[overbroad]

While I understand your sentiment, I respectfully disagree that it does not matter if it's a smart idea. Because if it is not a smart idea then that means we can do better. One of the projects I'm working on solves the "closed ecosystem" problem. The use of the term "closed ecosystem" is ironic because it seems to me that the "open" nature of email receiving (not sending) is what leads to the spam problem. In other words, I do not see the problem as the fact that people can send mass quantities of junk email. I see the problem as the fact that daemons accept and deliver mail from anyone. (And then resort to blacklisting.) What if the system was "closed" by default and instead a sender would contact the receiving SMTP daemon directly (no internediary) and would first need either a means of authentication (i.e. he has been pre-approved) or a way to have his sending address revieved and then receive permission to send. Right now you can see someting like this within a domain. For example, one gmail user might be able to send to another gmail user, directly, as they are both able to authenticate. They both have accounts (private accounts, not some RBL, DKIM or other scheme managed by an interloper) and these accounts can be checked. But if one gmail user wants to send to some non-gmail address, the non-gmail recipient has no knowledge of the sender in the form of an account against which he can authenticate. There's no privity between sender and receiver. Instead third party schemes are used. Such as blocklists for sending.

Consider the idea of running a mailserver than only accepts mail from a predetermined set of sending addresses. What would be the chances of receiving junk mail?

[doesnt_know]

"Consider the idea of running a mailserver than only accepts mail from a predetermined set of sending addresses."

How is this functionally any different then blacklists? That's just a whitelist instead. So instead of new mail severs "quite likely" being on a blacklist, they are definitely not going to be on a whitelist.

And no, it doesn't matter if isn't a smart idea when you aren't in a position to change anything. Even if you have a perfect technical solution to the problem, you still have to convince every existing major provider to adopt a solution that isn't even a direct problem for them.

[overbroad]

If Alice and Bob agree to run their own SMTP daemons, closed to the public and not necessarily on port 25, and they each agree to put the other on their "whitelist", how is this functionally different from the current third party controlled system? Answer: 1. Immediate delivery, assuming Bob and Alice keep their machines online. 2. No spam. 3. No third parties exerting control over their mail. No idiosyncratic delivery policies.

I'm afraid there's no need to convince any provider of anything. At this point, Alice and Bob are sending and receiving email without the need for any third party "email provider".

Functionally blacklists and whitelists are the same. They both have the same goal. But they are not the same in their effect. Blacklisting an entire netblock to stop one bad IP address affects many IP addresses who do not need to be blocked. Whitelisting a single known IP address does not have that side effect. For Alice and Bob, handling their own messages may be a desired option. Of course, not everyone may follow Alice and Bob's example. But who cares? The population using email is enormous and diverse. The point is that if someone wants a better solution than what "email providers" offer, she can get it.

[doesnt_know]

Your proposed solution isn't really email though. What you are describing has already been solved by instant messaging/jabber/twitter/facebook PM etc. Some of the solutions that already exist need a third part provider, others don't.

The problem to solve is how do you have a fixed address where anyone can contact you, spam doesn't get though and you don't have to maintain personal black/white lists. This is what email currently provides. Granted, the spam part varies depending on the provider.

[overbroad]

Yes, you defined the problem in the opening sentence of your second paragraph. But I disagree that you should not have to maintain a whitelist. What are your email contacts i.e. what is your email address book? You already maintain a list of people you correspond with, whether you think of it that way or not. And when you want to correspond with someone new, you have to give them your email address. As it stands, there is no _reliable_ way for them to look it up. There is no worldwide directory of email addresses. In fact, what do we do? We try to hide lists of email addresses.

If everyone had a fixed address with a mail server running, "lookup" i.e. simple MX lookup, might be possible, e.g. if your IP address is 1.2.3.4, anyone could send mail to inquiries@[1.2.3.4] or something like that. But I'm not sure that alone really solves the problem.

Email still works without a worldwide directory. People exchange email addresses and they keep lists of them known as address books.

[DanBC]

White listing a single IP address is the functional equivalent of block listing the rest of the Internet?

You claim it's not a closed ecosystem, but it appears to be totally closed and locked off. The only way to get access to it is to be invited in.

> The point is that if someone wants a better solution than what "email providers" offer, she can get it.

Not if they want email.

[overbroad]

Where did I claim it's not a closed ecosystem?

It's starts closed and it is opened by invitation. Yep. That is exactly how it works.

If you cannot understand that approach, then that just means it's not how you think. It does not mean that the approach makes no sense or has zero utility.

Maybe a stupid analogy can be made if we pretend "Facebook" is the internet (of course it's not, but it does present a messaging system so play along for a moment). On the one hand you could make every Facebook user your "friend" and thus able them to send you messages, and then when people abused that privilege - and we know from experience some would - you could block them. On the other hand, you could only make a select number of people who you know and trust your "friends" and thus only give a select number of people the privilege to send you messages. Chances are, they won't try to sell you Viagra.

On the one hand there are times you may want to enable the entire network to be able to send you messages. On the other, there are times you may only want to allow a small subset to send you messages. Not sure about you, but I don't receive important email from all that many different people. People's social circles are only so big. There is a certain carrying capacity beyond which it becomes unmanageable.

[DanBC]

Your posts contain a baffling mix of incompatible ideas.

You argue against block listing, but then suggest blocking the entire Internet except the few people you want to send you email.

You say that only people who you have given your email address to should be able to send you email, and then you say there should be a lookup system to get email addresses. (But what's the point of the email directory system if you can't send email to someone because they haven't white listed you yet?)

> but I don't receive important email from all that many different people.

Eh, depending what you mean by "important" I do receive a lot of important email from lots of different people. My email addresses have been used on the public Internet for many years, and I've had a lot of communication to those email addresses, and those communications have brought me great joy. And I also have a variety of people who email me about work related stuff - I won't have prior knowledge of those people.

I think I'm missing something about your system. Please, is it something that you already have well planed out? (Even if not in a state that can be deployed yet) Or is this something that you've just started thinking about?

So long as you're not suggesting Challenge Response we can have a discussion about it.

[overbroad]

I never said there should be a lookup system. Where are you seeing that? I said there isn't one and people still manage to get by. The other commenter was suggesting looking up addresses was some sort of problem. I'm saying it's a non-issue. If not having a public name-to-email lookup was a show stopper, then we would not be having this discussion because email would not be popular. People get by just fine without lookup. They exchange addresses and store addresses on their own.

Discussion is great. But you have to read carefully to understand what's being said. (If I am not being clear, then I apologize.) But if your mind is closed then there's no point reading what I'm typing because I am not regurgitating the usual ideas on email.

Anwyay, discussion is irrelevent when juxtaposed against running code. I'm interested in stuff that works more than getting approval from people in online forums.

This is not some new thing. Anyone can use email this way now. We all have good connections and bandwidth. There is no need for store and forward. What has stood in the way of using email as direct communication is people who can only see email being used one way: daemons that accept commands from any connection, spoofed IP's and all, and email as a service run by someone else, not a small program on the client's machine. If it was impossible to authenticate connections based on any other means besides real-time challenge-response, or DNS run by someone else, then how would people manage to run ssh daemons without the same problems as email?