Email address
I can be reached by email at toby@dr-qubit.org, associated with this PGP key.
Note that I use open-source spam-reduction software called TMDA to protect my addresses from junk-mail.
If you have never sent me an email before, you will receive a message asking you to verify your email address. By simply replying to the message, your original message will be delivered. You will only have to confirm your address once ever. All subsequent email from that address will be delivered directly.
Why I use TMDA
Sadly, junk-email (otherwise known as spam) has become such a problem that email was fast becoming useless to me. The worst problem was not having to delete hundreds of junk-emails per day, but accidentally deleting legitimate email along with it.
There are two (or perhaps three*) ways to fight this deluge of spam. One is to use a filter that tries to recognise the spam, and deletes it (or, usually, moves it to a spam box). This is quite effective. A small amount of spam will not be recognised as such (false-negatives), and will end up in your inbox anyway, but we can't hope for spam-elimination; all solutions are spam-reduction systems.
*By the `third way', I'm referring to approaches such as domain blocking, real-time blacklists, and other methods of blocking whole groups of addresses. But the discussion of filtering approaches really applies to these too.
The problem with the filtering approach is the false-positives: legitimate mail that gets mis-identified as spam. Even if it is moved to a spam box rather than deleted, when searching through the hundreds of junk mails, you are very likely to miss the one or two legitimate mails and delete them anyway. (Or at least, I know I am!)
I'm not prepared to accept the risk of someone sending me an email, me deleting it accidentally, and them never knowing that I didn't received it. Therefore, I chose the second approach: white-list plus challenge/response.
First, I maintain a `white-list' of email addresses belonging to people I know, or have received email from in the past. Any email from an address on the white-list is delivered directly. The challenge/response part comes in when someone I don't know (maybe you) sends me an email. Their message is temporarily held, and they are automatically sent a `challenge' email, asking them to confirm their address. By simply replying to this challenge, their original message is released and delivered. (It really is that simple: they just have to click "Reply" and "Send" in their email software.) What's more, their address is added to the white-list, so for ever after they will be able to send email to me directly, without needing to confirm their address again.
Why does this work? For two reasons. Firstly, spammers almost never use a real email address. Email was invented in a more innocent age, and takes on trust whatever email address the sender supplies. So it's very easy for a spammer to lie about their email address. In this case, the challenge never reaches the spammer, and the spam is never delivered.
Secondly, even if spammers do use a real address, they are sending out thousands of junk-mails, many to addresses that don't actually exist. It would take far too much effort to reply to each challenge individually - or indeed, to notice the challenge emails amongst all the bounce-messages coming back about non-existent addresses. Responding to challenges would defeat the whole raison d'être of spam: its cost-effectiveness.
Some people object to the challenge/response approach, saying they are not prepared to jump through hoops to send someone an email. I honestly wish we were back in them good ol' days of the pre-spam internet, and they didn't have to. Sadly, we're not. Anti-spam laws are either non-existent, too weak, or unenforceable. We are stuck with junk-email for the present. And we are forced to choose one way or another of fighting spam.
My feeling is that the white-list plus challenge/response approach is the lesser of the two (or could it be three) evils. I think it's politer to at least let someone know their email won't be read (if they refuse to reply to the challenge), than to risk accidentally deleting it, and leaving them unsure as to whether it has been read or not.
Another criticism is that challenges will be sent to forged addresses, which might belong to someone who never sent me an email in the first place. This is a more serious criticism, in that it isn't a mere matter of opinion. TMDA provides a whole host of features (too numerous to detail here - see the web site if interested) to help reduce the number of challenges that are sent out. A good virus scanner also helps a lot, since many challenges would go out to people suffering from an infected computer sending emails automatically
In addition, I do use filters. Not to remove spam, but to help decide when to send a challenge and when not. Messages that are clearly identified by the filter as legitimate are delivered directly. Messages that are clearly identified as spam are not. Challenges are only sent to messages that are ambiguous.
Some challenges will no doubt still be sent to forged addresses. Still, I feel that this is the best choice amongst the available - and all flawed - approaches.
![[*]](keys/keys0_down.jpg)
![[*]](keys/keys1_down.jpg)
![[*]](keys/keys2_down.jpg)
![[*]](keys/keys3_down.jpg)