Not a Moment Too Soon Digiportal’s innovative challenge response ChoiceMail program means the end of spam
Not a Moment Too Soon Digiportal’s innovative challenge response ChoiceMail program means the end of spam
Hal Plotkin, Special to SF Gate
Tuesday, July 30, 2002
URL: sfgate.com/cgi-bin/article.cgi?file=/gate/archive/2002/07/30/choicem.DTL
For the first time in years, my e-mail inbox is totally and completely spam-free.
There are no more ads for penile-enlargement services and no more appeals from scammers claiming to be relatives of deposed Nigerian dictators who don’t know what to do with that extra $10 million they stole. Those barnyard-sex ads are also history, which is good because, although I love animals, one must set limits.
The credit for cleaning up my inbox goes to ChoiceMail, an innovative new anti-spam software program released earlier this month by DigiPortal Software Inc., a small start-up based in Parsippany, New Jersey. (Thanks also go to the Chronicle’s always-adept technology columnist, Henry Norr, whose July 15 column, published just four days after the new software was released, tipped me off to the product. Norr also noted that he wasn’t able to give it a full tryout because of the way his e-mail system is configured.)
I’ve had it working on my computer for 10 days now, and I am ready to testify.
ChoiceMail has quickly become one of my all-time favorite software programs. It’s one of those “Jeez, why didn’t I think of that?” ideas that is so flat-out brilliant it just blows away the competition.
Here’s how it works:
Like other competing products, ChoiceMail automatically puts the addresses in your e-mail address book on your “white list,” which means e-mails from those parties come through without interference. The program also adds the addresses on any outgoing e-mails to the white list as well, making the assumption that users probably want to hear back from anyone they write to. In another common feature, users can also manually add addresses to both their white and black lists.
But here is where the big difference comes in.
E-mail from anyone who is not already on either your white list or your black list is automatically sequestered in ChoiceMail’s directory on your hard disk before you ever see it. The software then sends all those would-be correspondents an e-mail that directs them to a Web site (through a link they can click on) where they are asked to fill out a short, easy-to-use and one-time-only form that takes about a minute to complete. The form asks who they are, what their e-mail address is and why they want to contact you. Would-be correspondents also have to copy a short security code into a blank field on the form, a feature designed to prevent automation of the response process.
“Spammers will be wasting their time if they try to automate the response process to get around ChoiceMail,” says DigiPortal consulting programmer Nebojsa Djogo.
They’ll be aiming at a constantly moving target, he says. Spammers will never know in advance, for example, what numbers or images have to be copied or where they are located, features ChoiceMail can easily change for each particular message with the push of a button.
“The idea works because we make it easy, quick and simple for real people to comply, but impossible for machines,” says Djogo.
Whenever forms are completed, they are immediately forwarded to ChoiceMail users in something similar to an instant message (or they can be stored for later review at your convenience), with options that allow users to accept or reject e-mail from that party. Accepted e-mail is put right through to the user’s e-mail client, with all other e-mail deleted from the hidden ChoiceMail directory after some reasonable waiting period that users can specify (four days usually seems about right, say the program’s creators).
The genius of the software is that last step. In the 10 days I’ve used ChoiceMail, the software has intercepted 937 spam messages. Predictably, not a single one of those spammers has replied to the e-mail requesting their identity, which means their messages were automatically deleted from my system after a few days. Meanwhile, about a dozen or so other correspondents, who for some reason or another were not in my e-mail address book when I installed the software but who I did want to hear from (such as reputable public-relations agencies, corporate tipsters, old friends and the like) had no problem taking a minute or so to fill out the form and zap it back to me for my review, a process that takes just a few seconds on my end.
In essence, ChoiceMail’s software turns your e-mail box into the equivalent of your front door. If strangers want to enter, they have to knock and identify themselves first. Anyone who won’t do that is automatically turned away without you being bothered. The company calls this approach “permission based” e-mail management.
For some obvious reasons, spammers typically don’t respond to e-mail asking their identity and purposes. They know it would be a waste of their time.
Some spammers don’t even include accurate e-mail addresses in the headers of the messages they send out so all those messages get deleted because no one responds to the request for more information. Other spammers do include an address that routes replies back to them, or at least to a site connected to them. But what do you think the chances are that, say, someone flogging penis-enhancement services would take the time to personally — and laboriously — fill out forms one by one that request their identity, knowing that few if any of the recipients of those forms would ever agree to receive e-mail from them?
Spammers can’t spam if they have to deal with us all one at a time. Treating us all as individuals violates the economics of their shifty craft, which in the past placed the burden on us to remove unwanted e-mail. Shift that burden to the spammers by forcing them to identify and explain themselves first, and they just crawl back under their rocks.
The sudden, welcome advent of ChoiceMail is very good news, in part, because spam has grown increasingly bothersome in recent months. Lots of spam now comes with HTML-embedded codes, for example, which force recipients to wait until often-offensive graphics fully load before the messages can be deleted. I don’t know about you, but that process has been eating up increasing amounts of my time lately. Something had to be done, and, thankfully, DigiPortal has done it.
ChoiceMail’s winning solution seems certain to encourage several other positive changes in the way e-mail is used, including the eventual abandonment of some of the current — and largely ineffective — techniques often suggested to cut down on the onslaught of spam. Well-meaning spam fighters, for example, often tell computer users not to put their real e-mail addresses in the headers of the e-mails they send out, or in postings to newsgroups, to prevent spammers from misusing those addresses.
That won’t be necessary in the future, because spam can now be stopped dead in its tracks before it ever hits the inbox. That means there’s less reason for people to come knocking on the doors of our e-mail programs with their identities masked. That seems perfectly fine to me, particularly if you consider that the practice of using fake e-mail addresses was originally designed to reduce spam, and ChoiceMail’s approach accomplishes that in a far more elegant and effective manner.
ChoiceMail’s software has some other pretty nifty features. Users can, for example, continue to receive e-mail from people who want to remain anonymous (which can be helpful, particularly for reporters). In that case, the senders just have to use the form they receive to explain why they want their message to be read.
Another useful, almost voyeuristic, feature lets users review the list of sequestered spam before it has been deleted so recipients can see who sent it and the domain from which it originated, as well as its subject line, if desired. The only real reason to look at that list is if users want to add someone to their white list before they have filled out their little form, say, if users are expecting an e-mail from someone whom they’ve never corresponded with before. But I must confess that I’ve looked over the list quite a few times now, in part because doing so provides a feeling similar to the glee one gets when you snatch a mosquito out of the air before it can bite you. It’s a wonderful, even blissful feeling to see all those unwanted messages stuck in their own little digital oblivion and awaiting their imminent demise.
Looking over that list also helped me uncover some patterns in the spam I was receiving, including the fact that roughly 20 percent of it was coming from a single source, a direct-marketing company based in Kansas City called Virtumundo Inc., all of whose e-mail is now automatically rejected by my system. (In what might be called a “you lost your chance forever” feature, ChoiceMail, like competing products, also allows users to designate specific e-mail domains that won’t even receive a chance to plead their case with you before they are rejected).
ChoiceMail’s powerful permission-based technology will make a new generation of e-mail-based e-commerce offerings possible. If users can easily stop unauthorized persons or companies from sending them e-mail, they can also just as easily grant that permission to others, perhaps in exchange for a fee or product discounts. Consumers gain the leverage of deciding who can send them e-mail — and at what price. Entire new industries could sprout up based around that welcome change in the architecture of online communications.
There are some other Web-based services with somewhat similar features, such as http://www.chooseyourmail.com/ and http://www.mailcircuit.com/, but in those cases, names are automatically added to users’ white lists when someone responds to an e-mail that requests their identity rather than waiting to be approved by the user. Spammers could conceivably get through by replying to those e-mails. ChoiceMail’s form-review step, by contrast, makes it much less likely spammers will ever bother to reply at all. What’s more, because the two other services are Web based, user e-mail is stored on their servers rather than in what many users feel is the more secure and private environment of their own computers.
The only bad news, which is expected to change over the coming months, is that ChoiceMail works easily only on Windows PCs that use either Microsoft’s Outlook Express or Qualcomm’s Eudora e-mail clients in conjunction with a POP (point-of-presence) e-mail account, which is typical of most ISPs, but not internal big-company computer networks. It also won’t work nearly as smoothly — at least not yet — for those who receive e– mail on more than one device (say, a desktop computer and a PDA). As often occurs with new software, Mac users are also shut out for now, but a Mac version is in the works.
The DigiPortal team say they will get the product working across a wider variety of computing platforms as soon as possible. But, in the meantime, if you are one of the hundreds of millions of Internet users with a garden-variety POP e-mail account and a Windows PC, then ChoiceMail is definitely a product you’ll want to investigate.
Thank goodness for those smart people in New Jersey (http://www.digiportal.com/). Now maybe we can get back to that e-commerce revolution we were hearing so much about.
You can download a trial copy of ChoiceMail here.
