020, at 17:50, Matthias Brumm <matthias@brumm.net> wrote: Do you have an ellaborated guess, how much computing power that would need?
The billions of dollars/euros that will be generated from the creation of IPv4+ will fund the massive server infrastructure.
And all the profit from Great New Spam filter would be dedicated to get rid of COVID-19. Right, Elad?..
No, Ripe will buy an island with it. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Dmitry Kohmanyuk <dk@hostmaster.ua> Sent: Monday, April 27, 2020 12:31 AM To: Simon Lockhart <simon@slimey.org> Cc: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem On Apr 26, 2020, at 20:04, Simon Lockhart <simon@slimey.org<mailto:simon@slimey.org>> wrote: On 26 Apr 2020, at 17:50, Matthias Brumm <matthias@brumm.net<mailto:matthias@brumm.net>> wrote: Do you have an ellaborated guess, how much computing power that would need? The billions of dollars/euros that will be generated from the creation of IPv4+ will fund the massive server infrastructure. And all the profit from Great New Spam filter would be dedicated to get rid of COVID-19. Right, Elad?..
This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. L?hetetty Outlook Mobilesta<https://aka.ms/blhgte> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family
Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi> Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net <members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. Lähetetty Outlook Mobilesta<https://aka.ms/blhgte> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family
Hi! Maybe, but no one here is in the position to make such a project work instantly. To get it rolling, this may be easier than IPv4+. Present a working proof-of-concept with nospan.org and a Thunderbird-Plug-In. Then try to get the E-Mail-Clients on board. As long as the nospam.org servers are scalable, you can grow very fast. Matthias Am 26.04.20 um 19:20 schrieb Elad Cohen:
Jetten,
This is not up to you to decide.
This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you.
Respectfully, Elad ------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi> *Sent:* Sunday, April 26, 2020 8:04 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere.
Lähetetty Outlook Mobilesta <https://aka.ms/blhgte>
------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net> *Sent:* Sunday, April 26, 2020 7:50:23 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi!
To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need?
Matthias
Am 26.04.20 um 18:05 schrieb Elad Cohen:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net <mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe:https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog:https://brumm.family
-- Unser Familien-Blog: https://brumm.family
Hello, Ripe have 30 millions euros of expenses each year that are hidden and now shown to where exactly they are paid, instead of that corruption - a small part of the money can be used also for the deployment of IPv4+ and also for NoSpam.org and also for the next solution that I will present regarding how to dramatically lower ddos attacks, a simple and elegant solution that will help each and every ASN in the world. Respectfully, Elad ________________________________ From: Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 8:27 PM To: Elad Cohen <elad@netstyle.io>; Jetten Raymond <raymond.jetten@elisa.fi>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! Maybe, but no one here is in the position to make such a project work instantly. To get it rolling, this may be easier than IPv4+. Present a working proof-of-concept with nospan.org and a Thunderbird-Plug-In. Then try to get the E-Mail-Clients on board. As long as the nospam.org servers are scalable, you can grow very fast. Matthias Am 26.04.20 um 19:20 schrieb Elad Cohen: Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi><mailto:raymond.jetten@elisa.fi> Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. Lähetetty Outlook Mobilesta<https://aka.ms/blhgte> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family -- Unser Familien-Blog: https://brumm.family
In the meanwhile we're waiting for next Elad's idea to save the planet, I suggest a little move that will contribute to a little reduction of spam: is it kindly possible to remove him from this list (that, it's clear, he as no understood the goal of this list...) ? Regards -- Franco Tauceri DomainRegister m: 39.3483064202 w: https://DomainRegister.international e: franco.tauceri@domainregister.it On 26/04/2020 07:31 PM, Elad Cohen wrote:
Hello,
Ripe have 30 millions euros of expenses each year that are hidden and now shown to where exactly they are paid, instead of that corruption - a small part of the money can be used also for the deployment of IPv4+ and also for NoSpam.org and also for the next solution that I will present regarding how to dramatically lower ddos attacks, a simple and elegant solution that will help each and every ASN in the world.
Respectfully, Elad
-------------------------
From: Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 8:27 PM To: Elad Cohen <elad@netstyle.io>; Jetten Raymond <raymond.jetten@elisa.fi>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi!
Maybe, but no one here is in the position to make such a project work instantly.
To get it rolling, this may be easier than IPv4+. Present a working proof-of-concept with nospan.org and a Thunderbird-Plug-In. Then try to get the E-Mail-Clients on board. As long as the nospam.org servers are scalable, you can grow very fast.
Matthias
Am 26.04.20 um 19:20 schrieb Elad Cohen:
Jetten,
This is not up to you to decide.
This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you.
Respectfully, Elad -------------------------
From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi> Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net <members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere.
Lähetetty Outlook Mobilesta [1] -------------------------
From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi!
To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need?
Matthias
Am 26.04.20 um 18:05 schrieb Elad Cohen:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net
-- Unser Familien-Blog: https://brumm.family
-- Unser Familien-Blog: https://brumm.family _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/franco.tauceri%40doma... Links: ------ [1] https://aka.ms/blhgte
Not the plant, just to reduce dramatically ddos attacks. Respectfully, Elad ________________________________ From: Franco Tauceri <franco.tauceri@domainregister.it> Sent: Sunday, April 26, 2020 9:13 PM To: Elad Cohen <elad@netstyle.io> Cc: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem In the meanwhile we're waiting for next Elad's idea to save the planet, I suggest a little move that will contribute to a little reduction of spam: is it kindly possible to remove him from this list (that, it's clear, he as no understood the goal of this list...) ? Regards -- [https://domainregister.international/templates/dr/assets/images/dr-logo.svg] Franco Tauceri DomainRegister m: 39.3483064202 w: https://DomainRegister.international e: franco.tauceri@domainregister.it<mailto:franco.tauceri@domainregister.it> On 26/04/2020 07:31 PM, Elad Cohen wrote: Hello, Ripe have 30 millions euros of expenses each year that are hidden and now shown to where exactly they are paid, instead of that corruption - a small part of the money can be used also for the deployment of IPv4+ and also for NoSpam.org and also for the next solution that I will present regarding how to dramatically lower ddos attacks, a simple and elegant solution that will help each and every ASN in the world. Respectfully, Elad ________________________________ From: Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 8:27 PM To: Elad Cohen <elad@netstyle.io>; Jetten Raymond <raymond.jetten@elisa.fi>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! Maybe, but no one here is in the position to make such a project work instantly. To get it rolling, this may be easier than IPv4+. Present a working proof-of-concept with nospan.org and a Thunderbird-Plug-In. Then try to get the E-Mail-Clients on board. As long as the nospam.org servers are scalable, you can grow very fast. Matthias Am 26.04.20 um 19:20 schrieb Elad Cohen: Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi><mailto:raymond.jetten@elisa.fi> Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. Lähetetty Outlook Mobilesta<https://aka.ms/blhgte> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family -- Unser Familien-Blog: https://brumm.family _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/franco.tauceri%40doma...
Spam... Plus the fact that this guy appears to have some link in BGP Hijacking cases... (sources : https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-addr...) On 4/26/20 8:13 PM, Franco Tauceri wrote:
In the meanwhile we're waiting for next Elad's idea to save the planet, I suggest a little move that will contribute to a little reduction of spam: is it kindly possible to remove him from this list (that, it's clear, he as no understood the goal of this list...) ?
Regards
--
Franco Tauceri *DomainRegister* m: 39.3483064202 w: https://DomainRegister.international e: franco.tauceri@domainregister.it <mailto:franco.tauceri@domainregister.it>
On 26/04/2020 07:31 PM, Elad Cohen wrote:
Hello, Ripe have 30 millions euros of expenses each year that are hidden and now shown to where exactly they are paid, instead of that corruption - a small part of the money can be used also for the deployment of IPv4+ and also for NoSpam.org and also for the next solution that I will present regarding how to dramatically lower ddos attacks, a simple and elegant solution that will help each and every ASN in the world. Respectfully, Elad ------------------------------------------------------------------------ *From:* Matthias Brumm <matthias@brumm.net> *Sent:* Sunday, April 26, 2020 8:27 PM *To:* Elad Cohen <elad@netstyle.io>; Jetten Raymond <raymond.jetten@elisa.fi>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi!
Maybe, but no one here is in the position to make such a project work instantly.
To get it rolling, this may be easier than IPv4+. Present a working proof-of-concept with nospan.org and a Thunderbird-Plug-In. Then try to get the E-Mail-Clients on board. As long as the nospam.org servers are scalable, you can grow very fast.
Matthias
Am 26.04.20 um 19:20 schrieb Elad Cohen:
Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad ------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> <mailto:members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi> <mailto:raymond.jetten@elisa.fi> *Sent:* Sunday, April 26, 2020 8:04 PM *To:* members-discuss@ripe.net <mailto:members-discuss@ripe.net> <members-discuss@ripe.net> <mailto:members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net> <mailto:matthias@brumm.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere.
Lähetetty Outlook Mobilesta <https://aka.ms/blhgte> ------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> <mailto:members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net> <mailto:matthias@brumm.net> *Sent:* Sunday, April 26, 2020 7:50:23 PM *To:* members-discuss@ripe.net <mailto:members-discuss@ripe.net> <members-discuss@ripe.net> <mailto:members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi!
To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need?
Matthias
Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net <mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family -- Unser Familien-Blog: https://brumm.family
_______________________________________________ members-discuss mailing list members-discuss@ripe.net <mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/franco.tauceri%40doma...
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/arnold.dech%40adct.be
Arnold, what you are doing is defamation, keep on defaming me. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Arnold Dechamps <arnold.dech@adct.be> Sent: Sunday, April 26, 2020 9:27 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Spam... Plus the fact that this guy appears to have some link in BGP Hijacking cases... (sources : https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-addr...) On 4/26/20 8:13 PM, Franco Tauceri wrote: In the meanwhile we're waiting for next Elad's idea to save the planet, I suggest a little move that will contribute to a little reduction of spam: is it kindly possible to remove him from this list (that, it's clear, he as no understood the goal of this list...) ? Regards -- [https://domainregister.international/templates/dr/assets/images/dr-logo.svg] Franco Tauceri DomainRegister m: 39.3483064202 w: https://DomainRegister.international e: franco.tauceri@domainregister.it<mailto:franco.tauceri@domainregister.it> On 26/04/2020 07:31 PM, Elad Cohen wrote: Hello, Ripe have 30 millions euros of expenses each year that are hidden and now shown to where exactly they are paid, instead of that corruption - a small part of the money can be used also for the deployment of IPv4+ and also for NoSpam.org and also for the next solution that I will present regarding how to dramatically lower ddos attacks, a simple and elegant solution that will help each and every ASN in the world. Respectfully, Elad ________________________________ From: Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Sent: Sunday, April 26, 2020 8:27 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; Jetten Raymond <raymond.jetten@elisa.fi><mailto:raymond.jetten@elisa.fi>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! Maybe, but no one here is in the position to make such a project work instantly. To get it rolling, this may be easier than IPv4+. Present a working proof-of-concept with nospan.org and a Thunderbird-Plug-In. Then try to get the E-Mail-Clients on board. As long as the nospam.org servers are scalable, you can grow very fast. Matthias Am 26.04.20 um 19:20 schrieb Elad Cohen: Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jetten Raymond <raymond.jetten@elisa.fi><mailto:raymond.jetten@elisa.fi> Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net>; Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. Lähetetty Outlook Mobilesta<https://aka.ms/blhgte> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net><mailto:matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family -- Unser Familien-Blog: https://brumm.family _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/franco.tauceri%40doma... _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/arnold.dech%40adct.be
Hi Elad,
This is not up to you to decide.
But also not for you. It is decided by RIPE NCC You can see the intended purpose of this liste here on this page: https://www.ripe.net/participate/mail/ripe-ncc-mailing-lists/members-discuss Please do all of us a favor and do not post your new idea for tomorrow here. Thx. Michael P.S.: As you can see in the title my mailserver is already able to mark your email as SPAM correctly even the traditional already existing filter mechanisms are used. Von: members-discuss <members-discuss-bounces@ripe.net> Im Auftrag von Elad Cohen Gesendet: Sonntag, 26. April 2020 19:20 An: Jetten Raymond <raymond.jetten@elisa.fi>; members-discuss@ripe.net; Matthias Brumm <matthias@brumm.net> Betreff: [SPAM] Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad _____ From: members-discuss <members-discuss-bounces@ripe.net <mailto:members-discuss-bounces@ripe.net> > on behalf of Jetten Raymond <raymond.jetten@elisa.fi <mailto:raymond.jetten@elisa.fi> > Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net <mailto:members-discuss@ripe.net> <members-discuss@ripe.net <mailto:members-discuss@ripe.net> >; Matthias Brumm <matthias@brumm.net <mailto:matthias@brumm.net> > Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. Lähetetty Outlook Mobilesta <https://aka.ms/blhgte>
Michael, Why are you spamming the list ? What I'm writing its under the intended purpose, you decided that it is not, if you are not interested to read my email then simply in your email client block it. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of info@cowmedia.de <info@cowmedia.de> Sent: Sunday, April 26, 2020 8:38 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] [SPAM] Re: Technical Solution to resolve the global "Email Spam" problem Hi Elad,
This is not up to you to decide.
But also not for you. It is decided by RIPE NCC You can see the intended purpose of this liste here on this page: https://www.ripe.net/participate/mail/ripe-ncc-mailing-lists/members-discuss Please do all of us a favor and do not post your new idea for tomorrow here. Thx. Michael P.S.: As you can see in the title my mailserver is already able to mark your email as SPAM correctly even the traditional already existing filter mechanisms are used. Von: members-discuss <members-discuss-bounces@ripe.net> Im Auftrag von Elad Cohen Gesendet: Sonntag, 26. April 2020 19:20 An: Jetten Raymond <raymond.jetten@elisa.fi>; members-discuss@ripe.net; Matthias Brumm <matthias@brumm.net> Betreff: [SPAM] Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Jetten, This is not up to you to decide. This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net<mailto:members-discuss-bounces@ripe.net>> on behalf of Jetten Raymond <raymond.jetten@elisa.fi<mailto:raymond.jetten@elisa.fi>> Sent: Sunday, April 26, 2020 8:04 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net<mailto:members-discuss@ripe.net>>; Matthias Brumm <matthias@brumm.net<mailto:matthias@brumm.net>> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem This list is NOT for technical related posts, it is for MEMBERSHIP related issues. Please move the discussion elsewhere. Lähetetty Outlook Mobilesta<https://aka.ms/blhgte>
On 2020-04-26 19:20, Elad Cohen wrote:
This is not up to you to decide.
This is a membership discuss mailing list, I'm a member just like you are, please don't shut conversations and tell what we can or cannot talk about, Spam is a problem that is related to all Ripe LIR members including you.
https://www.ripe.net/ripe/mail/archives/members-discuss/2007-March/000000.ht... -- bengan
Hello, Not exactly, as I wrote the site will use bgp anycast and will be deployed in the 5 RIR's locations and also by each ccTLD registry (in each ccTLD country), also load balancing can be in each place, so the traffic will be handled. "The Spamhaus Project" receive such amount of queries and they are handling it, they are just not effective but my point is that they are already handling all the queries with all the needed computing power. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Matthias Brumm <matthias@brumm.net> Sent: Sunday, April 26, 2020 7:50 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family
a centralized solution ... Yikes! Next step permits for email, only to be approved by government officials? For spam review purposes all emails must be stored centrally? Certainly no abuse will ever happen. On 4/26/20 7:50 PM, Matthias Brumm wrote:
Hi!
To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need?
Matthias
Am 26.04.20 um 18:05 schrieb Elad Cohen:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe:https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog:https://brumm.family
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/aleksi%40magnacapax.f...
It is not centralized because there are many servers with bgp anycast spread all over the world. All the data in NoSpam.org backend infrastructure is hashed. All the data which is sent between an email client to NoSpam.org backend infrastructure is hashed. Queries that the email client send to NoSpam.org backend are not logged and are not saved in any way. Currently - when you register to an online mailing list or to a newsletter - it is also centralized - and in cleartext (not hashed), so this is exactly the same - just much bigger infrastructure spread over many locations in the world with bgp anycast. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Aleksi <aleksi@magnacapax.fi> Sent: Sunday, April 26, 2020 9:04 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem a centralized solution ... Yikes! Next step permits for email, only to be approved by government officials? For spam review purposes all emails must be stored centrally? Certainly no abuse will ever happen. On 4/26/20 7:50 PM, Matthias Brumm wrote: Hi! To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need? Matthias Am 26.04.20 um 18:05 schrieb Elad Cohen: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog: https://brumm.family _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/aleksi%40magnacapax.f...
Hi, You clearly misunderstand what "centralized" is. Your local government is a good example of a centralized service with multiple points of service. Single organization, where decisions for all of the multiple service points is made from same place. UPS and DHL too, they are single organizations with many many service points all over the world. Certainly their service is decentralized physically and has to be by nature, but they are single organization and decisions made by single body concerning all of those service points. Only a few executives making all the decisions. That is a centralized service. A mailing list does not concern most of the world population. No amount of sugar coating will make your proposal anything but draconian and potentially orwellian. Besides, there are easier ways to solve the spam problem -- using blockchain you can, spamassassin plugins etc. you can make e-mail system in a way where sending email costs just enough to make spamming not as financially viable. (Have made proposals to blockchain groups in the past, bottomline is we would need to develop our own proof of concept to gain any traction) -Aleksi On 4/26/20 9:28 PM, Elad Cohen wrote:
It is not centralized because there are many servers with bgp anycast spread all over the world.
All the data in NoSpam.org backend infrastructure is hashed.
All the data which is sent between an email client to NoSpam.org backend infrastructure is hashed.
Queries that the email client send to NoSpam.org backend are not logged and are not saved in any way.
Currently - when you register to an online mailing list or to a newsletter - it is also centralized - and in cleartext (not hashed), so this is exactly the same - just much bigger infrastructure spread over many locations in the world with bgp anycast.
Respectfully, Elad ------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Aleksi <aleksi@magnacapax.fi> *Sent:* Sunday, April 26, 2020 9:04 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
a centralized solution ... Yikes!
Next step permits for email, only to be approved by government officials? For spam review purposes all emails must be stored centrally? Certainly no abuse will ever happen.
On 4/26/20 7:50 PM, Matthias Brumm wrote:
Hi!
To understand correctly. You want to enforce, that every subscribe operation / e-mail client operation (get new email from server) in the world will make a bidirectional communication with a central server? Do you have an ellaborated guess, how much computing power that would need?
Matthias
Am 26.04.20 um 18:05 schrieb Elad Cohen:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net <mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe:https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net -- Unser Familien-Blog:https://brumm.family
_______________________________________________ members-discuss mailing list members-discuss@ripe.net <mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe:https://lists.ripe.net/mailman/options/members-discuss/aleksi%40magnacapax.f...
Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
Respectfully, Elad
*From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> *Sent:* Sunday, April 26, 2020 8:23 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Dear Elad,
Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ?
On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach <https://twitter.com/underthebreach> - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
----
Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me.
Respectfully, Elad
------------------------------------------------------------------------ *From:* Jordan Bracco <href@fastmail.net> *Sent:* Sunday, April 26, 2020 9:14 PM *To:* Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad,
I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen.
For the rest of your reply-- I just simply do not understand it.
- I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail).
I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ?
On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
Respectfully, Elad
------------------------------------------------------------------------
*From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> *Sent:* Sunday, April 26, 2020 8:23 PM *To:* members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad,
Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ?
On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
"I had no idea that you may have been involved in the Cape Town hijack!" The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ? Are you so scared from me being elected ? that you need to spread lies ? I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot. Lets see who is the Spamhaus fan that will jump now. Respectfully, Elad ________________________________ From: href <href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
Elad it's great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It's Sunday evening , chill out Regards Darren Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem "I had no idea that you may have been involved in the Cape Town hijack!" The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ? Are you so scared from me being elected ? that you need to spread lies ? I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot. Lets see who is the Spamhaus fan that will jump now. Respectfully, Elad ________________________________ From: href <href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution. Respectfully, Elad ________________________________ From: Darren Brown <dsb@orbital.net> Sent: Sunday, April 26, 2020 10:13 PM To: Elad Cohen <elad@netstyle.io>; href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out Regards Darren Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem "I had no idea that you may have been involved in the Cape Town hijack!" The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ? Are you so scared from me being elected ? that you need to spread lies ? I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot. Lets see who is the Spamhaus fan that will jump now. Respectfully, Elad ________________________________ From: href <href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
Hi Elad, it's me again, one of your favourite illegals. You are a candidate for the Board of RIPE. as a RIPE board member you should be able to actually have a discussion with people, to engage in disputes in a constructive way, instead you instantly pick a fight, and try to fight everyone who does not agree with your points. You ask that Members here - which are most likely other members of LIRS which have as much a right to state their opinion, "stay quiet" - or you suggest to remove them from the mailinglist. This clearly does not look good for you, Elad - leave the accusations away, you are definitely not displaying any leadership qualities which would be required as board of RIPE. So, accusations against you, you ask for proof. You yourself state accusations against RIPE Board ("corruption") but you do not provide any proof. All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform. I agree that "even bad publicity can be some publicity" - but it will not help you on your election because at this rate, the only vote you get is your own word. I know you will find again great words to reply, it will greatly amuse me. trust me, if you start picking fights with everyone, people will start digging and open up a case with the arbiter under clause *1.2.1.1 section 2 * On 4/26/20 7:15 PM, Elad Cohen wrote:
If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution.
Respectfully, Elad ------------------------------------------------------------------------ *From:* Darren Brown <dsb@orbital.net> *Sent:* Sunday, April 26, 2020 10:13 PM *To:* Elad Cohen <elad@netstyle.io>; href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out
Regards Darren
Get Outlook for iOS <https://aka.ms/o0ukef> ------------------------------------------------------------------------ *From:* members-discuss <members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io> *Sent:* Sunday, April 26, 2020 8:09:09 PM *To:* href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem "I had no idea that you may have been involved in the Cape Town hijack!"
The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ?
Are you so scared from me being elected ? that you need to spread lies ?
I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot.
Lets see who is the Spamhaus fan that will jump now.
Respectfully, Elad ------------------------------------------------------------------------ *From:* href <href@fastmail.net> *Sent:* Sunday, April 26, 2020 10:01 PM *To:* Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad,
Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack!
Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ?
On 4/26/20 8:23 PM, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach <https://twitter.com/underthebreach> - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
----
Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me.
Respectfully, Elad
------------------------------------------------------------------------ *From:* Jordan Bracco <href@fastmail.net> <mailto:href@fastmail.net> *Sent:* Sunday, April 26, 2020 9:14 PM *To:* Elad Cohen <elad@netstyle.io> <mailto:elad@netstyle.io>; members-discuss@ripe.net <mailto:members-discuss@ripe.net> <members-discuss@ripe.net> <mailto:members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad,
I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen.
For the rest of your reply-- I just simply do not understand it.
- I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail).
I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ?
On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
Respectfully, Elad
------------------------------------------------------------------------
*From:* members-discuss <members-discuss-bounces@ripe.net> <mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> <mailto:href@fastmail.net> *Sent:* Sunday, April 26, 2020 8:23 PM *To:* members-discuss@ripe.net <mailto:members-discuss@ripe.net> <members-discuss@ripe.net> <mailto:members-discuss@ripe.net> *Subject:* Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad,
Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ?
On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote:
Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net <mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/silvan%40unavailable....
The spamhaus fans just cannot sit quietly in their corner. "I know you will find again great words to reply" If you wish. I'm willing to have a discussion with anyone, but a constructive discussion, not a discussion with people which have hidden interests, with people that were sent by candidates (and candidates themselves that are showing up here and yelling), not with people that their actions is due to fear. I'm not fighting everyone, on the contrary - If I will have the honor of being elected, you can be sure that I will fight for the interests of each and every one of you. I only asked the illegal anonymous organization spamhaus fans to be quiet if they want me to post my last technical solution and they know exactly who they are, I respect everyone else and I respect Ripe. Regarding the "leadership qualities" that you are referring to, I definitely not have the "leadership qualities" of our Chairman as was written about him here: https://www.ripe.net/ripe/mail/archives/agm-nominations/2020-April/000692.ht... But there is only one problem with it, when our board member Maria pasted to the textarea the text that our Chairman wrote on himself and sent to her - she forgot to remove the title from it, so this is what we see in the above link: "Reason for nominating the candidate: Reason for nominating the candidate: " the second same title is because a copy-paste was done here, our Chairman, 15 minutes after he nominated Maria with a single sentence - sent a whole paragraph on himself to Maria for her to use it when she nominated him, this is what our Chairman wrote on himself: (among other things in the whole paragraph in the link above) "Christian has shown very strong and positive leadership in his role as chair of the board" If that is what our Chairman and our Board member are doing behind the scenes (Maria cheated the community that these are her words while she didn't even read it, she did only copy-paste), we cannot trust them with managing Ripe expenses and the fact is that thy are denying to reveal detailed financial information and they are denying detailed transparency. so I lack that kind of "leadership qualities" , I do have other leadership qualities - I stood up against "The Spamhaus Project - something that only few dare to do, I'm taking the heat from you each and every day but still it doesn't impact me a bit, yesterday here I stood up against a group of IPv6 deployers that have an interest that IPv4+ will not be implemented - but we all truly know (just like the very vast majority of the internet community) that it is the right thing to do, I stood up against them all, alone. Regarding your last paragraph: "All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform." I will not answer that paragraph because of the way that it is written, you just displayed yourself in it at the darkest distorted light. Where did you see that I'm trying to be elected ? did you see me jumping into other discussion lists and start yelling on candidates ? (like was done here) - do you want me to write about myself like our Chairman did ? I believe in taking the right actions, not in creating the right connections. This is not a campaign - this is me showing my ideas to the community before they will be implemented. I don't believe in living in the past and I personally dislike any kind of bragging. Don't you care about what a candidate will do if and after it will be chosen ? this I didn't hear from anyone. People only know how to talk about themselves. No worries, you will know exactly what are my plans for Ripe and you can be sure that if I will be elected I will take Ripe to its golden age - and each and every LIR member will enjoy from it, until the last one. Silvan, you are obviously supporting another candidate, you shouldn't fear from me, I come with open hands and with a clean heart. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 10:31 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi Elad, it's me again, one of your favourite illegals. You are a candidate for the Board of RIPE. as a RIPE board member you should be able to actually have a discussion with people, to engage in disputes in a constructive way, instead you instantly pick a fight, and try to fight everyone who does not agree with your points. You ask that Members here - which are most likely other members of LIRS which have as much a right to state their opinion, "stay quiet" - or you suggest to remove them from the mailinglist. This clearly does not look good for you, Elad - leave the accusations away, you are definitely not displaying any leadership qualities which would be required as board of RIPE. So, accusations against you, you ask for proof. You yourself state accusations against RIPE Board ("corruption") but you do not provide any proof. All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform. I agree that "even bad publicity can be some publicity" - but it will not help you on your election because at this rate, the only vote you get is your own word. I know you will find again great words to reply, it will greatly amuse me. trust me, if you start picking fights with everyone, people will start digging and open up a case with the arbiter under clause 1.2.1.1 section 2 On 4/26/20 7:15 PM, Elad Cohen wrote: If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution. Respectfully, Elad ________________________________ From: Darren Brown <dsb@orbital.net><mailto:dsb@orbital.net> Sent: Sunday, April 26, 2020 10:13 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; href <href@fastmail.net><mailto:href@fastmail.net>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out Regards Darren Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net><mailto:href@fastmail.net>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem "I had no idea that you may have been involved in the Cape Town hijack!" The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ? Are you so scared from me being elected ? that you need to spread lies ? I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot. Lets see who is the Spamhaus fan that will jump now. Respectfully, Elad ________________________________ From: href <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/silvan%40unavailable....
Where is the proof that Spamhaus, an UK organization, are illegal or are ran by a mob? Hopefully you don’t mean that Illinois court ruling? Without a court ruling on this that is also defamation. Perhaps we can stick to what this list is for, rather than making silly accusations. Sent from my iPhone
On 26 Apr 2020, at 21:58, Elad Cohen <elad@netstyle.io> wrote:
The spamhaus fans just cannot sit quietly in their corner.
"I know you will find again great words to reply"
If you wish.
I'm willing to have a discussion with anyone, but a constructive discussion, not a discussion with people which have hidden interests, with people that were sent by candidates (and candidates themselves that are showing up here and yelling), not with people that their actions is due to fear.
I'm not fighting everyone, on the contrary - If I will have the honor of being elected, you can be sure that I will fight for the interests of each and every one of you.
I only asked the illegal anonymous organization spamhaus fans to be quiet if they want me to post my last technical solution and they know exactly who they are, I respect everyone else and I respect Ripe.
Regarding the "leadership qualities" that you are referring to, I definitely not have the "leadership qualities" of our Chairman as was written about him here: https://www.ripe.net/ripe/mail/archives/agm-nominations/2020-April/000692.ht...
But there is only one problem with it, when our board member Maria pasted to the textarea the text that our Chairman wrote on himself and sent to her - she forgot to remove the title from it, so this is what we see in the above link:
"Reason for nominating the candidate: Reason for nominating the candidate: "
the second same title is because a copy-paste was done here, our Chairman, 15 minutes after he nominated Maria with a single sentence - sent a whole paragraph on himself to Maria for her to use it when she nominated him, this is what our Chairman wrote on himself: (among other things in the whole paragraph in the link above) "Christian has shown very strong and positive leadership in his role as chair of the board"
If that is what our Chairman and our Board member are doing behind the scenes (Maria cheated the community that these are her words while she didn't even read it, she did only copy-paste), we cannot trust them with managing Ripe expenses and the fact is that thy are denying to reveal detailed financial information and they are denying detailed transparency.
so I lack that kind of "leadership qualities" , I do have other leadership qualities - I stood up against "The Spamhaus Project - something that only few dare to do, I'm taking the heat from you each and every day but still it doesn't impact me a bit, yesterday here I stood up against a group of IPv6 deployers that have an interest that IPv4+ will not be implemented - but we all truly know (just like the very vast majority of the internet community) that it is the right thing to do, I stood up against them all, alone.
Regarding your last paragraph:
"All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform."
I will not answer that paragraph because of the way that it is written, you just displayed yourself in it at the darkest distorted light. Where did you see that I'm trying to be elected ? did you see me jumping into other discussion lists and start yelling on candidates ? (like was done here) - do you want me to write about myself like our Chairman did ? I believe in taking the right actions, not in creating the right connections. This is not a campaign - this is me showing my ideas to the community before they will be implemented. I don't believe in living in the past and I personally dislike any kind of bragging. Don't you care about what a candidate will do if and after it will be chosen ? this I didn't hear from anyone. People only know how to talk about themselves. No worries, you will know exactly what are my plans for Ripe and you can be sure that if I will be elected I will take Ripe to its golden age - and each and every LIR member will enjoy from it, until the last one.
Silvan, you are obviously supporting another candidate, you shouldn't fear from me, I come with open hands and with a clean heart.
Respectfully, Elad From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 10:31 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi Elad, it's me again, one of your favourite illegals.
You are a candidate for the Board of RIPE.
as a RIPE board member you should be able to actually have a discussion with people, to engage in disputes in a constructive way, instead you instantly pick a fight, and try to fight everyone who does not agree with your points.
You ask that Members here - which are most likely other members of LIRS which have as much a right to state their opinion, "stay quiet" - or you suggest to remove them from the mailinglist.
This clearly does not look good for you, Elad - leave the accusations away, you are definitely not displaying any leadership qualities which would be required as board of RIPE.
So, accusations against you, you ask for proof.
You yourself state accusations against RIPE Board ("corruption") but you do not provide any proof.
All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform.
I agree that "even bad publicity can be some publicity" - but it will not help you on your election because at this rate, the only vote you get is your own word.
I know you will find again great words to reply, it will greatly amuse me.
trust me, if you start picking fights with everyone, people will start digging and open up a case with the arbiter under clause 1.2.1.1 section 2
On 4/26/20 7:15 PM, Elad Cohen wrote: If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution.
Respectfully, Elad From: Darren Brown <dsb@orbital.net> Sent: Sunday, April 26, 2020 10:13 PM To: Elad Cohen <elad@netstyle.io>; href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out
Regards Darren
Get Outlook for iOS From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
"I had no idea that you may have been involved in the Cape Town hijack!"
The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ?
Are you so scared from me being elected ? that you need to spread lies ?
I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot.
Lets see who is the Spamhaus fan that will jump now.
Respectfully, Elad From: href <href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad,
Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack!
Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ?
On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
----
Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me.
Respectfully, Elad
From: Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad,
I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen.
For the rest of your reply-- I just simply do not understand it.
- I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail).
I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ?
On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
Respectfully, Elad
From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Dear Elad,
Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ?
On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/silvan%40unavailable....
members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie
According to the following link, which is a presentation that Spamhaus wrote on themselves and showed in a private event, Spamhaus is receiving high amount of illegaly-obtained privacy data of internet users from their contacts inside internet organizations and internet companies, and then (according to their presentation) they share it in illegal way without any warrant with law enforcement agencies, this is completely illegal because it is done in a systematic regular way, this is the reason that they are keeping their anonymity, this is the reason that Law Enforcement Agencies are doing nothing regarding Spamhaus (because Spamhaus is providing them on a regular basis and in a systematic methods - massive amount of illegaly-obtained intelligence data) despite all the many complaints worldwide against Spamhaus. https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The author of that private presentation as written in it is Richard D G Cox who was the co-chair of the ripe anti-abuse working group, there are more secret contacts of Spamhaus inside Ripe just like Richard D G Cox was, they are usually the ones that are trying to manipulate public opinion without any single proof, just like was done against me today. These people (Spamhaus secret contacts just like Richard D G Cox was) are bringing politics inside internet organizations, create cyber influence operations, targeting the people that they cannot control and so on. Spamhaus is an highly illegal anonymous organization and the above presentation link shows it in their own words. Respectfully, Elad ________________________________ From: Ed Campbell <campbell@inca.ie> Sent: Monday, April 27, 2020 12:25 AM To: Elad Cohen <elad@netstyle.io> Cc: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Where is the proof that Spamhaus, an UK organization, are illegal or are ran by a mob? Hopefully you don’t mean that Illinois court ruling? Without a court ruling on this that is also defamation. Perhaps we can stick to what this list is for, rather than making silly accusations. Sent from my iPhone On 26 Apr 2020, at 21:58, Elad Cohen <elad@netstyle.io> wrote: The spamhaus fans just cannot sit quietly in their corner. "I know you will find again great words to reply" If you wish. I'm willing to have a discussion with anyone, but a constructive discussion, not a discussion with people which have hidden interests, with people that were sent by candidates (and candidates themselves that are showing up here and yelling), not with people that their actions is due to fear. I'm not fighting everyone, on the contrary - If I will have the honor of being elected, you can be sure that I will fight for the interests of each and every one of you. I only asked the illegal anonymous organization spamhaus fans to be quiet if they want me to post my last technical solution and they know exactly who they are, I respect everyone else and I respect Ripe. Regarding the "leadership qualities" that you are referring to, I definitely not have the "leadership qualities" of our Chairman as was written about him here: https://www.ripe.net/ripe/mail/archives/agm-nominations/2020-April/000692.ht... But there is only one problem with it, when our board member Maria pasted to the textarea the text that our Chairman wrote on himself and sent to her - she forgot to remove the title from it, so this is what we see in the above link: "Reason for nominating the candidate: Reason for nominating the candidate: " the second same title is because a copy-paste was done here, our Chairman, 15 minutes after he nominated Maria with a single sentence - sent a whole paragraph on himself to Maria for her to use it when she nominated him, this is what our Chairman wrote on himself: (among other things in the whole paragraph in the link above) "Christian has shown very strong and positive leadership in his role as chair of the board" If that is what our Chairman and our Board member are doing behind the scenes (Maria cheated the community that these are her words while she didn't even read it, she did only copy-paste), we cannot trust them with managing Ripe expenses and the fact is that thy are denying to reveal detailed financial information and they are denying detailed transparency. so I lack that kind of "leadership qualities" , I do have other leadership qualities - I stood up against "The Spamhaus Project - something that only few dare to do, I'm taking the heat from you each and every day but still it doesn't impact me a bit, yesterday here I stood up against a group of IPv6 deployers that have an interest that IPv4+ will not be implemented - but we all truly know (just like the very vast majority of the internet community) that it is the right thing to do, I stood up against them all, alone. Regarding your last paragraph: "All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform." I will not answer that paragraph because of the way that it is written, you just displayed yourself in it at the darkest distorted light. Where did you see that I'm trying to be elected ? did you see me jumping into other discussion lists and start yelling on candidates ? (like was done here) - do you want me to write about myself like our Chairman did ? I believe in taking the right actions, not in creating the right connections. This is not a campaign - this is me showing my ideas to the community before they will be implemented. I don't believe in living in the past and I personally dislike any kind of bragging. Don't you care about what a candidate will do if and after it will be chosen ? this I didn't hear from anyone. People only know how to talk about themselves. No worries, you will know exactly what are my plans for Ripe and you can be sure that if I will be elected I will take Ripe to its golden age - and each and every LIR member will enjoy from it, until the last one. Silvan, you are obviously supporting another candidate, you shouldn't fear from me, I come with open hands and with a clean heart. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 10:31 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi Elad, it's me again, one of your favourite illegals. You are a candidate for the Board of RIPE. as a RIPE board member you should be able to actually have a discussion with people, to engage in disputes in a constructive way, instead you instantly pick a fight, and try to fight everyone who does not agree with your points. You ask that Members here - which are most likely other members of LIRS which have as much a right to state their opinion, "stay quiet" - or you suggest to remove them from the mailinglist. This clearly does not look good for you, Elad - leave the accusations away, you are definitely not displaying any leadership qualities which would be required as board of RIPE. So, accusations against you, you ask for proof. You yourself state accusations against RIPE Board ("corruption") but you do not provide any proof. All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform. I agree that "even bad publicity can be some publicity" - but it will not help you on your election because at this rate, the only vote you get is your own word. I know you will find again great words to reply, it will greatly amuse me. trust me, if you start picking fights with everyone, people will start digging and open up a case with the arbiter under clause 1.2.1.1 section 2 On 4/26/20 7:15 PM, Elad Cohen wrote: If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution. Respectfully, Elad ________________________________ From: Darren Brown <dsb@orbital.net><mailto:dsb@orbital.net> Sent: Sunday, April 26, 2020 10:13 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; href <href@fastmail.net><mailto:href@fastmail.net>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out Regards Darren Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net><mailto:href@fastmail.net>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem "I had no idea that you may have been involved in the Cape Town hijack!" The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ? Are you so scared from me being elected ? that you need to spread lies ? I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot. Lets see who is the Spamhaus fan that will jump now. Respectfully, Elad ________________________________ From: href <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/silvan%40unavailable.... _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie
So you have a solution for Google and Facebook too then? Smh. Sent from my iPhone
On 26 Apr 2020, at 22:36, Elad Cohen <elad@netstyle.io> wrote:
According to the following link, which is a presentation that Spamhaus wrote on themselves and showed in a private event, Spamhaus is receiving high amount of illegaly-obtained privacy data of internet users from their contacts inside internet organizations and internet companies, and then (according to their presentation) they share it in illegal way without any warrant with law enforcement agencies, this is completely illegal because it is done in a systematic regular way, this is the reason that they are keeping their anonymity, this is the reason that Law Enforcement Agencies are doing nothing regarding Spamhaus (because Spamhaus is providing them on a regular basis and in a systematic methods - massive amount of illegaly-obtained intelligence data) despite all the many complaints worldwide against Spamhaus.
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The author of that private presentation as written in it is Richard D G Cox who was the co-chair of the ripe anti-abuse working group, there are more secret contacts of Spamhaus inside Ripe just like Richard D G Cox was, they are usually the ones that are trying to manipulate public opinion without any single proof, just like was done against me today.
These people (Spamhaus secret contacts just like Richard D G Cox was) are bringing politics inside internet organizations, create cyber influence operations, targeting the people that they cannot control and so on. Spamhaus is an highly illegal anonymous organization and the above presentation link shows it in their own words.
Respectfully, Elad From: Ed Campbell <campbell@inca.ie> Sent: Monday, April 27, 2020 12:25 AM To: Elad Cohen <elad@netstyle.io> Cc: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Where is the proof that Spamhaus, an UK organization, are illegal or are ran by a mob? Hopefully you don’t mean that Illinois court ruling? Without a court ruling on this that is also defamation.
Perhaps we can stick to what this list is for, rather than making silly accusations.
Sent from my iPhone
On 26 Apr 2020, at 21:58, Elad Cohen <elad@netstyle.io> wrote:
The spamhaus fans just cannot sit quietly in their corner.
"I know you will find again great words to reply"
If you wish.
I'm willing to have a discussion with anyone, but a constructive discussion, not a discussion with people which have hidden interests, with people that were sent by candidates (and candidates themselves that are showing up here and yelling), not with people that their actions is due to fear.
I'm not fighting everyone, on the contrary - If I will have the honor of being elected, you can be sure that I will fight for the interests of each and every one of you.
I only asked the illegal anonymous organization spamhaus fans to be quiet if they want me to post my last technical solution and they know exactly who they are, I respect everyone else and I respect Ripe.
Regarding the "leadership qualities" that you are referring to, I definitely not have the "leadership qualities" of our Chairman as was written about him here: https://www.ripe.net/ripe/mail/archives/agm-nominations/2020-April/000692.ht...
But there is only one problem with it, when our board member Maria pasted to the textarea the text that our Chairman wrote on himself and sent to her - she forgot to remove the title from it, so this is what we see in the above link:
"Reason for nominating the candidate: Reason for nominating the candidate: "
the second same title is because a copy-paste was done here, our Chairman, 15 minutes after he nominated Maria with a single sentence - sent a whole paragraph on himself to Maria for her to use it when she nominated him, this is what our Chairman wrote on himself: (among other things in the whole paragraph in the link above) "Christian has shown very strong and positive leadership in his role as chair of the board"
If that is what our Chairman and our Board member are doing behind the scenes (Maria cheated the community that these are her words while she didn't even read it, she did only copy-paste), we cannot trust them with managing Ripe expenses and the fact is that thy are denying to reveal detailed financial information and they are denying detailed transparency.
so I lack that kind of "leadership qualities" , I do have other leadership qualities - I stood up against "The Spamhaus Project - something that only few dare to do, I'm taking the heat from you each and every day but still it doesn't impact me a bit, yesterday here I stood up against a group of IPv6 deployers that have an interest that IPv4+ will not be implemented - but we all truly know (just like the very vast majority of the internet community) that it is the right thing to do, I stood up against them all, alone.
Regarding your last paragraph:
"All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform."
I will not answer that paragraph because of the way that it is written, you just displayed yourself in it at the darkest distorted light. Where did you see that I'm trying to be elected ? did you see me jumping into other discussion lists and start yelling on candidates ? (like was done here) - do you want me to write about myself like our Chairman did ? I believe in taking the right actions, not in creating the right connections. This is not a campaign - this is me showing my ideas to the community before they will be implemented. I don't believe in living in the past and I personally dislike any kind of bragging. Don't you care about what a candidate will do if and after it will be chosen ? this I didn't hear from anyone. People only know how to talk about themselves. No worries, you will know exactly what are my plans for Ripe and you can be sure that if I will be elected I will take Ripe to its golden age - and each and every LIR member will enjoy from it, until the last one.
Silvan, you are obviously supporting another candidate, you shouldn't fear from me, I come with open hands and with a clean heart.
Respectfully, Elad From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 10:31 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Hi Elad, it's me again, one of your favourite illegals.
You are a candidate for the Board of RIPE.
as a RIPE board member you should be able to actually have a discussion with people, to engage in disputes in a constructive way, instead you instantly pick a fight, and try to fight everyone who does not agree with your points.
You ask that Members here - which are most likely other members of LIRS which have as much a right to state their opinion, "stay quiet" - or you suggest to remove them from the mailinglist.
This clearly does not look good for you, Elad - leave the accusations away, you are definitely not displaying any leadership qualities which would be required as board of RIPE.
So, accusations against you, you ask for proof.
You yourself state accusations against RIPE Board ("corruption") but you do not provide any proof.
All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform.
I agree that "even bad publicity can be some publicity" - but it will not help you on your election because at this rate, the only vote you get is your own word.
I know you will find again great words to reply, it will greatly amuse me.
trust me, if you start picking fights with everyone, people will start digging and open up a case with the arbiter under clause 1.2.1.1 section 2
On 4/26/20 7:15 PM, Elad Cohen wrote: If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution.
Respectfully, Elad From: Darren Brown <dsb@orbital.net> Sent: Sunday, April 26, 2020 10:13 PM To: Elad Cohen <elad@netstyle.io>; href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out
Regards Darren
Get Outlook for iOS From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
"I had no idea that you may have been involved in the Cape Town hijack!"
The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ?
Are you so scared from me being elected ? that you need to spread lies ?
I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot.
Lets see who is the Spamhaus fan that will jump now.
Respectfully, Elad From: href <href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad,
Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack!
Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ?
On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
----
Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me.
Respectfully, Elad
From: Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Elad,
I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen.
For the rest of your reply-- I just simply do not understand it.
- I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail).
I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ?
On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote:
Jordan,
What you are writing is false, telling a lie again and again will not make it truth.
"if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now)
And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link:
https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
"The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again.
Respectfully, Elad
From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem
Dear Elad,
Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ?
On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone,
I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies).
Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project".
The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol...
The Implementation:
There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically.
Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering).
After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address).
In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription.
The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below).
The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address).
The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed).
The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address.
The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not):
- There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam.
- There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains.
- The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more).
- The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them).
- The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address.
- For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder.
- In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it:
- If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address.
- In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder.
Whitelist Handshake:
- In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client.
- There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc
- In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure).
Notification of spam emails:
- An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox').
Email Spoofing:
- In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him.
- In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM.
- In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message.
- DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated.
Security Aspects:
- All stored data in NoSpam.org Backend infrastructure is hashed.
- The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries.
- Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details.
- Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself).
- Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file.
To make it short:
- Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime).
- Any email message from an email address or domain in whitelist - will reach the inbox.
- Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type.
- In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist.
- Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox.
- Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder.
Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution.
Respectfully, Elad
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net
_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/silvan%40unavailable....
members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie
I have never seen such bickering in a mailing list in all my life. I don't know who is wrong or right but, here is my comments with respect to it all. I do agree that this "Spamhaus" is a bit of a pain at times as I have had my business email sometimes not get delivered because of it. (and this has happened to all my businesses at one time or another) I completely disagree using this list for name calling and personal attacks on each other. There has to be a better way to resolve this bickering. With this being said I would like to suggest that for situations or allegations like that raised against things like this Spamhaus Project and or things that not only affect the Ripe community but would also have an effect for all RIR's that there be an investigative/reviewing body consisting of members from every RIR to look into these. This would require some sort of formal complaint process being set up and a set time within to respond to the plaintiff with findings. This the time frame could be from Ripe meeting to Ripe Meeting. This could also be done across all RIR's as I am quite sure that Ripe is not the only one probably having this issues. This would clear up this list for more productive conversations and resolve the non-productive bickering. Just thought I would pitch my 2 cents in there to stop this as I get enough email everyday without having to read through stuff that could be resolved through a much better process. Best Regrads Tim Roy Oman DRNO ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Ed Campbell <campbell@inca.ie> Sent: Monday, April 27, 2020 1:50 AM To: Elad Cohen Cc: members-discuss@ripe.net Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem So you have a solution for Google and Facebook too then? Smh. Sent from my iPhone On 26 Apr 2020, at 22:36, Elad Cohen <elad@netstyle.io> wrote: According to the following link, which is a presentation that Spamhaus wrote on themselves and showed in a private event, Spamhaus is receiving high amount of illegaly-obtained privacy data of internet users from their contacts inside internet organizations and internet companies, and then (according to their presentation) they share it in illegal way without any warrant with law enforcement agencies, this is completely illegal because it is done in a systematic regular way, this is the reason that they are keeping their anonymity, this is the reason that Law Enforcement Agencies are doing nothing regarding Spamhaus (because Spamhaus is providing them on a regular basis and in a systematic methods - massive amount of illegaly-obtained intelligence data) despite all the many complaints worldwide against Spamhaus. https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The author of that private presentation as written in it is Richard D G Cox who was the co-chair of the ripe anti-abuse working group, there are more secret contacts of Spamhaus inside Ripe just like Richard D G Cox was, they are usually the ones that are trying to manipulate public opinion without any single proof, just like was done against me today. These people (Spamhaus secret contacts just like Richard D G Cox was) are bringing politics inside internet organizations, create cyber influence operations, targeting the people that they cannot control and so on. Spamhaus is an highly illegal anonymous organization and the above presentation link shows it in their own words. Respectfully, Elad ________________________________ From: Ed Campbell <campbell@inca.ie> Sent: Monday, April 27, 2020 12:25 AM To: Elad Cohen <elad@netstyle.io> Cc: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Where is the proof that Spamhaus, an UK organization, are illegal or are ran by a mob? Hopefully you don’t mean that Illinois court ruling? Without a court ruling on this that is also defamation. Perhaps we can stick to what this list is for, rather than making silly accusations. Sent from my iPhone On 26 Apr 2020, at 21:58, Elad Cohen <elad@netstyle.io> wrote: The spamhaus fans just cannot sit quietly in their corner. "I know you will find again great words to reply" If you wish. I'm willing to have a discussion with anyone, but a constructive discussion, not a discussion with people which have hidden interests, with people that were sent by candidates (and candidates themselves that are showing up here and yelling), not with people that their actions is due to fear. I'm not fighting everyone, on the contrary - If I will have the honor of being elected, you can be sure that I will fight for the interests of each and every one of you. I only asked the illegal anonymous organization spamhaus fans to be quiet if they want me to post my last technical solution and they know exactly who they are, I respect everyone else and I respect Ripe. Regarding the "leadership qualities" that you are referring to, I definitely not have the "leadership qualities" of our Chairman as was written about him here: https://www.ripe.net/ripe/mail/archives/agm-nominations/2020-April/000692.ht... But there is only one problem with it, when our board member Maria pasted to the textarea the text that our Chairman wrote on himself and sent to her - she forgot to remove the title from it, so this is what we see in the above link: "Reason for nominating the candidate: Reason for nominating the candidate: " the second same title is because a copy-paste was done here, our Chairman, 15 minutes after he nominated Maria with a single sentence - sent a whole paragraph on himself to Maria for her to use it when she nominated him, this is what our Chairman wrote on himself: (among other things in the whole paragraph in the link above) "Christian has shown very strong and positive leadership in his role as chair of the board" If that is what our Chairman and our Board member are doing behind the scenes (Maria cheated the community that these are her words while she didn't even read it, she did only copy-paste), we cannot trust them with managing Ripe expenses and the fact is that thy are denying to reveal detailed financial information and they are denying detailed transparency. so I lack that kind of "leadership qualities" , I do have other leadership qualities - I stood up against "The Spamhaus Project - something that only few dare to do, I'm taking the heat from you each and every day but still it doesn't impact me a bit, yesterday here I stood up against a group of IPv6 deployers that have an interest that IPv4+ will not be implemented - but we all truly know (just like the very vast majority of the internet community) that it is the right thing to do, I stood up against them all, alone. Regarding your last paragraph: "All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform." I will not answer that paragraph because of the way that it is written, you just displayed yourself in it at the darkest distorted light. Where did you see that I'm trying to be elected ? did you see me jumping into other discussion lists and start yelling on candidates ? (like was done here) - do you want me to write about myself like our Chairman did ? I believe in taking the right actions, not in creating the right connections. This is not a campaign - this is me showing my ideas to the community before they will be implemented. I don't believe in living in the past and I personally dislike any kind of bragging. Don't you care about what a candidate will do if and after it will be chosen ? this I didn't hear from anyone. People only know how to talk about themselves. No worries, you will know exactly what are my plans for Ripe and you can be sure that if I will be elected I will take Ripe to its golden age - and each and every LIR member will enjoy from it, until the last one. Silvan, you are obviously supporting another candidate, you shouldn't fear from me, I come with open hands and with a clean heart. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net> on behalf of Silvan Gebhardt <silvan@unavailable.online> Sent: Sunday, April 26, 2020 10:31 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Hi Elad, it's me again, one of your favourite illegals. You are a candidate for the Board of RIPE. as a RIPE board member you should be able to actually have a discussion with people, to engage in disputes in a constructive way, instead you instantly pick a fight, and try to fight everyone who does not agree with your points. You ask that Members here - which are most likely other members of LIRS which have as much a right to state their opinion, "stay quiet" - or you suggest to remove them from the mailinglist. This clearly does not look good for you, Elad - leave the accusations away, you are definitely not displaying any leadership qualities which would be required as board of RIPE. So, accusations against you, you ask for proof. You yourself state accusations against RIPE Board ("corruption") but you do not provide any proof. All I can see is a guy, who tries to get elected because he really desperately needs something in his CV, and because the chances might be thin (you haven't even bothered to bring any CV or something up, while at least 3 candidates actually put in the effort so we can judge what they have done in the past. You share nothing of your past, what you have done, where you have participated. instead you try to push your campaign by pushing your own ideas on an unsuitable platform. I agree that "even bad publicity can be some publicity" - but it will not help you on your election because at this rate, the only vote you get is your own word. I know you will find again great words to reply, it will greatly amuse me. trust me, if you start picking fights with everyone, people will start digging and open up a case with the arbiter under clause 1.2.1.1 section 2 On 4/26/20 7:15 PM, Elad Cohen wrote: If the Spamhaus fans will be quiet in their corner then tomorrow will be the last technical solution. Respectfully, Elad ________________________________ From: Darren Brown <dsb@orbital.net><mailto:dsb@orbital.net> Sent: Sunday, April 26, 2020 10:13 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; href <href@fastmail.net><mailto:href@fastmail.net>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad it’s great you have so many ideas but this is getting a bit silly now, go and take a break , have a drink and put in a film. It’s Sunday evening , chill out Regards Darren Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io> Sent: Sunday, April 26, 2020 8:09:09 PM To: href <href@fastmail.net><mailto:href@fastmail.net>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem "I had no idea that you may have been involved in the Cape Town hijack!" The cyber influence operation continue... complete lies without a single proof, can anyone show a single proof ? Are you so scared from me being elected ? that you need to spread lies ? I'm highly honored that the illegal anonymous organization "The Spamhaus Project" decided to attack me, it means a lot. Lets see who is the Spamhaus fan that will jump now. Respectfully, Elad ________________________________ From: href <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 10:01 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, Some members sent some additional information about you: I can now understand your replies: I had no idea that you may have been involved in the Cape Town hijack! Please forget about my badly chosen example. Accusations aside, it is time to get serious and I'll re-iterate my original question: what are your thoughts and technical solutions about IP hijacking (not the Cape town one) ? On 4/26/20 8:23 PM, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. ---- Can you show a single proof to what you are writing? You are taking part in an illegal cyber influence operation against me. Respectfully, Elad ________________________________ From: Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 9:14 PM To: Elad Cohen <elad@netstyle.io><mailto:elad@netstyle.io>; members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Elad, I do not see what you mean by "telling a lie again and again". I have a vague memory of something fishy going on with a Cape Town ip block, but there was many occurences like this. I cited Cape Town as an example. I do not have proof, so maybe the Cape Town is a false memory, but IP hijacking (which was the subject of my email, not Cape Town) surely do happen. For the rest of your reply-- I just simply do not understand it. - I fail to see a correlation between hijacking IP space and Spamhaus. Could you please enlighten me ? - I also fail to understand what you mean by "mob friends just like you". I have no relationship whatsoever with SpamHaus, I do not use their DNSBLs (as I delegate most of my emails to Fastmail). I was just asking for your thoughts and technical solutions to IP space hijacking. Your reply turned into a rant about Spamhaus (?) and accusing me of being "mob friend" of it (?) ? On Sun, Apr 26, 2020, at 19:46, Elad Cohen wrote: Jordan, What you are writing is false, telling a lie again and again will not make it truth. "if I remember that there was some IP space from Cape Town city that got hijacked" - I'll be happy if you can also remember a single proof for it and to display it here now ? (I mean a proof - not an employee of of a direct competitor which is also a member of the illegal anonymous organization "The Spamhaus Project" and also the owner of that illegal anonymous twitter account: https://twitter.com/underthebreach - he is also a cyber influence master according to himself - it means that he is a master in telling lies and creating a fake story without a single proof in order to influence public opinion - exactly like what you are doing now) And yes, I did found a technical solution for your criminals at "The Spamhaus Project" that there are many complaints about them worldwide - and the Law Enforcement Agencies are doing nothing regarding them only because they illegaly share (without any warrant) on a regular basis and in a systematic way massive amount of illegaly-obtained privacy data of internet users with the Law Enforcement Agencies as you can see that they wrote on themselves in their own words in the following link: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... "The Spamhaus Project" mob friends just like you are very very afraid from me according to their attention to me - and they are afraid from me because I cannot be bought, because what they are doing is illegal, because I will keep saying it loudly again and again and again. Respectfully, Elad ________________________________ From: members-discuss <members-discuss-bounces@ripe.net><mailto:members-discuss-bounces@ripe.net> on behalf of Jordan Bracco <href@fastmail.net><mailto:href@fastmail.net> Sent: Sunday, April 26, 2020 8:23 PM To: members-discuss@ripe.net<mailto:members-discuss@ripe.net> <members-discuss@ripe.net><mailto:members-discuss@ripe.net> Subject: Re: [members-discuss] Technical Solution to resolve the global "Email Spam" problem Dear Elad, Unrelated to the spam proposal-- but have you found a technical solution to avoid malicious third parties to hijack assigned IP space (for example, if I remember that there was some IP space from Cape Town city that got hijacked). What are you thoughts on this, and your technical solution to it ? On Sun, Apr 26, 2020, at 18:05, Elad Cohen wrote: Hello Everyone, I want to share with you my technical solution to resolve the global world "Email Spam" problem and in addition it will also resolve the spreading of illegal links (phishing/malware/etc , once the sites are known) through electronic mail and will stop email spoofing (that part using current technologies). Email spam problem was not being able to be defeated since the beginning of electronic mail, as long as email spam will be profitable to email spammers - it will exist, email spam caused the illegal anonymous organization "The Spamhaus Project" to exist, "The Spamhaus Project" is hurting and damaging many businesses worldwide in their way to fight email spam, "The Spamhaus Project" is an illegal anonymous organization according to the following presentation that they wrote on themselves, they are violating laws in their way to fight email spam and still they don't win in the battle against email spam. "The Spamhaus Project" is keeping their anonymity because they are afriad of justified lawsuits due to their criminal actions in their way to fight email spam. The following technical solution will resolve the world email spam problem without to hurt and to damage many businesses worldwide that have nothing to do with email spam like "The Spamhaus Project" does, the following implementation can remove the need for an illegal anonymous organization such as "The Spamhaus Project". The presentation that the illegal anonymous organization "The Spamhaus Project" wrote on themselves: https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Viol... The Implementation: There will be a site (lets call it NoSpam.org) - the site will be owned by the 5 RIRs, the site will use bgp anycast and will be deployed in each of the 5 RIRs (the site will also be able to be deployed by the ccTLD registries in each country), the site in all the locations will be synced automatically. Each domain owner will be able to register at the site (an email message will be sent to the domain owner email address in the domain name WHOIS details in order to verify that the domain owner is the one registering). After being logged in, a domain owner will be able to add his email addresses (of the specific domain name) that will be used to send newsletters / mailing lists / one-to-many email messages, lets call these kind of email addresses as 'mailing list' email addresses. The domain owner will not be able to see the list of 'mailing list' email addresses that he added - because when he added each 'mailing list' email address it will be saved with hash in the NoSpam.org backend infrastructure (due to privacy and security reasons) - hence only if the domain owner will manually type the 'mailing list' email address he will be able to enter it in order to manage it (to see the total number of subscribers email addresses, to see the subscribers email addresses but only with their hashes due to security and privacy reasons, to remove a subscriber from the list, to add a sub-user with permissions to manage that specific 'mailing list' email address). In his site, the domain owner will be able to integrate an iframe from NoSpam.org (or to connect to NoSpam.org with ajax) regarding a subscriber registration form to his specific 'mailing list' email address, the subscriber will receive an email message with a link to confirm his subscription. The domain owner will need to create a callback file in his website, for example in the path: "/nospam-notification-callback" (http://example.com/nospam-notification-callback) - that url will receive encrypted post notifications (encryption key will be provided by the domain owner in his NoSpam.org logged in account) from NoSpam.org regarding any new end-user that will subscribe or that will unsubscribe from a 'mailing address' email address which is related to the domain of the domain owner (unsubscribe functionality by the user later below). The subscriber email address and that 'mailing list' email address (that was subscribed to) will be sent by NoSpam.org to "/nospam-notification-callback" not in the hashed format but in cleartext (so the domain owner will be able to save it in his system for future email messages from the specific 'mailing list' email address to the specific subscriber email address). The domain owner will also have an API to NoSpam.org backend infrastructure in order to remove a specific subscriber email address from a specific 'mailing list' email address (the domains owner will send the values through the API - hashed). The domain owner will also provide a web interface in his site for the end-user to remove himself from the specific 'mailing list' email address. The above is the backend implementation (no upgrade is needed to any email server in the internet), the following is the upgrade that will needed for any email client (that upgrade is not mandatory, without the following upgrade the email client will work exactly as it is now without the added no-spam features, electronic mail will not break if some email users will upgrade their email clients and some will not): - There will not be 'mark as spam' button, that kind of functionality will stop to exist because spam is not a boolean value, 'spam' to one person is valuable to another 'person', specially when the internet is global and different people from different countries will consider spam content differently. One user can consider an email message as spam and another user can consider the same message as not spam, 'Spam' is subjective and any kind of 'mark as spam' functionality is useless in the battle against email spam. - There will be blacklists and whitelists (just like there are now, but they will be more prominent): blacklist email addresses , blacklist domains , whitelist email addresses , whitelist domains. - The end-user should be able to easily enter each email message to whitelist or to blacklist (meaning the 'from' email address of the email message), and will be able to search in the 'Spam' folder easily for an email address (these features can exist today, but they should be given more visibility, so end-users will use them more). - The end-user will be able to import/export his whitelists and blacklists using an xml format to any other upgraded email client, the blacklists and whitelists will be local (end-user will be able to pass the local whitelists and blacklists to another email client of his with the click of a button in the upgraded email client - the upgraded email client will just send them to itself - without to download them from the email server so the end-user will be able to download it with another upgraded email client - or the end-user will be able to send the whitelists and blacklists to another email address of him, the usage will not be like sending regular email message with attachments - the upgraded email clients will take care to sending and receiving of the blacklists and whitelits - in the background, these are custom formatted email messages that the two upgraded email clients will know how to act upon them). - The email client will be able to display with GUI with buttons any 'mailing-list registration confirmation email' in a specific section related to registration to new 'mailing list' email addresses for the end-user to choose with buttons if he accept or refuse to register to a specific 'mailing list' email address. - For any email message that was received: in case a received 'from' email address was found in the whitelist email addresses or in the whitelist domains - then it will be moved to the 'Inbox' folder, in case the 'from' email address of the email message was found in the blacklist email addresses or in the blacklist domains - then the email message will be moved to the 'Trash' folder. - In case the 'from' email address or domain was not found in the whitelists and in the blacklists, then the upgraded email client will send the 'from' email address and the 'from' domain and the current user email address and the external links that exist in the email message (but all of these data will be sent in a hashed way, and not in cleartext) with a query to NoSpam.org backend infrastructure, NoSpam.org will perform the following algorithem after it: - If the hashed 'from' domain (or any other 'hashed' domain from the external links) exist in a list of criminals hashed domains (of phishing/malware/viruses/etc) then NoSpam.org will respond to the email client to delete the email message, otherwise the hashed 'from' email address will be checked against a list of hashed 'mailing list' email addresses - if found then the sender is a 'mailing list' email address and there will be a check by NoSpam.org backend infrastructure if the hashed 'receiver' email address is a subscriber of that specific 'mailing list' email address , if the hashed 'receiver' was found then NoSpam.org will send a response to the email client that the email message can be displayed in the 'Inbox' folder and in the response NoSpam.org will also include an unsubscribe key - the email client will be able to display an unsubscribe button to the email client and if clicked the email client will send an https request to NoSpam.org with the specific unsubscribe key, NoSpam.org backend infrastructure will remove the end-user email address from the 'mailing list' email address and will notify the domain owner at the domain owner callback url "/nospam-notification-callback" that the specific user unsubscribed. In case the hashed 'receiver' wasn't found then NoSpam.org will respond to the email client to delete the email message and NoSpam.org will also notify the callback url of the related domain owner that he shouldn't send email messages from the specific 'mailing list' email address to the specific subscriber email address. - In case when NoSpam.org backend infrastructure searched the hashed 'from' email address and it wasn't found in the list of all hashed 'mailing list' email addresses, it mean that the email address was sent from a 'personal' email address and NoSpam.org backend infrastructure will notify the email client that the email message is from a 'personal' email address - the email client in that stage will need to decide if to move the email message to the 'Inbox' folder or to the 'Spam' folder based on the following - the email client will check if the email message include links/images/plain-url's - and if yes then the email message will be moved to the 'Spam' folder, otherwise it will be moved to the 'Inbox' folder. Whitelist Handshake: - In order to facilitate the adding of new email address to the local whitelist, a process of 'Whitelist Handshake' exist , a 'Whitelist Handshake' is a GUI representation in two email clients regarding background email messages between them (that the two end-users don't see), "end-user A" with a click of a button will be able to send 'add me to whitelist' request to "end-user B" which will be able to accept or deny and if accepted then "end-user B" will be able to automatically send the same "add me to whitelist" request to "end-user A" , all of this communication will be done behind the scenes, these special email messages will not be visible to the end-users, end-users will see popups with GUI that email address X is asking to be added to whitelist. In order for spammers not to abuse this option - the email client will keep only one 'whitelist request' from each requester email address (there will be a 'whitelist requests' section in the upgraded email client). A repeated 'whitelist request' that came from a specific email address can never be raised in the list (unless the end-user will specifically search for it) even when the sender will send more and more 'add me to whitelist' requests - no priority will given to them, and once an end-user refused an 'add me to whitelist' request - no new 'add me to whitelist' request will be shown from the specific sender email address in the specific email client. - There can be a case that an upgraded email client will send 'add me to whitelist' request to a not-upgraded email client and then the receiver will see the request as it is - as an email message in the inbox folder - due to it the content of that message will be in the language of the domain TLD of the receiver email address and the content in the email message will explain what is NoSpam.org and how to upgrade the email client and supported upgraded email clients, etc - In the 'whitelist requests section' in the upgraded email client - the whitelist requests will appear in a list - there should be preference so some requests will appear upper and other lower (so requests from spammers will appear lower) - whitelist requests from email addresses of domains which are older (according to their WHOIS details) will appear upper than whitelist requests from email addresses of domains which are newer. Whitelist requests from a list of a more-trusted-domains (domains of known webmails service, universities, governments, etc) will have preference over other domains, specific TLDs that not anyone can purchase will also have preference over other TLDs that anyone can purchase (upgraded email clients will retrieve the list of trusted TLD's and Domains each day from NoSpam.org backend infrastructure). Notification of spam emails: - An additional feature in the upgraded email client is that whenever an email message will reach the 'Spam' folder - the email client will send in the background a known-format email message to the sender and will notify him about it, if the sender is using an upgraded email client then it will be able to automatically send a 'add me to whitelist' request to the receiver in the background (once an email address is whitelisted - all the email messages from it will move from 'Spam' to 'Inbox'). Email Spoofing: - In an upgraded email client, email messages from 'personal' email addresses cannot arrive from email relay server, in case it happen the message will be deleted and the email client will send an automatic email message in the background to the sender with the text (in the language of the sender domain TLD) that email messages from 'email relay servers' cannot be received from him. - In an upgraded email client, email messages from 'mailing list' email addresses can arrive from email relay servers - but they must be encrypted with DKIM. - In an upgraded email client, the email client should check the SPF txt dns record of the sender domain, and will drop the email message if it is a spoofed email message. - DNS servers developers will need to make the SPF txt dns record to be a mandatory field for every domain, in order for email spoofing to be annihilated. Security Aspects: - All stored data in NoSpam.org Backend infrastructure is hashed. - The criminals domains list in NoSpam.org Backend Infrastructure will be managed only by regulated supervised Law Enforcement Agency (for example: Interpol) and not by an internet organization such as the RIRs or ccTLD registries. - Domains owners will have 'forgot password' functionality to their NoSpam.org account, the password reset link will be sent to the email address of the owner of the domain according to the domain WHOIS details. - Communication between email clients to NoSpam.org backend infrastructure will be over https, there will only be an handshake process in the beginning over electronic mail between email client and NoSpam.org backend infrastructure - the email client will send an email message with a chosen key to an email address of @nospam.org (that key will be used in further communication between the email client and the NoSpam.org backend infrastructure over https, it will be used for NoSpam.org backend infrastructure to identify the specific email address over https, so anyone will not be able to query NoSpam.org backend infrastructure to know which hashed email address belongs to which hashed 'mailing list' email address, besides the email client user with the right key to query NoSpam.org Backend infrastructure only on himself). - Any email client will download once per day 'spam-rules' file from NoSpam.org backend infrastructure, 'spam-rules' file will be an xml formatted file that include rules of when to move an email message that was received from 'personal' email address which is not whitelisted to the 'Spam' folder (for example, when email have at least 1/2/3 links, when email format is rich text or html and not plaintext, etc), in case future adjustments will be needed to win the battle against email spam - email clients will not need to be upgraded, the new 'spam-rules' will be updated in this daily file. To make it short: - Any email message from a subscribed mailing list / newsletter / etc - will reach to the inbox (that kind of email messages can contain any kind of content without any restrictions, because the user subscribed to it and the user can unsubscribe from it at anytime). - Any email message from an email address or domain in whitelist - will reach the inbox. - Whitelist Handshake process is easy to use and being implemented with clicks of a button, nothing to type. - In case an email message will the 'Spam' folder - an automatic email message will be sent from the receiver to sender and sender can automatically ask to be added to the receiver's whitelist. - Any email message without links/images/plain-url's (plain email messages, like electronic email was) - will reach the inbox. - Any other email will reach the 'Spam' folder - if needed the user will be able to easily whitelist the email message in the 'Spam' folder. Spammers need links in their email messages for monetization, above solution blocks it and also block criminal domains links in email message and implement email spoofing blocking at client-side. We will all stop to receive more than 100 spam email messages per day with the above solution. Respectfully, Elad _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/href%40fastmail.net _______________________________________________ members-discuss mailing list members-discuss@ripe.net<mailto:members-discuss@ripe.net> https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/silvan%40unavailable.... _______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/campbell%40inca.ie
participants (20)
-
Aleksi -
Arnold Dechamps -
Ben Fitzgerald-O'Connor -
Bengt Gördén -
Darren Brown -
Dmitry Kohmanyuk -
Ed Campbell -
Elad Cohen -
Franco Tauceri -
Frederic Vagner -
href -
info@cowmedia.de -
Jetten Raymond -
Jon Morby -
Jordan Bracco
-
Matthias Brumm -
Nevin Lyne -
Silvan Gebhardt -
Simon Lockhart -
Timothy Allen Roy