Why Yahoo's marriage of RSS and e-mail could be an antispam breakthrough

Why Yahoo's marriage of RSS and e-mail could be an antispam breakthrough

Summary: Spam has always been a real hot button for me.  First because of the way unwanted email innundates my various inboxes (the most obvious problem).

SHARE:
TOPICS: Collaboration
13

Spam has always been a real hot button for me.  First because of the way unwanted email innundates my various inboxes (the most obvious problem).  Second is one of the nasty side effects of our meager attempts (antispam solutions) to stop it: we end up stopping some legitimate mail too (now a major hassle for me).  Third, the need to solve the problem has resulted in business opportunities some vendors and ISPs would rather use to their own advantage rather than universally and collaboratively fix (so much for the connection between e-mail and collaboration).  The irreconcilable differences that arose out the IETF's attempt to get all the major players on the same page is real evidence of this sort of greed. 

Approximately three  years ago, I organized the first industry-wide anti-spam summit in hopes of getting all of those in a position to fix the problem to cross-party lines and work together instead of apart on the spam problem.  I called it JamSpam and we held the one day event at CNET's headquarters in San Francisco.   Everybody who obviously mattered (ISPs, inbox service providers, email solution providers, etc.) was there. Even some who on the surface have no connection to the e-mail ecosystem -- like Oracle -- attended as well.

"So what?" you ask. What does this have to do with RSS (as this blog's headline implies).
During one of JamSpam's brainstorming sessions, GroupWise consultant Richard Bliss (who was representing Novell at the time) raised his hand and asked an interesting question.  He asked, "What if e-mail was re-architected so that, instead the keeping e-mail on the recipient's system prior to opening it (the way e-mail basically works today), e-mail was kept on the sender's system?" On the basis that such an architecture -- where users regularly retrieve stuff from other systems on more of a polling basis -- would never fly technically or from a user experience point of view, Bliss was overwhelmingly shut down by everyone in the room. 

I don't know if he remembers that day, but boy, has RSS vindicated Richard Bliss.  While RSS still has a few kinks to work out (like, what happens when you click the RSS button on a Web page), it has clearly proven in the last two years that the architecture Bliss had in mind not only works, but can and will be very widely embraced. Earlier this year, in January, I wrote about how RSS could be the silver bullet against phishing. Then, in May, I covered  the potential applications of RSS beyond some of the basic ones we see today (subscribing to blogs and newsfeeds).  See What's left for RSS to disrupt? Plenty.  Now, in its announcement that it is marrying RSS to a beta version of its email service, Yahoo! has taken a major step in the right direction.  To be honest, this particular marriage doesn't really solve the spam problem and none of the news surrounding it has implied that it does.  But by acting on the idea that RSS is relevant to email, Yahoo has taken that all important baby step that can become the proof point upon which further innovation -- the sort that can end spam -- can be inspired.  As a reminder, here's what I wrote about some of the ways RSS can eliminate spam if it was used to rearchitect the way email works:

  • RSS is 100 percent opt-in. You won't get an RSS feed in your RSS reader unless you ask for it. This means that we get to decide who can send stuff into our inboxes. This is much better than the system today where Congress and the FTC apparently feel they have the right to decide that (while the big money marketing lobbies magically get more of the lawmakers' ears than you or me).
  • Whereas SMTP is a store-and-forward protocol, RSS is a store-and-get-retrieved protocol. With SMTP, by the time the spam is in the mail (most of the time with a bogus return address), the spammer has taken the additional step of closing up shop and moving. The way spammers do this reminds me a bit of those oriental rug shops that appear to go out of business within days of opening. One day, someone will explain to me why this is a sensible way to sell rugs (I'll bet it has to do with a loophole in an import/export law). I digress. With RSS (the "Retrieving Stops Spam" protocol), if the spammers are serious about actually getting the spam into our inboxes, then, not only can't they give us bogus address information, but they also have the burden of storing the spam on their systems and, even more importantly, have to set up an XML feed that points to where the spam is stored. Today, SMTP allows spammers to go out of their way to cover their tracks. Tomorrow, if we replaced SMTP with RSS, spammers would have to lay tracks that lead straight to their front door.

Topic: Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Interesting, but.....

    How is a user supposed to know who he wants mail from in advance? There still has to be some kind of notification process in order for users to discover each other and/or share new email addresses right?
    dana@...
    • no different than todays email.....

      unless you pull it off posting boards every email address you have was given to you on a business card over the phone, or scribbled on a napkin. authentication could be easily achived using PKI certs, and transmission could be easily secured using SSL.

      even still you could use SMTP for the initial hand shake, notification of a subscription request could come from the email provider which means you only need to accept email from a single address which you could verify using SPF or PKI once again.

      the more i think about it the more i like it.
      JoeMama_z
    • no different than todays email.....

      unless you pull it off posting boards every email address you have was given to you on a business card over the phone, or scribbled on a napkin. authentication could be easily achived using PKI certs, and transmission could be easily secured using SSL.

      even still you could use SMTP for the initial hand shake, notification of a subscription request could come from the email provider which means you only need to accept email from a single address which you could verify using SPF or PKI once again.

      the more i think about it the more i like it.
      JoeMama_z
    • re: Interesting, but.....

      Actually, the RSS/email system does work as you suggest. The subject line is sent to the user's inbox but the message body is not. This applies to all messages where the recipient is not a subscriber to any unknown sender's messages(just like RSS).

      Where the recipient is a subscriber, then the entire message is sent and is stored on the subscriber's computer. The beauty of this RSS type of system is that spammers won't be on the recipient's RSS subscription list and the spam message must be stored on the spammer's computer if it is ever to be read.

      This means that the spammer has to stick his neck out and maintain one or more host computers if he is ever to get any of his messages read, something that they most certainly do not want to do. In effect, this fear of discovery will shut down most (if not all) spamming operations worldwide.
      cppsolutions
  • sonofab!tch........

    thats a good idea!
    JoeMama_z
  • not really...

    Why can't I, Joe D. Hacker, just set up a little web server and fake RSS feed on a box that I've pwned? I can already put SMTP servers that spew out millions of spam messages per second on my boxes. All I need to do is solve the problem of an IP that changes or gets readdressed to someone else not running my server (if I even care about that). Even better... I get my bots-a-plenty finding semi-static IP addresses (maybe johnny high speed?). Then I get some little servers planted there. If I get these fairly well-distributed, Johnny Highspeed doesn't even know he's a host.

    Hackers and spammers already host images all over the place that would lead directly to their door the same way an RSS XML file would, if this would really do that. Anyone that's opened a TnA spam could readily vouch for that ;)
    phirephanatik
    • I dont think you get it....

      In order to spam someone using the RSS system the user would have to specifically go to a hosted web site, and subscribe. Even if a virus does this on thier behalf, the Rouge RSS server would be shutdown almost immediatly just like any other SPAM SMTP server. You could not really botnet this either without investing a tremedous amount of resources implementing DNS, dynamic DNS, and even then it would work unreliably at best.

      The only thing i can think of that would still allow rouge SPAMING is possibly a virus that effects a user you have subscribed to and injected spam text into the XML feed, all the same much easier to mitigate the damage than the traditional model.

      I hope this gains traction!

      - Sam
      JoeMama_z
    • I dont think you get it....

      In order to spam someone using the RSS system the user would have to specifically go to a hosted web site, and subscribe. Even if a virus does this on thier behalf, the Rouge RSS server would be shutdown almost immediatly just like any other SPAM SMTP server. You could not really botnet this either without investing a tremedous amount of resources implementing DNS, dynamic DNS, and even then it would work unreliably at best.

      The only thing i can think of that would still allow rouge SPAMING is possibly a virus that effects a user you have subscribed to and injected spam text into the XML feed, all the same much easier to mitigate the damage than the traditional model.

      I hope this gains traction!

      - Sam
      JoeMama_z
  • RSS

    I don't know if he remembers that day, but boy, has RSS vindicated Richard Bliss. While RSS still has a few kinks to work out (like, what happens when you click the RSS button on a Web page), it has clearly proven in the last two years that the architecture Bliss had in mind not only works, but can and will be very widely embraced.

    Johny
    http://www.media-press-release.com
    http://www.onearticles.net
    ipfresh@...
  • RSS

    I don't know if he remembers that day, but boy, has RSS vindicated Richard Bliss. While RSS still has a few kinks to work out (like, what happens when you click the RSS button on a Web page), it has clearly proven in the last two years that the architecture Bliss had in mind not only works, but can and will be very widely embraced.

    Johny
    http://www.media-press-release.com
    http://www.onearticles.net
    ipfresh@...
  • OK this is really hot

    From an actual marketers viewpoint this can be very hot. Why? Because it will allow a marketer to get very precise figures on subscribers and response to campaigns. But in order to get on someones rss mail feed the marketer will have to offer compelling content in exchange as an inducement to subscribe. In this scenario web portals will rule. Referal links will be the lingua franca for precise tracking. RSS is gonna rock!

    Ted
    tcalbaz@...
  • What if...

    Nice story, but what happens with mail from people I don't know, but I'm interested to read? For example, if I told a friend I'm looking for a job, and he lent me a hand asking someone else for a job position, then how this person mails me with an offering?
    Perhaps I dind't get it at all.
    JoseCtesArg
  • Marriage of RSS and e-mail....

    To me this is an idea long overdue. Spamming is a serious invasion of my time. I currently use Mailwasher and while I receive about 50-60 emails a day that I want, I receive between 100 and, over the Holiday season from US Thanksgiving thru New Years, upwards of 200 a day pure SPAM, perhaps almost half of that sexually oriented.

    What strikes me about the SPAM is that it comes from illegitimate return addresses, spoof domains, as it were. I blanket-identify/mark all SPAM domains when they arrive in my inbox - yet the next time I check my mail about half, sometimes more, of the SPAM is unmarked!

    So long as the SPAMMERS continue to use spoof domain return addresses this proposed marriage of RSS and email will work just fine to block unwanted email. Once the SPAMMERS switch to spoofing legitimate domains as a return address there will have to be a further refinement to the marriage. Even at that, this will be an improvement over the present situation.

    And anything that returns 1-2 hours a day to my productive work time is welcome.

    The danger really comes when a SPAMMER gets hold of a legitimate email address and SPAMS it. I had to give up my favorite email address once because it was being SPAMMED out of a mid-east IP location but using my email address as the return. All of a sudden I was receiving over 100 "returned undeliverable" notices a day....

    It took me about a week to figure out the cause and exhaust all the possible remedies, arriving at changing email addresses as the only solution. While getting there I was almost swamped by "returned undeliverable" traffic.

    Windy
    windy@...