PureMail 1.3
User Authentication System for Email
Copyright (C) 1998 by Louie R. Orbeta
All Rights Reserved


Introduction

There are presently two technologies that attempt to defeat junk email. 
One uses a vast database of known junk emailers. The disadvantage to 
this is that new junk emailers surface every day, and the database 
requires an unreasonable amount of maintenance and disk space just 
to match PureMail's capabilities.

Another known technique uses heuristics to determine if the email is 
junk by following user-defined rules to inspect the email headers - 
e.g. searching for phrases that try to sell a particular product, etc. 
Heuristics do not work well against all junk emailers because spammers 
can easily change the grammar in the email or forge the headers - and 
the program will let the email through. This technique also requires 
training the program to recognize phrases, thus requiring user 
intervention. 

Both techniques have a hit-and-miss approach to defeating junk email, 
and they lack user authentication. PureMail is transparent, and 
guarantees legitimate email from legitimate users.

PureMail works on the principle that a user will only receive email from
the sources that the user wants to receive from. For this to happen, the
user must give to potential recipients something unique - the PureMail 
stamp - that identifies the user. This alone defeats present junk 
emailers because they cannot extract the unique PureMail stamp. Future 
technology can extract the stamp, but the timestamp within it stops 
expired email. Users can give the stamp to recipients in a number of 
ways: On an email-to-email basis, on a web page, or even on a business 
card. Every outgoing email has a unique key to prevent forgeries, but 
the stamp can be configured to be the same for every outgoing email - 
a weaker setting, but still strong enough.


System Requirements

- Microsoft Windows 95 or Windows 98 or Windows NT 4.0
- A TCP/IP connection 
- A POP-based email account. You may have to ask your Internet Provider 
  just to verify you have this 

I have had reports that PureMail runs on ASDL!

PureMail should also work for cable modems, but I haven't had the 
resources to test this.


Features

- Intuitive, easy-to-understand User Interface. 
- Written in Delphi, so the code generated is efficient and uses less 
  RAM compared to Visual Basic. 
- Uses only 3% of Window's system resources in actual operation, and 
  less than 1% if the program is sitting idle. 
- User can still use their favourite email client. PureMail is not a 
  substitute - rather it is an addon to your exising email client. 
- Trusted Senders, Mailing Lists and Authorized Stamps List is limited 
  only by the amount of RAM in the system. 
- Transparent operation - once PureMail has been started, it reads in 
  its configuration and the trusted lists. It minimizes to the tooltray 
  after. The only user intervention required is when a user needs to 
  change configuration, or add a trusted sender/mailing list or a stamp.
  No need to close the program if the user logs out from their ISP. 
- User can generate a PureMail Stamp with an expiry date for use as a signature file for any email client. 
- Year-2000 compliant. 
- Free, free, free! The only thing I ask is that if you decide to keep it, I'd like you to send me a postcard. See the license.txt file for more details. 

PureMail is the name for a technique I created to authenticate users over
the Internet, and as a result, defeat junk or unwanted email. PureMail 
consists of a unique stamp that the sender generates, and adds to their 
outgoing email. The receiver must include the stamp when responding to 
the email. A recipient with PureMail will then search for the stamp in 
its database to make sure that the stamp is valid, and has not expired.
Thus, we know if the email is legitimate or not, and there are no 
exceptions.

PureMail has a number of settings, defining the strength of the 
algorithm. At its normal setting, it is guaranteed to work against all 
present junk email technology.  Hypothetically speaking, even a future 
junk emailer with PureMail capabilities has to send 30 million emails on
average to a single PureMail-equipped client, just for one email to get 
through. However, this is not even possible because of PureMail's extra 
feature - a timestamp. If the timestamp has expired, the email is useless
even if the rest of the stamp is legitimate. The algorithm is robust 
enough that it can be deployed on an enterprise setting.  Other features
are that it does not use encryption, making it possible to export outside
North America. Also, the user does not have to train PureMail to 
recognize unwanted email. Most important, the user does not have to 
discard their favourite email program. PureMail sits quietly, querying 
the mail server for unauthorized email at specified intervals.


Future PureMail Enhancements

Version 1.0 is functionally complete. It's been extensively tested and 
it's stable. Future versions may include enhancements such as:

- An import/export filter for your email program's addressbook. 
- More verbose messages in the status bar. 
- Multilingual versions. 
- Anything else in mind - hey, maybe you can give me a few suggestions! :) 

