Just sitting here with my broken leg in various stages of pain killer dementia (which I’m going to blame this idea on if it’s a stupid one) and thinking about spam. Why am I thinking about spam? I use a challenge/response system that has pretty much erradicated spam from my inbox but, like most solutions, nothing is 100% effective. The one area where I have an issue is with e-mails from organizations that I interact with but that also are mirrored by spammers.
Take ebay for example. I have an ebay account and use it from time to time. When I buy, sell or bid on something ebay sends me an e-mail keeping me informed as to the situation. That’s great. The problem is that, to allow these e-mails, I also have to create a rule that allows other fake ebay e-mails through. ebay, Amazon, PayPay, banks and others are all popular targets of phishing attempts (identify theft).
It occurs to me that if ebay, and any other e-mailing entity, allowed me to provide a simple key to include say, in the subject header, then I could easily get all the valid e-mails these entities need to send while blocking all the fakes. Suppose I told ebay, via the account settings, to append every subject with “nOsPaM4Me”. Every valid ebay e-mail would have that in the subject and my rules engine would see that and allow it through. No phishing attempts or spammers would know that key and thus their e-mails would never reach me.
Why wouldn’t an approach like this work? It seems ludicrous that organizations like PayPal have to adopt a policy of never e-mailing you. Same thing for banks and such.