logoalt Hacker News

thefoundertoday at 11:13 AM5 repliesview on HN

To have secure email I think html /css should be dropped from email support and the inbox should work on an invite only basis. Basically you should pre-authorize the senders just like you add someone as friend on a social network.

Replies

JimDabelltoday at 12:54 PM

> To have secure email I think html /css should be dropped from email support

I don’t think that helps at all. We already know how to consume that securely, we do it billions of times a day in web browsers.

> the inbox should work on an invite only basis. Basically you should pre-authorize the senders just like you add someone as friend on a social network.

Yes. A fundamental problem with email is that the only thing required to send email to somebody is knowledge of their email address, which as a recipient you cannot control. This is what enables spam and phishing. This needs to be changed so that in order to send email to somebody, you also need their consent. A “friend request” mechanism is one way of achieving this.

I think this is a problem that can be feasibly solved in a fairly reasonable way, and I sketched out a protocol for doing so a while back, which I described in more detail in this comment:

https://news.ycombinator.com/item?id=44969726

show 1 reply
noosphrtoday at 12:34 PM

Email supports text.

It's your client that's the problem.

I'm happy in my text only Emacs heaven.

I'm also happy with my custom 5 year old bert based spam detector which hasn't failed me once (unlike whatever gmail at work does).

This post was sent from Emacs.

show 3 replies
jen729wtoday at 11:29 AM

> Basically you should pre-authorize the senders

This is kinda what 'masked email' services like Fastmail's – of which I am a delighted customer – do.

Until you've known the comfort of creating an address; giving it to a service; deciding that you want to end your relationship with them; just deleting that address, without changing your mailbox or infrastructure or archives or anything else … it's kinda life changing. I recommend everyone try it.

Also, the chances of a phisher trying to get my BigBank details by sending mail to lonely.chicken6382@spuriously-named-and-unused-other-than-for-email-domain.com are … well, it seems unlikely.

I've never felt more secure. For real.

show 3 replies
datakantoday at 12:33 PM

Hey.com email does this minus the blocking of html/css. You basically thumps up or thump down a sender and they either go away forever or you happily trust what comes from them. It's been hit or miss on some stuff for me and I hate the way the website looks, but otherwise its a great way of whitelisting senders.

Angosturatoday at 11:28 AM

So... not e-mail then

show 3 replies