Traffic Light Email         

                       Ending spam as we know it                    

                                 (in this lifetime)                                  

 

   The following is a proposal to stop spam and give email users greater control over their email.  It is based on the idea that you own your email box and can manage it as you see fit. If  you want to scream the "Internet must always be free!" and open your email box to every spammer in the world, that is your right. The same is true if your want to totally restrict your email access to a few close friends and no one else. But most people want something in between, a practical way to manage email as most people use it. What is offered here is a proposal for a toolbox of options to allow one to customize his email for his own needs.

The following proposal, which I call "traffic light email", allows a user to fine tune his email box so that spoofing and phishing become impossible while real people (not automatic mailers) who really want to get through to him, have a reliable way to do so.  

Traffic light email  is superior to spam filters alone because the filters just aren't perfectly reliable. Some good mail that you want to see will get hung up in the spam filter and some spam will get though to your eyes. That is just the inherent nature of probabilistic filters. As filtering technology improves the number of bad decisions made by the filter gets smaller, but they remain a risk that can be avoided with the deterministic approach of traffic light email. Spam filters would still be an option under traffic light email just not the only option.

"Traffic light email" requires no modification to existing internet protocols for sending email. It will require some simple standards for identifying email as encrypted (if it's encrypted), defining procedures for decrypting encrypted email, and for setting and locating passwords in the email.

A major reduction in spam volume can be accomplished by simply requiring that a person, rather than a spam generating computer, be the true source of every email we see. We can be reasonably sure this is true with email from people we know. It's only email from unknown senders that has to be humanly validated in some way. 

Traffic light email is perhaps best explained from the mail box owner's perspective as he uses the software.

All incoming email is first divided into 3 classes by the software, each  corresponding to a light color on a traffic light. 

  "Green light" mail is mail from people I have explicitly identified as good senders (what is often called "white list" email). These are people I know I want to correspond with. 

  "Yellow light" email is from those who I haven't yet identified as good senders, but who have completed some kind of validation requirement to reach me. Examples of such requirements might be including a specific password in the subject line of the email, using a web page sign in sheet, and\or paymail.

  All other mail is red light and is initially presumed to be spam or from someone who I definitely don't want to correspond with (often called black list email)

Most good email that most people receive will be green light email. Yellow light, and perhaps some red light email (if the user uses a spam filter), will be evaluated by the recipient who will then likely reclassify the sender to either green (I want more of his email) or red (I don't want any more of his email).

Each of the 3 major color divisions have subdivisions that create a total of 11 possible classes of incoming email. One should note that these are not 11 classes that anyone HAS TO use, but 11 OPTIONS that one CAN use to customize his email as he sees fit.

  Green light email has 3 sub groups.

  "3 green" email (visually indicated by the software with 3 solid green circles) is from an address I have specified as good, is encrypted, and contains a mutually agreed upon password (probably as the last text in the message) that validates it as having really come from the indicated email address. "3 green" email is spoof proof and therefore phishproof. For 3 green email both parties would need traffic light capable software. 

The details of encryption and password protection are worked out at the software level (IOW I don't have to understand the details of public\private key encryption. The software handles all of that). All I see are the 3 green lights that tell me it's really from Citibank (or whoever is in the address line). Of course for this to work Citibank, and others, have to have traffic light software that can generate and set up encrypted and password marked email.

Typically the recipients public key would be used to encrypt the message. But this procedure might be reversed for newsletters which might be overwhelmed by having to individually encrypt a newsletter for each subscriber. For newsletters the so called public key would be kept secret and used to encrypt the email. Then each subscriber would have a copy of the so called private key for that newsletter to decrypt it. The software would sort all this out so that the user only needs to know that he is subscribing to a newsletter.  

"2 green"   email is not encrypted but comes with a mutually agreed upon password. It's almost as secure as 3 green email but can be spied upon as it moves across the internet because it's not encrypted.

"1 green" is what we now call white list email. The "from:" address is that of someone we know and, if it's personal, it's probably really the sender. Spoofs are generally from false addresses or part of a phishing scam aimed at a big company's (like Citibank's) customers.  

3 green is the goal to which we should design and build, as it's about as close as one can get to perfect internet email security. It should be easy to implement with the right software. In practice all the mail box owner does is select a "green light" for a particular address. Then his email software does the work to set up the highest level green light email possible. 1,2 or 3 green

  Yellow light email is from people we don't know but who want to contact us and have completed some challenge, defined by the recipient. The number of yellow lights indicates the type of challenge that was passed to get to the recipient. A multitude of challenges are surely possible and different challenges may be specified based on how the contact information is distributed. For example an email address posted on the internet is most vulnerable and may require a more difficult challenge than an address specified on a business card and only given out to customers . 

Here are the basic divisions of yellow light email based on the type of challenge offered.

"1 yellow" indicates the sender used one of the recipient's passwords in the subject line. I might post a message on a news group that says "Contact me at joesmith@email.com Put the password "reallyme" in the subject line. As things now stand this is a fairly reliable way to identify that email didn't come from an automatic spam generator. Spammers harvest email addresses but haven't YET started to harvest passwords. If the password practice becomes common, spammers likely will harvest passwords. Note that once harvested, a password will become useless because spam can then be automatically generated with both your address and your password. So at some point one should expect to have to change passwords. But for now this simple challenge works reasonably well.

All we need is software to spot the password. In reality, numerous passwords might be used with each email address to allow subsorting. . I might have a business card password "biz32", a church email password "church45" and\or one for each member of  the family.  Traffic light software would see the password, mark the email with 1 yellow light and perhaps sub sort it to a particular appropriate folder (business, church, club, Bobby, Suzie  etc.)

2 yellow mail would be mail that was forwarded from a forwarding service on the web that offers a puzzle challenge to the visitor.  Once this challenge is completed the visitor could enter his message in a text box and have it sent to the owner of the page. Once the owner of the page reads the message he could decide to set up a green light protocol to exchange future email with this visitor.

The web page might read "Welcome to Joe Blows contact page. Please fill out this challenge and then put your message in the text box below. Messages are limited to text only (no html, no images) and 5000 characters. Then, if you want feedback, add your contact information at the bottom. If Joe likes what you have to say he will get back to you via email."

The challenge involved might be retyping a distorted letter password, or solving a simple riddle, or any challenge that one likes to make sure that a real person is doing this rather than a spam machine. If the email address of the recipient  is not widely distributed (perhaps only on business cards) there may not even be a challenge (the assumptions being that a spammer will not likely get this address). A visitor would just enter his text and return email address. 

The user might have different sign in pages with different challenges with different levels of difficulty depending on how the email address was distributed. 

The advantage of the sign in system is that there is no permanent password to harvest. You can get spammed from a page like this but only by a person and only once per puzzle challenge. Someone with cheap labor in a 3ed world country might find it profitable to spam you this way. But the cost is still going to be orders of magnitude above what it is now, thus radically reducing the amount of spam moving over the internet.

The pages themselves might be served by your ISP or by a commercial company that wants the advertising. I might post, in a public message, "To contact me go to www.ford.com/signin.jimober " If someone clicks on that link, my sign in page (as described above) comes up in his browser with a Ford banner ad at the top.

Ideally, browser and email client software would need an upgrade to make the offering of contact information as painless as possible. Whereas now you only need an auto complete capability in your browser to offer your email address, under the new system, to get to 3 green email (and that is where people will want to go as fast as possible) the ideal method would be for the browser to collect and submit all the necessary information at the sign in page. At the very start of the process, the browser and web page would  "exchange": email addresses, public encryption keys and a unique password for correspondence between them. 

At this initial contact, future correspondence is not yet certain because the recipient still has to decide if he wants to continue the dialog. But if he does, this preliminary setup at the web page, allows future correspondence to take place as 3 green email. 

This contact information exchange could be done down the road. In that case all the sign in sheet would collect is a return email address and offer such an address to the visitor to manually cut and paste to his email client. Then if the recipient decides to green light this new "friend", his software takes over and attempts to set up the highest level green light contact possible.

Citibank (and other customer service companies) would offer a similar "sign in" sheet for their customer's initial email setup. Since a bank's customer is probably validated through a user ID and password, no challenge puzzle is needed. Because of the nature of correspondence between a bank and it's customers getting a 3 green connection ASAP would be a priority. Because of the anti phsishing nature of traffic light email, Financial institutions might even provide free traffic light email software to their customers.

3 yellow email is "letter of reference" email. It comes from someone you don't know but who is vouched for by someone on your green light list who you have explicitly authorized as a  trusted voucher. It might be a club secretary who would vouch for other club members.  A voucher would be provided by the vouching party to accompany the email from the unknown person.  The traffic light software would validate the voucher as really being from the indicated party and extract from it additional information as in  "George is a new member of our club. Please welcome him to our group." Vouchers could come with an expire and renew date so that, for example, a club president could renew the vouchers of all current club members every 6 months.

4 yellow light email is paymail. Many paymail systems are possible. In my proposed paymail system, typically the sender makes a contribution to his favorite charity of 25cents. This is done through a sign in sheet at his ISP so that the contribution can be added to his monthly ISP bill. Otherwise it works like the sign up sheet for 2 yellow email.

Pay mail is the ultimate protection against spam. No mail gets lost in a spam filter while $250 per thousand (25 cents each) is serious money to a spammer. So for 25cents the sender can have confidence his email will get seen and the recipient will see very little spam (volumes similar to what he sees in his snail mail box). If he still gets too much spam he can raise his prices. Paymail is really a "down the road" option once spammers break through the other options for initial contact. It may never be necessary for most people. But software designers should plan for it.

With paymail most of the heavy lifting is done by the ISPs to maintain the sign in sheets, pay the charities and exchange data with each other to make the system work. For this they would be paid a fee out of the paymail revenue, perhaps 2-3 cents a paymail.

There are so many issues and red herrings with paymail that I did a separate FAQ which can be seen at the end of this page.

Yellow light email is for INITIAL CONTACT only, not for ongoing correspondence. Ongoing correspondence should be taking place under some green light signal. The sender only has to do initial contact work once. Then the recipient makes a decision, "Do I want to green light this person? Red light? or nothing." Once that decision is made, the the light status of the new email address is set by the software and future email is processed accordingly.

No one would be required to use ANY yellow light email option. They are OPTIONS, there as tools to be used to provide a relative spam free way for strangers to make initial contact with you. Use one method Use all.  Use none. It's your mailbox.

  Red light email is mail from senders who didn't complete any yellow light challenge and aren't green lighted. There are 4 subgroups. 

4 red email is from senders who you explicitly tell your software you don't want to hear from. It likely will go straight to the garbage.

2 red email is the rest of unknown email if you don't have a spam filter. Most of it will be spam. But there just might be something in there worth looking at (for example, that guy from the class reunion who saved your email address while you didn't save his). But since most of it will be spam, you won't likely be able to hand filter it.

Therefore a spam filter can be used to give it a second chance of reaching your eyes. If an email fails the spam filter, it goes the 3 red email container.  If it passes the spam filter it gets a single red light

Software would have the ability to send automatic responses based on number of red lights. One could send a "Buzz off jerk!" reply to any 4 red email. or send polite directions to your sign in page to 1 red light email. etc. It's your choice.

Some tasks common to email should be automated, like a change of address notification in which I might change from using xxx@yahoo.com to using xxx@earthlink.net. If my friends have traffic light enabled software, the address change is done automatically software to software.

Upgrades to traffic light email are also automatic between users who have that capability. Any "naked email" (no encryption or password protection) sent out from a traffic light client, would have as it's last text something like "Traffic light 1.0 capable." This would prompt other email software with that capability, to begin setting up a protocol to upgrade the email link to "3 green." When my software gets a email message with that code, it sends back a special email that says TO THE SOFTWARE "I am traffic light 1.0 capable too. Here is my public key. Send your next message encrypted with your public key and pick a password so we can upgrade to 3 green light status."  The initial sending program sees that message and sends the necessary information to upgrade that email link to 3 green.

There is no hassle for the user. All traffic light email clients automatically detect each other and upgrade service between them.

This system can help catch illegal phishing. Under the traffic light system if I have 3 green light email with Citibank, I may get a 1 green light email that is spoofing them. Citibank could request as part of the initial software set up that my software set up a "phish trap" in which any downgraded (3 green light to 1 green) Citibank email (ie: no password or encryption) is immediately forwarded to phishtrap@citibank.com. Thus, as soon as anyone tries to phish Citibank,  Citibank immediately and automatically knows about it.

There can be legitimate downgrades. Somone's sofware might break, yet he remembers your email address. Here you can select a reset option to re-upgrade the sender to 3 green.

More and more online storage is being made available. Goggle for example is planning to offer 1 gig for free. An email client should have the ability to automatically back itself up to one of these storage email accounts. . Back up files would of course be encrypted with a personal password.

There is much more that can be done to get email into the 21st century, but this simple traffic light security system will go a long way to fighting spam and creating more secure email. Again all of the traffic light OPTIONS would be OPTIONS, part of a toolbox that could be used to create as simple or sophisticated email client as one liked.

All feedback is welcome. email me at jimober@yahoo.com Please put "traffic light" in the subject line as a password. Thanks

Jim Ober

  And now the paymail FAQ  

Q: Shouldn't email be free. Why would anyone pay for it?

If everyone was honest it would be free, but spammers aren't honest. THEY want to own your email box and as long as email is free TO THEM they do own your email inbox,  filling it with more spam than anyone can ever hope to read. The only way to reduce that volume is to increase the cost to the spammer. But since we can't know in advance who is spamming and who isn't, that means increasing the cost to everyone. What you want is a small cost so as not to inconvenience legitimate emailers but large enough, so that it becomes prohibitive to volume emailers sending millions of spams a day.

The cost doesn't have to be monetary. Just making sure some human has to act to get the email  to me is a huge increase in cost for the spammer. But paymail is the ultimate tool, making spam incredibly expensive compared to what it costs now.

As spam proliferates so do spam filters which inevitably catch some good mail a recipient might want to see. Pay mail is an option that allows a sender to get past the spam filter, but an option that assures the recipient that the sender is willing to put some cash on the line to tell his story. 

Q: Won't pay mail make email too expensive to use?

Remember that paymail is there for INITIAL CONTACT ONLY for people who have no other expedient way to contact you. After that initial contact, if further dialog is in order it will be done under the green light system,. If it's not worth a quarter to me to meet you, do you really want to meet me?

Q: But can't you charge say 10 dollars for an email message?

Yes and you can refuse to pay. How much do I want to hear from strangers? How much do they want to pay to speak to me? It's my mailbox and I make the call as to what it costs to get in my front door. I can set a very low cost perhaps as low as 2-3 cents or a high one.  

Q: Why does the money go to charity?

I am totally convinced that the micro accounting details (to actually send the postage to the recipient with a refund capability, which is the typical paymail proposal) are easy and getting easier. Everything having to do with computers is getting faster, cheaper and better. But the so called experts, stuck in the last millennium, scream NO! NO! NO! So we can fight experts, who really run everything, or move on.

Charitable contributions are probably the least offensive way to use the money with simple accounting. AOL (or whoever) collects the money and sends it to a charity you pick from a list of perhaps the top 100 charities. The collection is a piece of cake. Back in the early 90s ISPs charged for email by the character with no problems. Errors can be made but nobody is micro managing this on an individual transaction basis. AOL Customer service doesn't get bogged down in phone calls arguing about who got what out of the 25 cents. Most legitimate emailers are not spending any new money as they already contribute to the charity and can adjust their monthly charitable contribution accordingly or just give a little more.

Q: What keeps someone from getting my AOL id and password and doing $50,000 worth of spam on my credit card?

A: By default postage is very limited. perhaps $2.50 a day and $10 a month. How many unsolicited emails do you send to people you don't know over the internet? If you want a higher limit you can get it but it comes with a greater risk. For special events (you need to contact the whole high school class about the reunion, etc.) you make a 1 time buy of $200 or whatever number you need.

Additionally, by default, a manual sign in is needed for every email (with a challenge like a jumbled letter password graphic). That way a spam zombie can't take over your machine and run up a bill at the speed of light.

Q: How do I know that anyone really paid the money indicated

A: All paymail transactions are completed with 4 return receipts: one to your ISP\paymail processor, another to the senders ISP\paymail processor, and a third the sender, to validate the emails receipt. A forth copy is sent to the independent paymail auditor who keeps everybody honest. The receipts are all done automatically by the software.

Q: What is to keep someone from sending me a 10 meg spam email for 25 cents? 

A: Paymail is intended for initial contact, "letter of introduction" email only, and would be limited to perhaps 10k text only messages. If the recipient wanted to talk more he would green light you and then you 2 could exchange all the email you liked free of charge through normal email channels.

Spam would be illegal under paymail. Spammers would lose their ISP email  privileges if they spammed. Legitimate direct mail marketers would set up websites where people could, IF THEY WANTED TO, sign up for targeted email pertaining to a particular subject. For example, I could request information on new cars for sale in my area. The website would then collect and forward that information to me under a 3 green link that I have with the site. The site doesn't want to spam me because, if it does, it goes on my 4 red list. It has to keep me happy by paying very careful attention to my interests. It makes money by selling it's access to merchants who want to get their message to me.

This  FAQ is a work in progress. Please send any questions about  it to the address above. Thanks again for your interest.

Finally thanks to AAA Buttons - Free buttons !! for traffic light buttons on this page.