Remove the message cap; explicit address creation

Discussion re sg development. You don't have to be a developer.

Remove the message cap; explicit address creation

Postby overbored » Sun Jun 10, 2007 1:29 am

Hi, I used to use spamgourmet many, many years ago, but then I found mailnull and sneakemail and have been using the two of those. The reasons I switched away are:

(1) Message cap. I want to use my email hiding service to join mailing lists and other services where I expect to receive many messages in the future, yet be able to quickly and cleanly cut them off as soon as I get any spam from them. I can continually reset my message count, but that's impractical.

(2) Automatic creation of addresses. I've gotten plenty of spam via generated addresses on all of my @spamgourmet.com addresses. (You guys ought to adjust your answer on the FAQ; the current answer is rather disingenous on your part.) I could resort to watchwords, but that adds garbage to the address. What I ended up doing to emulate explicit address creation (before I switched away) was to enforce watchwords; when I needed a new address, I'd disable watchwords, choose whatever name I wanted, and reinforce watchwords.

Anyway, I'm now visiting this forum again because I'm hoping that I can convince the devs to implement these changes, and because of some gripes with mailnull/sneakemail. These wouldn't interfere with the existing approach; I'm requesting non-default options to enable explicit address creating and message cap removal.

I'm a dev too, but I don't have time to work on spamgourmet - that's why I switched away, rather than hack. Even if I did, it would take me much longer to implement the requested changes than the current devs due to codebase familiarity.

Thanks for hearing me in.

In case you're curious, my gripes with the other services are as follows; neither of these is anywhere as serious as the message cap limitation, however:

- mailnull has no outgoing addresses
- sneakemail has a bandwidth cap + address munging
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Postby SysKoll » Sun Jun 10, 2007 8:50 pm

For mailing lists, the answer is well-known. Set the mailing list broadcard address as the exclusive for whatever disposable you use to subuscribe to the mailing list.

For example,
* I am subscribing to somelist <at> listserver.org,
* I subscribed with the disposable somelist.listserver.syskoll at spamgourmet
* I set that disposable's exclusive to somelist <at> listserver.org,

This guarantees that the mailing list will never increase the counter.

As for watchwords, that's the best idea we came up so far to prevent automatic address creation. What's wrong with them?
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Re: Remove the message cap; explicit address creation

Postby josh » Sun Jun 10, 2007 10:33 pm

overbored wrote:I could resort to watchwords, but that adds garbage to the address.
It sounds like you're talking about the prefix -- the watchwords don't add anything to the address.

Also, it's surprising to hear that you got spam on newly created spamgourmet addresses. That happens to me at the rate of maybe one message per year, and it's usually apparently due to a program truncating an existing address.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: Remove the message cap; explicit address creation

Postby overbored » Mon Jun 11, 2007 1:00 am

SysKoll wrote:For mailing lists, the answer is well-known. Set the mailing list broadcard address as the exclusive for whatever disposable you use to subuscribe to the mailing list.


First, with mailing lists, the sender is usually not the mailing list address itself. Plus, people should be able to reply to you off the list, without that causing you to worry about your resetting your cap.

Second, mailing lists are just one case. E.g., when posting to newsgroups, anybody can end up sending you mail. E.g., when signing up for a service, I don't want to repeatedly return to spamgourmet to add every new email address they decide to use (e.g. first account@service.com when I register, then events@service.com for regular broadcasts, then support@service.com when I contact them for help, then ...).

SysKoll wrote:As for watchwords, that's the best idea we came up so far to prevent automatic address creation. What's wrong with them?


They're being circumvented. It's trivial - just add arbitrary text around the 'someword' part of the address.

josh wrote:It sounds like you're talking about the prefix -- the watchwords don't add anything to the address.


They do if you want to effectively block spam. (See above.)

For whatever reason, spammers tend to not generate very long addresses. The only way I was able to keep the spam out was by setting a single watchword (50 characters or so long), and then (as I mentioned) temporarily turning this off whenever I actually needed to create an address.

josh wrote:Also, it's surprising to hear that you got spam on newly created spamgourmet addresses. That happens to me at the rate of maybe one message per year, and it's usually apparently due to a program truncating an existing address.


Yes, I realize you probably don't personally get spam at generated addresses (I didn't think you would intentionally write that FAQ entry if you knew better.) I can assure you that I get them up the wazoo. Don't know what else to say.
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Postby lwc » Wed Jun 13, 2007 5:30 am

You could just add service.com itself, you know...I think your example was supposed to be about when multiple domains are used by one service.

SysKoll meant the exclusive sender also checks the TO address. Official mailing lists always send to a certain TO address. Unofficial mailing lists, that use BCC, usually use the owner's address in the TO address. You can just write that in the exclusive address and then it won't matter who sends messages to the list.

Otherwise, you can always use "." for an unlimited counter. But it's bound to get you spam if you just expose your address in a newsgroup, etc.

I know it's not your fault, but a good site uses forms instead of direct addresses. That way, it's less risky to use "." because only the server would know your address (and a CAPTCHA test could protect you from form spam). Maybe newsgroups would one day follow forums and make that move.
lwc
 
Posts: 455
Joined: Sat Aug 28, 2004 9:09 am

Postby overbored » Fri Jun 15, 2007 4:50 am

SysKoll meant the exclusive sender also checks the TO address. Official mailing lists always send to a certain TO address. Unofficial mailing lists, that use BCC, usually use the owner's address in the TO address. You can just write that in the exclusive address and then it won't matter who sends messages to the list.


First, I didn't know that the exclusive *sender* address also applied to the To field. But that doesn't really address my complaint. Sure, *usually* mailing lists operate in this fashion, but what of the rest? And what of the points I brought up (e.g. replying off-line)? I'm suggesting an alternative which addresses these issues and can be implemented in a non-disruptive manner. And I'm certainly not asking for the removal of existing features - exclusive senders are certainly valuable when you begin to receive spam from list members.

Otherwise, you can always use "." for an unlimited counter. But it's bound to get you spam if you just expose your address in a newsgroup, etc.


I didn't know about this either - I'm glad you decided to add this in at some point. However:

- If you receive spam from posting in a newsgroup and exposing your address, your message count had nothing to do with it. I'm not sure why you're mixing the two arguments together.

- I just tried setting an address' count to "." and it didn't work (the counter was just set to 0).

- If you meant + or *, that necessitates the use of exclusive senders.

- It still doesn't address any of the other issues I mentioned.

I know it's not your fault, but a good site uses forms instead of direct addresses. That way, it's less risky to use "." because only the server would know your address (and a CAPTCHA test could protect you from form spam). Maybe newsgroups would one day follow forums and make that move.


I'm not running a website.

Tangent: http://www.cs.sfu.ca/~mori/research/pap ... cvpr03.pdf[/b]
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Postby SysKoll » Fri Jun 15, 2007 1:31 pm

So what solution do you propose, from a user standpoint? How would your new feature work?
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby overbored » Fri Jun 15, 2007 6:35 pm

1. Change the "default number" user preference so that we can choose to have no cap by default, and change the "remaining messages" attribute of each address to also support no caps. Note that this must be possible without requiring exclusive senders and without requiring the address to have this property specified by name (as is the case with + and *).

Another possibility, which I hope you don't do, is to make someword.-.username addresses uncapped. I'd like to avoid polluting my addresses.

2. Introduce an "Enable automatic address creation" user preference. This should be a checkbox on the main advanced page, enabled by default. When this is turned off, addresses must be explicitly created, so there must be a breezy interface for doing this (bookmarklet that prompts for the address prefix). The ease with which one can explicitly create addresses is what distinguishes this from simply enforcing very long watchwords (which is what I currently do).

Along with this feature should be a "temporary trash." This is a buffer of recently discarded emails sent to a non-existent address under the current user's suffix. This is useful when you accidentally forget to create the address first. This should be displayed in a similar fashion to the "recently disposed" list of messages, but next to each message should be a "release" button.

Completely unrelated, but while I'm suggesting features....

3. Introduce a zippier interface to get outgoing addresses. Something like a bookmarklet that prompts for the source prefix and destination address.

4. Introduce a user preference to keep spamgourmet from munging subject lines. Instead, augment the email with information in "X-Spamgourmet" headers.

I think all of these feature suggestions are relatively modest and non-disruptive, but (for me at least) they would have an enormous impact on the usability/practicality of the service.
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Postby SysKoll » Fri Jun 15, 2007 7:36 pm

Overbored,

Overbored, what you need is a commercial version of the site. We are actually pushing for it. If you know a developer that might be interested in creating a guaranteed-service, paid-customers version of this site, let us know, we'll help him set it up. Heck, I'd use it for my critical email and keep SG for the non-crucial stuff.

As for us free service, your first two proposals would lead to a much higher resource consumption. Not to mention that some of the features completely break the way we work. But I am interested in your interface idea.

Remember that just because you don't pay for this doesn't mean it is free for us. The bandwidth and hardware costs are very real.

1. We cannot accept uncapped addresses by default. That would kill us. We need to be able to reject most of the emails we got. That's the purpose of spamgourmet, and that's why we can get away with small resources. The site is not meant to be a general purpose address forwarder. It is meant to forward in some very specific cases and erase the rest.

2. We had that debate many times on the forum. People like and use the auto address creation. Are you suggesting that you'd connect to the web site every time you need to give a disposable? Wouldn't that be cumbersome?

As for temporary trash, we receive way too many emails. We would need about a terabyte to store only 30 days of spam. And going through all of this would be a major CPU drag. We simply don't have enough CPU and storage. If we decided to do that, we'd have to find an income source.

3. Sounds great! Explain in details how this interface would work. I am interested

4. Well, there IS such a feature...
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby overbored » Fri Jun 15, 2007 8:50 pm

1. OK, I understand now. I wasn't sure what your status was, but I assumed it would be (relatively) inexpensive to provide forwarding (as mailnull.com, a non-commercial site run by one man, is doing fine in this regard, but that's probably due to its relative lack of users).

2. Not 30 days but a few hours. And, again - I'm not asking you disable auto creation by default. And yes, I am requesting the ability to explicitly create every address I want to use - that's one of the main reasons why I switched away from spamgourmet to mailnull. It's not cumbersome at all. As I'm filling in an email address on a web form, I do just ctrl-a to select what I just entered and invoke the bookmarklet.

3. Simply use Javascript dialog boxes to prompt for the two inputs, then pop up a small window of the page containing the resulting address in a text box; the page's onload should automatically copy the text box contents to the clipboard. Variants of this should be provided (e.g. users who want a regular window to pop up, not a small one; users who don't want the auto-copying; users who want one of the inputs to be automatically determined from the current page selection; etc.).

4. Thanks.
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Postby overbored » Fri Jun 15, 2007 10:12 pm

So are there any plans to make a commercial version of spamgourmet with these (and other - I can think of a bunch) "power features"? If so, any timeline? I would be interested.
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Postby SysKoll » Fri Jun 15, 2007 10:16 pm

If you are interested, would you consider sending a statement of interest to the person who is looking into this? A one liner would suffice.

If so, I'll post the address.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby overbored » Fri Jun 15, 2007 10:22 pm

Certainly.
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Re: Remove the message cap; explicit address creation

Postby de552 » Mon Jun 25, 2007 6:46 am

There is one more interesting option.

www.trashmail.net

It currently supports whitelisting, which almost guarantees spam freeness, even if your address is well known and public.

You can manually whitelist any addresses you like, or you can pick messages from whitelist queue. If you know that you should allow some new mailinglist etc. But you don't know which address it is using. (All services wont mention email addresses they are using.)

It's pretty darn nice solution. Anyone who got something to say can mail you, but all crap is simply dropped out.

I'm so sure about that I can put my email here:
got-some-spam@trashmail.net

- Thanks!
de552
 
Posts: 48
Joined: Mon May 29, 2006 12:28 am

Soo....

Postby overbored » Tue Sep 18, 2007 6:03 pm

...no follow ups on this?

*bump* :)
overbored
 
Posts: 11
Joined: Sun Jun 10, 2007 1:12 am

Next

Return to Developers

Who is online

Users browsing this forum: No registered users and 22 guests

cron