Peter N. M. Hansteen asks the question, "Does Your Email Provider Know What A "Joejob" Is?" in his blog and provides some data and discussion. He provides anecdotal evidence which seems to indicate that Google and possibly other mail service providers are either quite ignorant of history when it comes to email and spam, or are applying unsavory tactics to capture market dominance.
[Ed Note: I had to look up "joe job" to find out what it is. According to wikipedia:
A joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also e-mail spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages.
]
(Score: 1, Insightful) by Anonymous Coward on Monday April 25 2016, @01:50AM
(Score: -1, Troll) by Anonymous Coward on Monday April 25 2016, @02:06AM
If your recipients actually use an email client that understands GPG,
... and you fail.
If you can expect your recipients to use special tools to read your email, then you can negotiate to use something other than email instead. Email is the absolute worst form of communication and you should not be using it for anything ever unless you literally have no other option.
Stop trying to fix email, you moron. Email is broken. Stop using email.
(Score: 1, Informative) by Anonymous Coward on Monday April 25 2016, @02:13AM
Except that every client on the planet, short of webmail, does S/MIME, which is GPG for grownups (the DOD uses it). Your smartphone can do S/MIME. kMail and Thunderbird did S/MIME since forever. Outlook, Apple Mail, hell even Alpine and Mutt do S/MIME. Nothing special about it, nothing needed beyond what you have, unless you're reading your mail on a webmail client, in which case your privacy was fucked from the start. Except for webmail, i.e. the power of Google's Gmail, there's absolutely no excuse for all mail not already being end-to-end clientside encrypted: the tech is already in place. Google is what's standing in the way.
(Score: 3, Interesting) by TheRaven on Monday April 25 2016, @08:35AM
The problem with S/MIME is similar to that of GPG. If you're using it for signing, it's trivial to strip the signature and then modify the message. How many users will notice that the signature is not there? Most mail clients have a UI that prominently displays when a signature is present (though I notice Apple Mail has made that less visible in recent versions), but when it's not present they display nothing. Unless you train users to actively look for the signature, it doesn't help. Ideally, mail clients should recognise senders and warn when you get messages from someone who normally signs mail but hasn't this time.
If you're using it for encryption, then you are back to the key distribution problem. You need to get the recipient's public key to be able to encrypt the message and that then ensures that no one other than the recipient can read it (so no mailing lists, for example - though it would be nice if the list software could have its own key pair for the list, decrypt and then encrypt with each list member's public key).
sudo mod me up
(Score: 0) by Anonymous Coward on Monday April 25 2016, @06:41PM
S/MIME already works with mailing lists. See https://www.sympa.org/manual/x509 [sympa.org].
(Score: 1, Insightful) by Anonymous Coward on Monday April 25 2016, @02:32AM
Email is the absolute worst form of communication and you should not be using it for anything ever unless you literally have no other option.
Indeed. Just wanted to second this. Just like HTML / CSS / JS, it all needs to be refactored. Everycoder knows refactoring is a necessity to stave off codebase entropy after a while, and yet many morons throw their arms up in hopeless stupor and proclaim it's impossible to do with email, or other web technologies. Yes, yes, "migration resistant", blah blah blah. Telegraphs were migration resistant too...
(Score: 2) by butthurt on Monday April 25 2016, @02:12AM
A joe-jobber is free to send messages to anyone, not only the highly computer-literate correspondents you've cultivated.
(Score: -1, Troll) by Anonymous Coward on Monday April 25 2016, @02:22AM
Elitist fools still think they can fix email. Everyone else uses Facebook instead.
(Score: 0) by Anonymous Coward on Monday April 25 2016, @03:55AM
(Score: 0) by Anonymous Coward on Monday April 25 2016, @04:00AM
(Score: 0) by Anonymous Coward on Monday April 25 2016, @02:54AM
Wow.
I never expected to hear hotmail [office.com], gmail, [threatpost.com] yahoo mail [yahoo.com] and aol [aol.com] users referred to as "highly computer-literate," least of all here on soylent.
This place is really slipping. Eternal september!
(Score: 2) by butthurt on Monday April 25 2016, @04:13AM
While I'm certain that some users of all those services are also users of PGP/GPG, I'm not aware of anything those services do to facilitate or encourage the use of PGP or GPG. None of the pages you've linked contain the terms "PGP" nor "GPG." I don't think I'm mistaken in assuming that the users of that software are, globally, a small minority of the people who use e-mail.
The grandparent post asserted:
I thought it obvious that my response alluded to that bit. Sorry for the misunderstanding.
(Score: 0) by Anonymous Coward on Monday April 25 2016, @05:25AM
Even if you were not being disingenuous about PGP, the fact remains that a joe-jobber is NOT free to send messages to any of those email services because his messages will be tagged as spam or even routed straight to /dev/null before any PGP signatures are even parsed.
(Score: 2) by butthurt on Monday April 25 2016, @08:02AM
LOL, in what way might I be "disingenuous about PGP," pray tell?
"Attempt to send," then, if you prefer. A spammer can attempt to send messages to any e-mail address in the world, as well as nonexistent ones. Spammers exchange lists comprising millions of addresses. There are plenty of mail servers in the world that, when they identify a message as spam or malware, or as having an invalid recipient, will send a DSN (often including the original message) to the address on its "To:" line. Get joe-jobbed, and your mailbox will be deluged with crap. You got all your correspondents to use Google Mail, Yahoo Mail, Hotmail and AOL? Great, and do those services keep you from seeing DSNs from other e-mail providers?
(Score: 0) by Anonymous Coward on Monday April 25 2016, @11:45AM
> LOL, in what way might I be "disingenuous about PGP," pray tell?
>
> "Attempt to send," then, if you prefer. A spammer can attempt to send messages to any e-mail address in the world,
Same way you are being disingenuous now. What an utterly meaningless, goal-post moving restatement.
But whatever it takes to make you feel like you weren't just being a snarky idiot, right?
Did you know how apropos your username was when you picked it?
(Score: 2) by butthurt on Monday April 25 2016, @03:43PM
Not at all. I was simply offering a clarification. You prefer to misunderstand, fine.
(Score: -1, Redundant) by Anonymous Coward on Monday April 25 2016, @03:58AM