Dombox — The Zero Spam Mail System

The Problem

This is how current email systems deal with spam mails.

Problem with Mail Rejection

Rejecting spammer mails comes with a big complication. A system must be able to clearly identify the spammers. If you reject mails that are from Genuine Senders, then your system is completely flawed.

Mail Classifications

Conversational Mails

Conversational mails are all about you versus another human.

Transactional Mails

Transactional mails are all about you versus the website server.

Promotional Mails

Promotional mails are very different from transactional mails. When it comes to promotional mails, you are not the only recipient.

Create an Account

Let’s create an account in our mail system. Nothing fancy here. Let’s pretend that we get the following new email address once we complete the signup process.

Box Groups

The term “box” refers to any mailbox that has the capability of receiving emails.

Normal Mailboxes Aka. Mailboxes

This works exactly like other mail services. e.g. Gmail.

Isolated Mailboxes Aka. Domboxes

Dombox is the short form for “Domain-based Isolated Mailbox”

The Three Phases

We solve the spam problem in three phases. Isolation, Restriction and Injection

Phase 1: Isolation

In this phase, we are going to isolate the domains. In other words, each domain gonna have its own email address and inbox.

Activate Extension — Domboxes

Set Domkey

Domkey is the short form for “Dombox Global Keyword”. {Heads Up! Its “Dombox Global Keyword”. Not “Domain Global Keyword”}

New Dombox

Enter the domain to create a new Dombox

View Dombox

You need to use the Dombox Address “twitter.com@test123.domboxmail.com” in twitter.com while you create account or update account. Twitter dombox can accept mails only from twitter.com by default.

Sender Alias Domains

Direct Pass

When the Envelope Domain == Dombox Domain

Indirect Pass

When the Envelope Domain ≠ Dombox Domain

SAD Types

Box SAD — This is the SAD Record collected from user’s imported mails and new incoming mails [aggregated from all users].

Box Features

End result

This is the end result after completing the Isolation phase.

Phase 2: Restriction

In this phase, we have an option called “Restricted Mode”. This mode applicable only for the boxes found in the “Mailboxes” group.

Phase 3: Injection

Via “Isolation” you allow only certain “Websites” to mail you and via “Restriction” you allow only certain “Individuals” to mail you.

Caution:

You are about to enter a sensitive zone.

"Restricted Mode" is intended for the boxes that deals with only conversational mails. So offload all website related mails to the Domboxes before you enable this mode.

When the Restricted Mode is ON, we will send a challenge mail to the Sender if the sender is not found in your "Address Book".

Real users can respond to those challenges. e.g. CAPTCHA. But automated and bulk mailers cannot. So their mails **never** gonna reach your inbox when the box is Restricted.

Do you understand what you are signing up for?

(a) Yes, I know what I'm doing

(b) No, Get me out of here.
From: challenge@dombox.org

To: someuser@gmail.com

Sub: Mail Delivery Pending

Message:

The following recipients enabled Restricted Mode.

user1@domboxmail.com
user2@domboxmail.com
user10@domboxmail.com

And your contact not found in the recipient Address Book.

Please verify that you are human by filling the CAPTCHA in the following link to deliver the mail.

https://www.domboxmail.com/challenge/abcde/fghij

Our apologies for the inconvenience.

Challenge Form

Backscatter Attacks

Email can be easily forged.

Sender Policy Framework

SPF is one of the best mechanisms we have for email to detect email spoofing. We compare the “Incoming mail IP address i.e. Client IP” with the whitelisted IP addresses found in the “Envelope Domain” SPF record.

Hot Gates Strategy

Whatever we did so far, just to have the content you are gonna see from this point forward. So pay strict attention.

  • We classified the mails into three categories. Conversational Mails, Transactional Mails and Promotional Mails.
  • We offloaded Transactional Mails and Promotional Mails to Domboxes.
  • Users agree that they are gonna use the Mailboxes only for “Conversational Mails” when “Restricted Mode” is ON.

MX Records

MX Records can be classified into two categories. Self-Hosted and Third-Party Hosted

Self-Hosted

Third-Party Hosted

Strangers

We can classify the Strangers into two categories based on the MX Record check we performed in the last section.

Verified Strangers

Challenge/Response mechanism applicable only for verified strangers.

Unverified Strangers

Domain Reputation

In Email 1.0, stranger reputation is tied to the IP address. Emails can be easily forged. If a spam mail says it’s coming from “president@whitehouse.gov”, we can’t just block the whole whitehouse.gov domain. We can only block or rate limit the IP address.

Spam Filters

In our Injection Phase, we use Challenge/Response mechanisms like CAPTCHA. If you don’t want to annoy the sender, then you can stick with the typical Spam Filter.

Final Architecture

This is how Email 2.0 system architecture looks like.

White Paper

Whatever you have read so far is a heavily trimmed version of my 300 pages white paper and tries to offer only an overview of my system. My white paper solves many notable problems. Email Spam is one of them. So, There is more to it.

Get Notified

My product is still a work in progress. And, I don’t have the ETA for release. But if you are Interested, I’m happy to notify you for the BETA once it is ready.

Notes & Links

Official Website: www.dombox.org

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Viruthagiri Thirumavalavan

Viruthagiri Thirumavalavan

I’m an Entrepreneur and Engineer who work on stuffs related to Email. Thanks for stopping by.