MiCASA™ Email Service Ends Spam Forever

Posted By bellasys on Aug 30, 2018 | 0 comments


Blockchain is NOT a technology]

Controversy aside, the worst use-case for any technological component is because it looks good, or sounds good. While there is nothing wrong with finding useful and legitimate/legitimizing applications for hype and fanware, it rarely makes for good systems architecture.

The compelling use case for Blockchain here is the highly specialized system of Authentication (IPAL Technology) providing certitude that among all the possible machines sending and receiving mail on the network, those machines are absolutely, positively authenticated and therefore traceable in an otherwise private and secure double-blind virtual network. This is one critically placed point bridging Privacy, and Trust.

Without certitude about the origin of mail, there isn’t any means to enforce ethical conduct and community standards. This addresses the exact nature of the current problem today, and the chief difference between email open to the world and Email managed in a Network free of SPAM.

#4: Network Authentication Certifies Sending/Receiving Entity

Imagine for a moment that this was not a deal-breaker. in that case the issue simply becomes filtering out unwanted mail, and this is possible today thanks to many tools already created and utilized by all of the major Email service providers, including individual domain servers. In brief- after taking out the “bad guys”, handling Email preferences and Settings becomes nearly trivial.

The Solution and Systems Architecture proposed by MiCASA™ could be easily implemented as a commercial service; however, it is intentionally designed to not only promote transparency and ethical communications in its network, it enforces it. The only single private interest the system is responsible for is the Community itself, and collectively even the community isn’t a real entity, but rather, thanks to it’s decentralized nature, it is a virtual construct that can evolve based on the needs of the Community while still retaining it’s core values as an egalitarian construct.

It’s a terrible pun, but the joke is on everyone. American Congressional “CAN-SPAM” (wiki: CAN-SPAM) laws related to the practices permitted to ensure ethical communications via email are lacking enforcement. However, among the 4 types of unsolicited communications- Direct Mail, Telemarketing, Door to Door Solicitations and SPAM, it’s the classic post-office type of junk mail and bulk mail which has the most recourse in case of abuse. Most newer technologies, including SPAM Email, Auto-dialers for Telemarketers (including automated voice messages), and text based marketing campaigns, are more difficult to regulate because there are many hacks to beat the few privacy features that do exist. To make a long, sad story mercifully short- nothing can really be done because the mechanisms that would have to be in place to really do something about it are not now, nor will ever be a priority for the greater Internet. At best, businesses which do follow sane practices look like good guys compared to the rest, and at worst, the The same is true of Telemarketing regulation, Post-office junkmail

Anatomy of a Spammer

Clicking a link inside a Phishing Email is the Coup De Grace… but it’s not the only target.

We live in a tech landscape that is anything but straightforward, and here’s a great example: how is it that one of the most common attacks is the act of stealing your Email address? If “they” already have it, meaning you have already received an email at your address, why is opening it a problem if you don’t click any links inside?

Typical Spammers and Scammers need to keep their “reputation” high to work with the way most bulk email services are wired. Too many “bounced” emails sent to defunct Inboxes causes problems for their reputation, and reputation directly affects whether an email will land in the next Inbox.

While actually opening mail will validate your inbox, sending your email address to the spammer with a green light for further hacks. Hacks to identify opened mail without read receipts are now trivial. Many operators do not consider their lists valid until some confirmation exists, therefore, validating your Inbox by opening the mail means effectively that your email address is now “owned.” This is perhaps the most critical step in launching future and more in depth attacks

Inside a Spamhaus, circa 2000

“The closest I ever got to anything like grey-hat hacking was a great gig I turned down to scrape emails and build lists for sale. The average list contained 100K ~ 300K emails, over 98% of which were valid. The same techniques considered cutting edge hacks back in the day (the year 2000) to scrape emails and other personal information are now commonly employed with modifications to beat filters and security offered by most Webmail providers today…”

Because most people do not carefully report spam using tools in Google’s Gmail, for example, and because many legitimate and valid emails accidentally get marked as SPAM, these metrics are not adequately employed by bulk email servers, and even less reliable than other metrics – such as bounce rates and open rates. Verifying that there is a live person attached to any one of the millions of spam mails sent is vitally important.

Do not open questionable mail messages to find out, but should you open them as our testers do, you will notice many new mass emails with literally nothing written in them! They have a very compelling Headlines (subject line) that could sound like real news, or a offer for new shopping resources, but in reality it’s just a ploy to get those open rates up for some bulk mail account to try and earn reputation and ensure continued Inbox delivery.

With most criminal agencies the opposite is true- they don’t care about Reputation because they tend to hijack valid Email accounts relying on raw numbers to generate enough responses in a short period of time- typically under 2 weeks. After all, truly criminal organizations risk exposure the longer a campaign remains open.

Conversely, typical Spammers and Scammers rely on valid services and they are just waiting to get the signal that someone is listening on the end of their line. Therefore, hackers are employed to begin stealing personal data from the moment an email is opened, regardless of whether any links are clicked within, or other action is taken.

Because of the way most bulk email services are wired, typical spammers and scammers need to keep their “reputation” high by sending email to valid email boxes. There are also current “hacks” employed by bulk mail service providers that rely on the API’s of various Mail Providers to boost reputation simply for having mail marked as “read” without ever having been opened! This is perfectly legitimate usage in some contexts, but gives false reputation to many spammers and scammers.

This is the current model of Email Spam, and here are 2 case scenarios which reflect activity of 2 typical Email Inboxes- one everyday user, and one system administrator who manages multiple clients and maintains an email account with each domain.

The typical user receives 10 SPAM emails each day, or more. This does not seem like a horrible nuisance until one becomes socially active or begins shopping online. Each store wants your email address for the shopping cart. There is nothing devious about this- these are retailers who have earned your business and at least an opportunity to extend more offers to you- usually these companies play very nice if you “unsubscribe” from their list. Most typical users can “unsubscribe” even from Spammy mail because most spammers care enough about reputation to honor the unsubscribe request.

However, as more and more spammers turn to services who are not dependent on reputation themselves, there are increasing percentages of email (services) that you can never “unsubscribe” from, because once you show one retailer that your email address is valid, it becomes part of a for-sale pool that will make the rounds to all spammers in their service roster.

Have you ever signed up for a retailer and then suddenly had a huge increase in SPAM? Guess what? It’s probably not that retailer! It’s probably some mail you accidentally opened, or clicked on a link out of curiosity. Once you have done this you have validated your email and given the green light to pounce on your Inbox- and this may not happen right away. It’s strategic. Of course, there are tough tactics employed by retailers all the time.

MiCASA™ Public Trust

Submit a Comment