dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2003-12-12 15:02:41: Yahoo this week announced they're working on an open-source software that uses public key cryptography to digitally sign e-mail and verify its origins. ..

page: 1 · 2 · next

NoFatChicks
No, I'M The Exon And You're The Intron

join:2002-06-15
Blountsville, AL

2 edits

First!

Just like with other schemes to stop malicious/fake emails, two things will happen 1. You will block valid emails and 2. The hackers will get around it.



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

STARTTLS anyone?

Isn't this exactly what STARTTLS is for, re: certificate-based authentication using standard OpenSSL certificates and CAs? It sure isn't DNS-based (and I'm thankful for that; using DNS for this isn't a good idea, IMHO) either...

About 7-8 months ago, I posted something about STARTTLS in reference to a spam-oriented news post here on the forums. Some company was yapping and blabbing about a certificate-based method and calling it "revolutionary technology." STARTTLS had been around for a good 11-12 months prior to that.

Anyways, I congratulate Yahoo! in trying to do something about spam, but I must side with the bloggers -- so what? This isn't going to accomplish anything other than provide Yahoo! a way to make money off of something Verisign-style (re: signed CA/certs). It sounds to me like Yahoo! is slowly going down the same road as all the rest-of the "dot-com" ventures -- questionable motives. Sad too, since Yahoo! has been around since 1996 or so.

I think a much more effective method -- albeit not as immediately effective -- is something like this. Maybe it'll make adolescent DDoS-spammer kids change their minds and become real members of the working-class society. Get real jobs and contribute to the economy, you bastards...
--
Making life hard for others since 1977.


GameCube Boy

join:2003-12-12
10321

Bravo Yahoo!

When spammers themselves were asked what would stifle their work their answer was "authentication."

Bravo Yahoo!



Jim Gurd
Premium
join:2000-07-08
Plymouth, MI

said by GameCube Boy:
When spammers themselves were asked what would stifle their work their answer was "authentication."

Bravo Yahoo!

I agree. Authentication is the only way to make a real dent in the spam problem. If you eliminate address spoofing then you force spammers into the open and they are easier to stop. Any message which can't be properly authenticated would be black-holed.

The hardest part of this will be getting a critical mass of ISP's to implement the system.


desdog

@cox.net

It will take a company of yahoo's size....

to make this work correctly. Small companies dont have the push to intigrate an authintication system, yahoo has the best chance so far.



justin
..needs sleep
Australian
join:1999-05-28
kudos:15
reply to koitsu

Re: STARTTLS anyone?

with huge volumes of mail pouring into yahoo each from a different IP, and claiming to be from a certain server, don't you need the existing scaled DNS infrastructure to cope with efficient local lookups and propagation of changes?


GameCube Boy

join:2003-12-12
10321
reply to desdog

Re: It will take a company of yahoo's size....

said by desdog:
to make this work correctly. Small companies dont have the push to intigrate an authintication system, yahoo has the best chance so far.

I think the push should and will be from every legitimate business. It's not just where the email originates but who receives it. Say a mom and pop shop is a host, why wouldn't they want authentication from other ISP's in order to ensure that the emails their small customer base is receiving are authenticated.


desdog

@cox.net

Thats not my point, everyone should adopt this technology. I just was making a statement that for the technology to get off the cutting room floor, there needs a big backer to do so. If yahoo wants to attempt to initiate a new standard they actually have the ability to do so.

If I were trying to push a new technology I though should be a standard it wouldn't go anywhere.


Talis

join:2001-06-21
Houston, TX
reply to NoFatChicks

Re: First!

So your solution is to what - just quit trying? Whats your point?



morbo
Complete Your Transaction

join:2002-01-22
00000
Reviews:
·Charter
reply to desdog

Re: It will take a company of yahoo's size....

said by desdog:
If I were trying to push a new technology I though should be a standard it wouldn't go anywhere.

unless it was freaking amazing. then, people would realize it and big companies would pick it up. you would be our hero ferris bueler.


keyboard5684
Sam

join:2001-08-01
Pittsburgh, PA
reply to desdog

It does not take big guys to get things moving. Open source small time programmers can get wide adoption. Look at Qmail, TMDA, Apache, Bind, FreeBSD and all the others. People use the technology and it did not take Microsoft to do it (Or Yahoo). Some of the above did get some nice funding but some did not. Many true open source developers come up with some pretty nice stuff with little or no funding and no press.

If it is a good idea it will be adopted, just like many other things.


ArkiMage

join:2001-06-30
Kingsport, TN

Stopping SPAM

How will this cut down on SPAM?

Easy... When this comes about I'll probably install a newer version of SPAM Assassin which will add a ruleset for authenticated mail. Something like:

score DOMAIN_VALIDATED -5
score DOMAIN_NOT_VALIDATED 5

If the mail comes from a domain that has been cryptographically determined to be correct, the spam score will decrement by some amount. Same in reverse if it supposedly comes from @yahoo.com but is forged.



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to justin

Re: STARTTLS anyone?

Depends on how it's done. I was considering it TXT record per zone which contained a MD5 or Base64 version of a public key.

After thinking about it for awhile, I really don't see what this is going to do for people. I mean, we already have certificates available to sendmail and qmail via STARTTLS; why do we need one per zone?

It's possible I'm misunderstanding how Yahoo! wants to implement it, but of course the details are still kinda sketchy at this point.
--
Making life hard for others since 1977.


NoFatChicks
No, I'M The Exon And You're The Intron

join:2002-06-15
Blountsville, AL
reply to Talis

Re: First!

Adding complex schemes like this does nothing to get at the root of the problem. This is like putting locks on your door, but then not having laws or a police force (or not much of one) to stop the criminals outside. Guess what happens in a situation like I just described? That’s right, the criminals find a way to force themselves in.

The root of advertising spam, for the most part, is the desire to make money and thus the ONLY thing that will stop it is to make it INCREASE the risk and DECREASE the benefit of the activity. The purveyors MUST be pursued and prosecuted, the government MUST provide a framework for reporting spammers, the companies that use unsolicited emails MUST be fined, the ISP’s MUST go after those sending spam, and foreign countries (i.e. South Korea, China, ect…) MUST go after spammers in their regions.

Do you see my point? Until the root of the problem is seriously addressed (and not just some ‘show cases’ like in Virginia recently), then what is the point of adding extra locks?


SanJoseNerd
Premium
join:2002-07-24
San Jose, CA

Legal Responsibility

I think this might be a good step. Let me suggest one addition: when email originates from an authenticated server, then whoever runs that server should be legally responsible for it.

That means the person running that server must implement an effective opt-out mechanism, including the ability to opt-out of all email from that server, and adherence to any do-not-spam lists. If large amounts of unsolicited or fraudulent email comes from that server, then the person can be sued. If email from that server violates anti-spam laws, then that person can be fined and jailed.

And if the person is beyond the reach of the law -- say, in China or the Caribbean -- then the authentication should be revoked.


joesplifnik

join:2002-10-09
Raymore, MO

Making Spam Unprofitable

The real reason spam exists is that it appears to be a way for the spammer to make money. Apparently, it takes a miniscule response rate to make spamming profitable. The only real way to defeat it is to never, never, never buy anything being promoted via spam. I'm sure that the readers of this forum are intelligent enough to ignore spam pitches, but apparently there is a large enough segment of ignorant Internet users making spam purchases that the spamming strategy is profitable. Therefore, there has to be a goal of educating the Internet public to ignore this crap. Until spamming ceases to generate a return, the war will go on. We've got to spread the word to all web users to ignore all spam sales pitches. Easier said than done.



linicx
Caveat Emptor
Premium
join:2002-12-03
United State
Reviews:
·TracFone Wireless
·CenturyLink

Blessed Mail?

Personally I think the idea of spam coming from a blessed server is too funny for words. I'd rather see Yahoo try to put lipstick on that fat bloated hog they call Yahoo-SBC mail.

If we really wanted to stop spam we would flip the switch on the mail server; do things the old fashioned way. Snail mail isn't such an outdated mode, you know.
Of course we all know pigs will fly before we deprive granny of a baby picture or a spammer of a new score.
--
Be careful what you ask for - you just might get it.



nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

1 recommendation

reply to justin

Re: STARTTLS anyone?

said by justin:
with huge volumes of mail pouring into yahoo each from a different IP, and claiming to be from a certain server, don't you need the existing scaled DNS infrastructure to cope with efficient local lookups and propagation of changes?

It would probably be possible to use the same key-propagation mechanism used in "standard" DNS signed zones. Of course, the only thing I've ever done even remotely close to that is setting up signature keyed remote zone updates. And, even if I did bother the secure my zone, unless the holders of .com were o set up a trust relation ship with me, my zone would only be locally secure. Given who holds .Com, I'm guessing the only way that's going to happen is if I buy SSL certificates for my DNS servers from Verisign (which sorta smacks of conflict of interest?).

And that's the real problem with this whole scheme: SSL certificates don't come cheap and only come through a few, select places. So, to fully secure email or to fully secure DNS, etc., someone like Verisign (ECH!) would be in a good position to make an awful lot more money than they already do just for secured web sites.

Unless GPG-style keyring servers were used, it's going to suck for small mail/DNS operators. It overall seems to be a way to eliminate use of personal mail servers and DNS servers, thus guaranteeing that every aspect of the Internet would become commercialized.

Is it necessarily a bad thing to be forced to rely on professional DNS and email services? It kind of depends on how good of a job you think they are or would likely do. I run my own DNS and SMTP servers because I have yet to find a provider that meets my needs for speed, flexibility and freedom from hassles like SPAM. My fear is, given a Yahoo scenario, I'd have to pay somebody to relay my emails.

-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron"


nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
reply to GameCube Boy

Re: It will take a company of yahoo's size....

said by GameCube Boy:
said by desdog:
to make this work correctly. Small companies dont have the push to intigrate an authintication system, yahoo has the best chance so far.

I think the push should and will be from every legitimate business. It's not just where the email originates but who receives it. Say a mom and pop shop is a host, why wouldn't they want authentication from other ISP's in order to ensure that the emails their small customer base is receiving are authenticated.

Such a system would probably have to rely on third-party signed keys to work (otherwise, how do you know you can trust the "authenticated" emails?). Have you ever priced third-party signed keys for servers? They ain't cheap, for the most part (and you can expect that the ones that are will somehow end up not being sufficient to participate). They especially aren't cheap when you have to buy one per entity (this could be a zone, or hopefully just per zone server). This certainly sets up a couple groups to make a bucket-load of new money: the third-party trusted signers (e.g., Verisign) and companies that would provide such trusted DNS zones (because a significant number of current DNS zone owners are not going to be able to afford to run their own after implementation of this). The third-party signers will get their new money from all the new keys they'd be selling. The DNS services would get their money from: A) hosting the DNS zones of people who can't afford their own keys; and B) fees associated with any and all updates.

So, now you're small entity and you've become tired of your ISP (because of price, service, etc.). You want to move to a new ISP. You have to contact your DNS provider (assuming it wasn't your old ISP) and send a list of updates. "Sure thing, that will be $X per A/CNAME/PTR" change. Whereas, right now, if the small entity is half-clued, they can run their own DNS servers. When they go to change ISPs, they just send a registry update for their DNS servers to the InterNIC database. Blammo: one IP or a million IPs, the externalized administrative workload and expenses are the same: essentially zero.

Personally, before I'd get on board with Yahoo's scheme, I'd be checking to see what their investments in current PKI and DNS infrastructures are. They could be looking to make a LOT of money with this "open" standard.

Remember, when companies start talking about "on-ramps" they are usually envisioning themselves sitting as toll-collector, somewhere on one of them.

-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron"


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to nixen

Re: STARTTLS anyone?

This is one of the most educational and thumbs-up-worthy posts I've seen on BBR in awhile (maybe I'm just not looking in the right places).

Incredibly useful, FO.

And likewise, I'm in the exact same boat you are. I too have the same qualms with coughing up large sums of money for SSL certs -- which would most definitely apply to Yahoo!'s new idea, albeit for a different technology -- and likewise have no desire to pay big bucks for CA-signed certs. I guess it depends on how much it costs.

Although nothing is going to stop a spammer from paying for a CA-signed cert. Even if it was US$1000, they'd pay it to continue to spam. You know how it goes... so really, what is Yahoo!s idea going to truly get us?
--
Making life hard for others since 1977.



rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

auth and trust

STARTTLS is certainly a viable solution technically. The immediate problem with that is the cost of the current X.509 CAs. It's pretty good though. In this case, we've chosen to trust a handful of entities. Just look some time at the issuers of the CAs that come with your favorite TLS/SSL-enabled Web browser (I counted 19 distinct companies, might have made some mistakes, for Mozilla 1.5).

The idea of having keyservers (or even DNS) is good, but then the issue of trust arises (as in the web of trust idea). In this case, one is going to have a little bit more challenging time figuring out which key signatures one will trust because there are a lot more of them than just the VeriSigns, GeoTrusts, and Equifaxes (etc.) of the world. Just about anyone can buy a domain name registration and insert a DNS key record into their zone, but does that mean I want to receive mail from you? It's more than just authentication in this case. I may never want to receive email from optinoffers.com for example, because it is spam.

There are a number of peripheral issues I'm not sure have been thought of.

First, I think the whole thing is a mess, and we're trying to adapt a system and protocol that was specified when one could "trust' (to some extent anyway) that when a computer HELOed as monet.cs.berkeley.edu that it really WAS monet. We trusted that if an MTA said a piece was from linus.torvalds@transmeta.com that it really was. Trying to adapt an existing protocol for security and authenticity is troublesome at best, and sometimes the only true solution is a total rewrite/respecification.

Second, until any scheme is universally adopted, there will always be the possibility of either wanting or needing messages from the older system. The day that one says one will not accept delivery of an email if it's not authenticated will be the day one loses email one wished to receive. And for businesses this can also mean the day they start losing customers/clients. And paradoxically, reimplementing email this way is not atomic; there will have to be a transition period (it's a regular catch-22). But once a protocol becomes entrenched, it's exceedingly difficult to move forward. Look for example at IPv6. It's taking "FOREVER" to get deployed.

Third, what about third party servers? There are quite a number of companies that don't want to blur their company focus by establishing IT or Internet departments, and they outsource this task. So for example Verizon doesn't handle email; they hire Brightmail to do it for them (maybe a poor example, but it illustrates the point). When Verizon has a customer announcement, the From: will be something like custcare@verizon.net, but the cert the MTA will present may be for outgoing.brightmail.com or similar. Will some tweaks to existing software be able to handle having and presenting the correct cert based upon the message's origin or originator? For example, I've recently configured my Sendmail to authenticate when relaying outgoing mail through Verizon, but that's based on the recipient mail server, not the origin. Also, what's the liability of a company that doesn't present a correct cert when doing somehting like that?

Fourth, what do providers do when problems arise? Let's say a provider allows a customer onto their systems, and then unbeknownst to them the customer starts spamming. Even if within a day the spam stops flowing, the provider's reputation is damaged, and who knows for how long?
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here


russotto

join:2000-10-05
West Orange, NJ

Internet takeover

Spam? This is a takeover of the Internet email system by the usual suspects, using spam as the excuse.

Once AOL, MSN, and Yahoo get together and decide on a system, anyone who wants to send e-mail to AOL, MSN, or Yahoo users will have to play ball with them. Since it's not viable to have email which can't be used to send to those three, that means everyone will have to bow to their terms. No more mail services from small ISPs unless you kiss up to the big guys. No more running your own mail server.

As for spam -- oh, you'll continue to get it, all right. But it'll be "authorized marketing mail" from AOL, MSN, and Yahoo "partners". Which you will of course be able to opt out of -- until they reset your preferences again.



nickb
Still Waiting For My Flashcom Rebates

join:1999-07-10
Brooklyn, NY

Going off half-cocked

Too early to tell. I repeat too early to tell. Let them fill in the blanks and reveal more. Until then most of the debate above is just speculation. For the record, and based on the initial info supplied, I'm in favor of a system LIKE this one.
--
Nick Braak - Redbox Security



TreeHead

@66.98.x.x

power to the people, not the isp's...

;isn't there another solution that would put command over message legitimacy in the hands of the end user as opposed to the isp?

;with a carefully coded mail client and/or a new protocol subset (or entirely new "secure" e-mail protocol), couldn't one use pgp to encrypt, sign, and valid messages via the client?

;the original message would be encrypted and signed by the sender. the recipient could then poll the server for new mail, check the message (header or contents) for signatures on *their* keyring, downloading ONLY those messages that they have been validated and verified.

;the client could even display a list of non-validating messages and give the end user the ability to download and verify these senders' pgp keys (if, for example, the message is the first message from a mailing list or vendor).

;i'm sorry, but i have a really hard time giving it all up to the infrastructure.

;treehead



David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

said by TreeHead:
;isn't there another solution that would put command over message legitimacy in the hands of the end user as opposed to the isp?

;with a carefully coded mail client and/or a new protocol subset (or entirely new "secure" e-mail protocol), couldn't one use pgp to encrypt, sign, and valid messages via the client?

;the original message would be encrypted and signed by the sender. the recipient could then poll the server for new mail, check the message (header or contents) for signatures on *their* keyring, downloading ONLY those messages that they have been validated and verified.

;the client could even display a list of non-validating messages and give the end user the ability to download and verify these senders' pgp keys (if, for example, the message is the first message from a mailing list or vendor).

;i'm sorry, but i have a really hard time giving it all up to the infrastructure.

;treehead

Well, if you use yahoo or SBCyahoo right now one new feature that gives people some control over spam is disposable e-mail addresses.. With the Sbcyahoo accounts I get 10 e-mail addresses (currently using 2 of them) if I wanted I could create a disposable e-mail address for just purchasing stuff then once I am done purchasing with that company I just delete the disposeable e-mail address and away they go...

SPAM problem somewhat solved..
--
Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime - Lao Tzu


David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

said by David:
said by TreeHead:
;isn't there another solution that would put command over message legitimacy in the hands of the end user as opposed to the isp?

;with a carefully coded mail client and/or a new protocol subset (or entirely new "secure" e-mail protocol), couldn't one use pgp to encrypt, sign, and valid messages via the client?

;the original message would be encrypted and signed by the sender. the recipient could then poll the server for new mail, check the message (header or contents) for signatures on *their* keyring, downloading ONLY those messages that they have been validated and verified.

;the client could even display a list of non-validating messages and give the end user the ability to download and verify these senders' pgp keys (if, for example, the message is the first message from a mailing list or vendor).

;i'm sorry, but i have a really hard time giving it all up to the infrastructure.

;treehead

Well, if you use yahoo or SBCyahoo right now one new feature that gives people some control over spam is disposable e-mail addresses.. With the Sbcyahoo accounts I get 10 e-mail addresses (currently using 2 of them) if I wanted I could create a disposable e-mail address for just purchasing stuff then once I am done purchasing with that company I just delete the disposeable e-mail address and away they go...

SPAM problem somewhat solved..

Keep in mind this post was not an advertisement but just another way that might work in the fight against spam...
--
Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime - Lao Tzu


rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

oh my gosh...reporters as bad

I just reread the Reuters Domain Keys writeup. It shows that some tech reporters are about as knowledgeable as the legislators. Ben Berkowitz states that private keys will be sent. Ummm...duh, aren't private keys are supposed to be kept...ummmm....private? It must be just me...
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here



linicx
Caveat Emptor
Premium
join:2002-12-03
United State
Reviews:
·TracFone Wireless
·CenturyLink

On second thought...

Considering the gross girth of Yahoo software, and the fact it hijacks user machines, I do not trust any product with the Yahoo imprint on it.

Yes, I am very familiar with Yahoo-DSL bloatware; I foolishly installed it on a test machine. No, I do not trust Yahoo mail to deliver critical content, but it's probably safe enough to use to send jokes and baby pictures.

Any company that is not smart enough to produce an install routine that works every time is not going to beat Bill Gates at the email game until OE is unbound from IE .. and this ain't gonna happen, folks.
--
Be careful what you ask for - you just might get it.


jconnell

join:2002-06-04
Newark, DE
reply to NoFatChicks

Re: First!

Never going happen. So the problem needs to be approached a different way. What will work? No one knows. But you will never get foreign goverments to police their ISPs (which is where most spam comes from) in anything close to that fashion.


rjparker9
Premium
join:2003-08-04
Lutz, FL
reply to NoFatChicks

Fat chicks has a point. Some other good points also exist in this forum. And yes, as 1 user put this is the most informative news group to date ( you are not missing anything, why do you think its so hard to get people to post.. no one ever posts anything interesting.. so many BBs die). Anyway, one other person pointed out, doing things the old fashioned way, does prevent spammers. For one thing, you have to pay bulk mail rates (.15 cents or something) but it ads up. Spammers can make money because its free to send an email. A million or just 1, doesn't cost them a dime. So putting locks on the doors isn't merely a protection, but neighbor hood watch goes a long way As long as EVERYONE participates. That's the key. big businesses have to push this through, smaller companies do indeed have a say with open source.. but that's a community of people all trying to achieve the same goal. How hard would it be to bring Linux users to use a unix version of Outlook... Yeah, that would go over like a fart in church. So we all use email, but trying to get all the isps to agree on a central email..hahaha.. I can't stop laughing. 2 things need to happend to stop spammers, make it unprofitable.. not by boycotting their products (there are too many stupid people out there.. even people that know.. not to open certain links still do it.. because something looks "tempting". That's how spammers are continually successful.). Make them pay for email.. like long distance service.. you go over a certain number you pay per minute or per email in this case. And 2, many people won't understand this, but yes, we need to blockade ISP's worldwide that don't do something about spammers. ISP are afraid of telling their people to cease and desist.. or else, that's instant closure of accounts, but if the ISP's unify, with the backing of the people like this forum that are tired of spam, the extra 10 bucks or whatever a month to get a license to return our email back to normalcy, I am for it. i would be willing to give my ISP an extra 20 bucks a month myself.. for premium mail.. guranteed no spam.. not filtered, only unsolicited email. if people send a link in a page.. they would have to get prior approval from that user.. to send from that point forward. If the mail is returned to unsubscribe, the ISP is made aware of the cancellation, and if another email comes back, that Spammers is fined, or they are banned from sending emails.. to any other ISP supported email service for a week or a day. If I send an email at work, and its innappropriate, i get called into the office by my boss, and he spanks my pee pee. The next time we have this conversation, it will be on the way out the door for good. That's a controlled environment. Spammers need to be treated the same way. Sternly and swiftly. But we can only do it, if we get the help of the ISp's and people to stop encouraging these people. i like the advertisements to some degree.. but only when its not in my face. I am sure we all surf pages.. Those "popup" bulletin boards.. are annoying, but they are the sponsors for that page.. so i don't mind them.. until they start coming to my inbox at 50-100 a day.. now you are pissing me off. I didn't ask for it.. and i appreciate it if you would just stop. Snail mail is federal controlled.. its mail fraud to send things to someone they said to stop. Or you go to prison. Email.. should have some similar circumstance, but fine the spammer, and spread the proceeds among those affected.. spam would be zero in a week, if they had their money in an escrow account like pay pal.. and pay pay could freeze their assets upon a grievance, and divy up the profits among those people they violated. Anyway, all of you have some really great ideas, but I just believe this won't go anywhere, until ISP and People get together.. to stop this madness. I cringe to open my email.. at one point it was fun to open email.. jokes, cartoons, now.. I avoid it for weeks sometimes, because i am so sick of filtering over and over and over and over.. I want my fun back, and I know you do too.