Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
[marked-for-tagline]

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                             

tokens for email filtering

  (+3, -1)
(+3, -1)
  [vote for,
against]

I receive a lot of email on my personal email account, much of it being marketing junk, with a few things (personal emails from friends and family, confirmations of orders from online shopping, vouchers, notifications of some artist's work I admire coming up for auction etc.) that are important. Those emails with known sender addresses (like friends and family) can be auto-sorted by my email client software. This filtering based on address doesn't work for other types of important email, because multiple types of email (order confirmations, vouchers, marketing guff) might all be sent from the same email address.

I propose that this be solved by emails from these organisations having text tokens included in them to enable them to be sorted by the email client software. So an email containing the text "$order-confirmation$" might be filtered into a special folder where you keep all these, whereas one containing "$security-alert$" would be highlighted in red and left in your inbox.

This solution would work, but has a couple of flaws. First, spammers would just start using these codes to make their spam get your attention. Secondly, there's no real incentive for online shops, etc. to use these, or use them properly.

So, I propose a cunning variant of the idea. In this mechanism I, the recipient of these emails, supplies the codes to be used for filtering, which will be unique (if I make them random enough) to my user account. So, when I sign up for an account with, say, an online shop, I specify that order confirmation emails should contain within them somewhere the text "$hippo-order-conf-gh8-kE3- ZI8$", security alert emails should contain "$hippo-sec-alert-Nu6-mc2- kL7$", and so on. I then set up the filters in my email client software and everything is taken care of, with the personal email generators used by these businesses taking these codes from my account information and inserting them into standard emails. Spammers cannot exploit this because the codes are unique to me (and I might make them unique to the online business too - or I might reuse them between online businesses). The online business has some incentives to use this system: by getting you to supply your filtering codes they are also getting you to sign up for an account and gathering valuable marketing data from you as opposed to you merely having a 'guest account'. They also have no incentive to misuse these codes (i.e. by mislabelling some marketing fluff as an important security alert), as this will cause you to just stop using the filtering for this business.
hippo, Oct 07 2020

Digital signature https://en.wikipedi...i/Digital_signature
Authentication, integrity, non-repudiation [kdf, Oct 07 2020]

[link]






       Gmail has the + function which kind of allows for this - so if you've got a gmail address hippo88@gmail.com and are ordering from liquoriceyum.com, then you can sign up to them as hippo88+liquorice@gmail.com and use the content between + and @ to drive your filtering software.   

       I used to use something like this when signing up to likely spam sources, but ended up just not signing up to likely spam sources, so I'm not entirely sure how effective it is - but it is a thing.
zen_tom, Oct 07 2020
  

       Interesting - I didn't know about that, but I'm not sure that adds much because filtering by sender is already easy for email clients. So what I'm proposing is a finer-grained version of that, where emails can be filtered by category as well as by sender - i.e. in your example liquoriceyum.com might send order conformations and also marketing material to hippo88+liquorice@gmail.com which wouldn't really help me see what's important.
hippo, Oct 07 2020
  

       I think a lot of people have wanted variations on this idea for a long time.   

       It would be nice if you could supply places with single-use tokens. That way, if they spammed you it would be easy to just not give them any more. And if you made it clear at the start how long you expected them to last, they'd not have an incentive to sign you up to their random newsletter, because that would burn through their allocation.   

       I suggest avoiding dollar signs as part of the standard. Not only do they look unsightly, but many languages use a "$" prefix to indicate a variable, so there is more chance it would catch something out somewhere in the various systems it would need to pass through. If not by accident, then through malice.
Square brackets "[ ]" seem to be a de-facto standard for this sort of thing now, not just within the halfbakery.
  

       The tokens don't have to be unique, they just have to be unguessable. Including a leading account ID is probably a good idea, though.
Loris, Oct 07 2020
  

       It's a definite sign of the degree people have given up on the future that ideas such as this don't have more buns.
4and20, Oct 07 2020
  

       Digital signatures (link) - WKTE and answers how to generate codes unique to the both sender and recipientfor ensuring authenticity of messages/sender information.   

       I don’t follow the rest of hippo’s reasoning on how to get advertisers to use these though.
kdf, Oct 07 2020
  

       I know what digital signatures are and how they are used. This idea has almost nothing in common with digital signatures.
hippo, Oct 07 2020
  

       That’s true, your implementation is unlike current digital signature technology. But the concepts - unique keys shared between sender and recipient, for confirming a trust relationship - are fairly similar.   

       Suppose you get enough of your correspondents to buy into this scheme and others want to use it. How do they generate their tokens?
kdf, Oct 07 2020
  

       They can just make them up - the tokens just have to be reasonably unguessable. It's not a high-security application at all.
hippo, Oct 07 2020
  

       Hmmm... email filtering by sender and keywords already exists, as does identity verification by digital certificates. I'm not seeing - even in a half baked way - the value of telling your correspondents "I'm not going to read your order confirmation emails unless you also include this secret word I made up."   

       And even as I typed those words, it occurs to me even THAT *is* already baked in the real world - sort of. In online classified / for-sale / personals website advertisements. People often include instructions on words or phrases to include when replying, to filter out "real" responses from bots and spammers.
kdf, Oct 07 2020
  

       The EU GDPR regulations kind of regulate this from the business point of view, in that they are legally not permitted to send you emails unless you have explicitly consented to receive those emails. So if you buy a thingy, the thingy company can send you confirmations and sales receipts, but if they want to also send you marketing emails for thingy accessories and thingy add-ons, they have to get you to tick some kind of permission box consenting to this when you give them your emails address.
pocmloc, Oct 07 2020
  

       [pocmloc] Good point, GDPR mandates consent - so providing a token could be a more sophisticated form of the consent sign-up process.
hippo, Oct 07 2020
  

       //I don’t follow the rest of hippo’s reasoning on how to get advertisers to use these though.//   

       I think the gist is that there's a spectrum of advertisers.   

       spammers - wouldn't benefit from the system, and this is good.   

       socially responsible businesses you already have a relationship with - use the system, and benefit from being better able to communicate with you (by getting whitelisted)   

       random companies you have some interaction with - get to use the system on probation. If they start spamming you, or sell your address to the scammers, you can easily blacklist them.
Loris, Oct 07 2020
  

       [Loris] Indeed - there are modest incentives for everyone to use this system
hippo, Oct 08 2020
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle