!
DRAFT  13-Apr-07

Is box67.com the right service for you?

Currently, Box67.com provides only the following services:
  • Authenticate the sender.  Are they who they claim to be?
  • Assess the reputation of the sender.  How much spam have they sent before?
  • Apply your options and thresholds for whitelisting, blacklisting, filtering, and subject-line tagging.
  • Filter and spam score messages from senders that don't meet your whitelist threshold.
  • Forward messages to your private email address with authentication headers and spam tags.
  • Promptly relay to the alert system any messages that you bounce as spam from reputable senders.
  • Send you daily summaries on blocked messages.

You still need a regular email account at your company or Internet Service Provider to handle your outgoing mail, store your incoming mail, provide access
via a web browser, and handle all other routine and familiar services related to email. You will also need an anti-virus program on your own computer, even
if your your ISP blocks email viruses.  Email is only one way viruses are spread.

Our forwarding service, and authentication technology in general, is still in the experimental stage, and we appreciate your patience with any problems that
may arise.  We also appreciate your feedback on how we may improve our service.  
Red *** means the feature is not yet available.

Using the Border Patrol
When you subscribe to box67.com, you give us a private address to which you would like your email forwarded.  When your mail arrives at that address,
you will see various
[tags] on the subject line:

Frank Oliver        10:36 AM 3/17/2006 +0000   12   [] Work needed on model email service
Steve Gatman        09:52 AM 2/21/2006 -0500    4   [*] Re: Dictionary attacks overwhelming log files
Bradley J. Cameray  04:48 PM 2/13/2006 -0700    4   [**] Pet Finders Fraud
Alexander           09:55 AM 2/23/2006 +0100    3   [spam] Any med for your girl to be happy!

The tags make it easy to sort and filter using your email program.  I usually send the [spam] to a separate folder, without even looking at it, but keep the [*]
ham, and [**] unsure messages in my inbox.  Empty brackets [ ] mean the message did not go through the spam filter.  These are authenticated senders
that have a reputation better than my threshold, currently B-rated and above (less than one in ten spams) and senders on my personal whitelist
***.  See
this
chart for current statistics on the top senders.

Tags are also used on the Display Name
***.  The [!] tag is added whenever the domain name in the From: address differs from the sender's ID.  You
may see something like this line in your inbox message list:

[!] American Red Cross 12:55 PM 3/13/2006 -0600   10   [*] Katrina Relief Fund

Although there is no domain name in this display, there is one in the From: header line, and it differs from the sender's ID.

From: [!] American Red Cross <Redcross-email@usa.redcross.org>

The tag on the Display Name does not necessarily mean it is a forgery, just that you should check the rest of the headers to see the actual sender of the
message. The X-Authent header will show you the sender's IP Address, the sender's ID, the authentication method used, the result of that authentication,
and the ratings on this ID (C = unknown).

X-Authent: 192.168.34.75 trustme.net QR1 PASS ratings=(3,9,C)

The X-SpamScore header will show you the spam score our filter assigned to the message, and a graphical scale you can use for sorting the mail.  
Messages with a spam score of 50 or greater will have the pattern
*-*-*-| you can put into a sorting rule.

X-SpamScore: *-*-*-|-*-*-*  98.0

There are a number of options you can set, including spam filtering thresholds and tagging options.  If you just want the simplest setup, you can go
straight to our
signup page.  Our default settings should be adequate for your needs.  If you want a better understanding, and some control over how we
process your mail, read
Border Patrol MTA.
Setups for Popular Email Programs
Setting your public address, using tags for sorting your mail, diverting spam to a different folder, reporting spam.
          
Generic Instructions
          Outlook Express      Eudora     Evolution      Thunderbird    Netscape Communicator         *** Instructions need more work.
Frequently Asked Questions
Q1:  What is the spam score, and how is it related to the probability that a message is spam?
A1:  Messages that go through our spam filter will get a "spam score", which is a number between 0 and 100.  The higher the number, the more likely it is
spam.  A score of 0 is zero probability (according to the filter).  A score of 100 is 100% probability, and a score of 50 is 50% probability.  So why don't we
just call it probability and be done?  The problem is that if you look at "raw scores" coming out of a spam filter, you see a very uneven distribution, with
most of the messages being near either end of the scale.  Most users don't care about raw scores, or even probabilities.  They just want to see a certain
fraction, say the "best 10%" of the spam in their "unsure" category.  So we have "stretched" the scale to make it easier to use and independent of
whatever filter we are using.  If you want to tag the best 10% of the spam as "unsure", set your ham/spam thresholds to 50/55.  Note: This scale stretching
is based on the spam score distributions for all users.  Your individual distribution may be different, so  this is only a rough guide.  Use the wide default
margins to start, and adjust them as you get more confidence in the filter.

Q2:  Why do you clutter our subject lines with spam-score tags?  Your authentication headers have all the info we need.
A2:  Some email programs, like Outlook Express, are not able to interpret our header lines.  Users of more sophisticated programs are more likely to adjust
the options to their liking, so we made subject tagging an "opt-out" option.  Go to the options-setting page (under Login)
***, and you will see how to turn
this OFF.  Hey, at least we don't obliterate the whole subject line with tags like ***[Possible UCE]***   I actually prefer to leave the tags ON, and keep the [*]
and [**] messages in my inbox, sending only the [spam] to my spam bucket.

Q3:  I'm mad as hell about spam, and all this sorting and tagging isn't much better than what I had before.  Why can't you just block all the spamming
domains right now?  We all know they could stop outgoing spam if they wanted to.
A3:  There have been many attempts, all failed, to whitelist all the good guys, and blacklist the bad.  The key difference in our approach is that we are
turning up the pressure slowly, and avoiding any hurdles, like making senders pay a big fee, or expecting them to adopt a particular method.  We provide
the tools. You and a million other recipients apply the pressure.  We follow your policy on which senders will bypass the filter, and what fraction of the
remaining mail will be rejected. Set your thresholds high, and senders will hear from their own customers.  Soon they will discover that stopping spammers  
forging their name wasn't so hard after all.  Be patient.  We haven't yet reached the "tipping point" when all legitimate senders will feel the need to
authenticate their outgoing mail.

Q4: This authentication stuff is working great, but still some of my mail is going through the spam filter.  How long will it be before the spam is gone?
A4:  It is unrealistic to think that spam will go away completely.  I prefer to think of having a "clear channel" and "everything else".  A better way to phrase
the question is - How long before we can ignore the "everything else?  That depends on your needs, of course, but I'm guessing that within a year almost
everyone wanting to send me an email will know that they have to use a reputable s
ender.  For me, that is B-rated, or better.  I need to receive emails from
strangers, and I can tolerate 10% spam in my inbox.
Small domains seem to be having no problem offering authentication, and joining the "clear channel".  Some of the larger domains are dragging their feet,
for various reasons, including a belief that what we are doing is somehow contrary to their "business model".  This is a situation much like the early days of
email, when the large ISPs would not exchange emails with each other.  Eventually, the community of little guys was bigger than any one big guy, and the
big guys had to give up on their ambitions to dominate the email market.

To Do:
- Add more pages and links.
- Better graphics
- Professional finish
- Move FAQ to separate page.
- Implement missing features
***


Welcome to Box67.com
Our goal is to provide an email forwarding service that is reliable, convenient, and secure - a place
where you can have a permanent and publicly available email address.  We also seek to make this
service as simple as possible, both for the sophisticated user who wants to control everything, and
for the ordinary user who just needs sensible default settings.
How It Works

Our setup is based on the Border Patrol {TM} from Open-mail.org.  When mail comes in, we verify the sender's Identity using one or another of the new
"authentication methods", and we assess the sender's reputation by a query to the
Registry of Public Email Senders.  Mail from reputable senders is
"whitelisted" and forwarded directly to your inbox.  The remaining mail goes through our spam filter, and is assigned a "spam score" based on a statistical
analysis of the headers and content.

Whitelisting avoids the false rejects, but will allow some spam, depending on a threshold you set.  The default setting is less than one spam for every 10
legitimate messages.  Most legitimate senders are much better than that.

Statistical filtering is good at processing large volumes of spam, but does risk losing some legitimate messages.  The default settings are to mark as "ham"
anything with less than 50% probability of being spam, and mark the rest as "spam" or "unsure", depending on what thresholds you set on "spam score".  
The default is to keep the best 10% of the spam in the "unsure" category.  As you gain more confidence in the accuracy of the spam filter, you may want to
tighten the limits on the "unsure" category.