[comp.mail.misc] On-line Email Registry Service

tedk@ihuxv.ATT.COM (Kekatos) (04/14/88)

Here is Something of interest, (I found it in a magazine)
----------------------------------------------------------------- 
The National E-Mail Registry
and The National E-Mail White Pages On-line Directory

To Register:
Dial (203) 245-7720 or (800) 622-0505  with your modem 
(300-1200-2400 baud)
Every form of E-mail including CompuServe, The Sources and most 
of the others are listed under "commerial" services. 
UUCP/USENET/NETNEWS  addresses are listed under "non-commerial" services.
AT&T E-mail service is listed under "commerial" services.

There is no charge to register, $0.20 to search.
-----------------------------------------------------------------
I have NO connection with the above service. I am just posting
this as a general interest item. I found it in a magazine.

Ted G. Kekatos
backbone!ihnp4!ihuxv!tedk                     (312) 979-0804
AT&T Bell Laboratories, Indian Hill South, IX-1F-460
Naperville & Wheaton Roads - Naperville, Illinois. 60566 USA

bzs@bu-cs.BU.EDU (Barry Shein) (04/14/88)

>To Register:
>Dial (203) 245-7720 or (800) 622-0505  with your modem 
>(300-1200-2400 baud)
>Every form of E-mail including CompuServe, The Sources and most 
>of the others are listed under "commerial" services. 
>UUCP/USENET/NETNEWS  addresses are listed under "non-commerial" services.
>AT&T E-mail service is listed under "commerial" services.

I assume this is some attempt at building an on-line white pages
of e-mail addresses.

If anyone knows anything about this I would be curious how they
prevent trivial fraud, such as my listing myself as Ronald Reagan and
setting up an account rr@bu-cs.bu.edu (ok, that would be a little
blatant, but you get the idea.)

If someone could solve this problem I'd probably set up a white
pages server for free here.

	-Barry Shein, Boston University

tedk@ihuxv.ATT.COM (Kekatos) (04/16/88)

In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes:
>>To Register:
>>Dial (203) 245-7720 or (800) 622-0505  with your modem 
  { text deleted }
>prevent trivial fraud, such as my listing myself as Ronald Reagan and
>setting up an account rr@bu-cs.bu.edu (ok, that would be a little
>blatant, but you get the idea.)
>

How does anyone know that your name really isn't Ronald Reagan?
There are hundreds of them in the US. If you listed your occupation 
as "President, United States of America",
Then I would wonder if it was reallt you..

((( I have nothing to do with the above mentioned service. )))



Ted G. Kekatos
backbone!ihnp4!ihuxv!tedk                     (312) 979-0804
AT&T Bell Laboratories, Indian Hill South, IX-1F-460
Naperville & Wheaton Roads - Naperville, Illinois. 60566 USA

sl@van-bc.UUCP (pri=-10 Stuart Lynne) (04/16/88)

In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes:
>
>>To Register:
>>Dial (203) 245-7720 or (800) 622-0505  with your modem 
>>(300-1200-2400 baud)
>>Every form of E-mail including CompuServe, The Sources and most 
>>of the others are listed under "commerial" services. 
>>UUCP/USENET/NETNEWS  addresses are listed under "non-commerial" services.
>>AT&T E-mail service is listed under "commerial" services.
>
>I assume this is some attempt at building an on-line white pages
>of e-mail addresses.
>

I've toyed with a idea along these lines about a year ago, but didn't have
time to implement it. 

Simply capture the Reply-to: or From: header lines, and possibly the
signature lines from each usenet article as it flows by. Stuff it away in a
database indexed by name, mail id, domain address, and host name. 

If you want to have some idea of what that person is interested in simply
keep track of the newsgroups he posts in. 

Something along these lines would be trivial to implement. The unfortunate
part is that it would also consume a horrendous amount of disk space which I
didn't have at the time. But I still think it's an interesting idea. 

-- 
{ihnp4!alberta!ubc-vision,uunet}!van-bc!Stuart.Lynne Vancouver,BC,604-937-7532

tr@wind.bellcore.com (tom reingold) (04/17/88)

In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes:
$ [What would]
$ prevent trivial fraud, such as my listing myself as Ronald Reagan and
$ setting up an account rr@bu-cs.bu.edu (ok, that would be a little
$ blatant, but you get the idea.)
$ 

In article <2584@ihuxv.ATT.COM> tedk@ihuxv.UUCP (55624-Kekatos,T.G.) writes:
$ How does anyone know that your name really isn't Ronald Reagan?
$ There are hundreds of them in the US. If you listed your occupation 
$ as "President, United States of America",
$ Then I would wonder if it was reallt you..

Ted, Barry said "you get the idea" but you don't.  He used the most
blatant example of forgery but it's a good question.  Suppose I
say I'm you because I want to misdirect any mail someone wants to
send to you.  I can give your email address with a phony machine
or login name.  I could even spell the machine or login name really
closely to yours so it looks right.

Or I could attach someone else's name and my email address in an
entry.  If it is NOT Ronald Reagan, the registry people would not
notice.

And suppose I am one of those hundreds of Americans named Ronald
Reagan.  Are the Registry people going to take my registration
seriously?  I called the Registry, registered myself, and don't
remember giving my occupation.  And even if I gave it, I would not
expect it as a requirement for registration.

And suppose ...

The problem is that the registration method is totally electronic,
making verification impossible.  A signature and a photo ID held
by someone with a matching face are still good methods.  No one
has come up with an analogous method that uses solely electronic
media.  Can you think of one?

Here is a new question:  Isn't this a little vulnerable?  The
Government can now look me up since I'm such a sucker, already
signed up.  Is this a new resource to build the Big Brother
phenomenon?  Comments, Barry?

"Just say NO to empty, dogmatic slogans coined by Nancy Reagan!"
Tom Reingold
PAPERNET:                      |INTERNET:       tr@bellcore.bellcore.com
Bell Communications Research   |UUCP-NET:       bellcore!tr
445 South St room 2L350        |SOUNDNET:       (201) 829-4622 [work],
Morristown, NJ 07960-1910      |                (201) 287-2345 [home]

bzs@bu-cs.BU.EDU (Barry Shein) (04/18/88)

>Here is a new question:  Isn't this a little vulnerable?  The
>Government can now look me up since I'm such a sucker, already
>signed up.  Is this a new resource to build the Big Brother
>phenomenon?  Comments, Barry?

First, here's an idea to help verification that is far from perfect
(I'll describe it's worst problems) but is a lot better than nothing.

The original problem was someone changing your entry, say the e-mail
address, with malicious intent (eg. to receive your mail.)

One possibility is to always e-mail a summary of changes (or the entry
itself) whenever it is changed. If the mail address is changed you
send to the old and new address.

Problems remaining: This is, in OS parlance, known as detection
(you'll know someone has changed something) but is neither avoidance
nor prevention of the problem. For example, I could write a shell
script changing your address every 30 seconds and all you will have is
the knowledge that it is being done, there's still no mechanism to
stop me or make it difficult for me to do this (difficult could be you
only get to make 2 changes in a day/week whatever, or a cookie is
stored like a password you must present to change the entry, even that
has serious problems given the insecurity of the mail networks and the
just plain nuisance of people forgetting their cookies over time.)

This also does not address the problem of someone initially creating
an entry with malicious intent, before you get a chance to create one
for yourself they do. In fact, you may not have the slightest interest
in using the service so don't even know I have created an entry which
is telling people to send mail destined for you to me. Some of that is
outside, but it could be quite a tool in the hands of a specific
malicious prank.

As to the "big brother" aspect, I don't know, is the telephone white
pages a big brother problem? I think if anything I'd be more concerned
with businesses using it to create junk mail lists (if for no other
reason than you might at that point be interpreted, willingly or
otherwise, as using the network to compete with commercial junk mail
list compilers, something I know ARPA is very sensitive about, thou
shalt not use govt subsidies to compete with equivalent commercial
services.) Like I said, intention could be irrelevant if the harm
exists anyhow.

Anyhow, as to the mere ability to look you up, that's probably
unavoidable, I would imagine it would take but a few hours to write a
program to filter all USENET traffic and store the FROM: fields to
create one's own list. You can't have it both ways.

From: tr@wind.bellcore.com (tom reingold)

If you get my drift...

	-Barry Shein, Boston University