Slashdot Mirror
Penny Black Project Investigates Sender-Pays E-mail
Anonymous Coward writes "The Inquirer reports: Microsoft contemplating charging for emails. 'MICROSOFT IS UNFOLDING something it calls the Penny Black project in which people sending emails might have to pay for the privilege.' Microsoft's explanation of the project is here: The Penny Black Project." There are a lot of things going on at Microsoft Research -- no guarantee that particular ones are going to be released in the real world. (And Microsoft isn't the only party interested in sender-pays, or at least sender-risks-paying systems.)
This is an anti-spam tool that doesn't need to be paid in cash. This also presents /. with an interesting juggling act: we hate Microsoft, but we also hate spam.
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
I think my desire to see the 1998-99 internet doubles every time I see a story like this.
It is rapidly being forgotten that things being free was one of the reasons why this internet thingy took off in the first place.
SecondPageMedia - Wha
This could be a good thing, after all, if spammers had to pay for all that mail they send, they would have problems sending millions a day.
On the other hand, I don't want to pay for email, I already get it for free. I think that this idea would be great if it could somehow charge spammers for emailing me, while letting me send out whatever i want.
Email is already free, I don't see a way for any company to charge for it, but I am all for using any tool to stop spam as long as it doesn't hurt me.
from the article:
The Penny Black project is investigating several techniques to reduce spam by making the sender pay.
Well sorry, but I get a pile of junk mail every week on my doormat through my post and in my papers - and the senders have had to pay both to print AND send that...
Feel that power? That's mah MOUSING FINGER
This whole thing is really just a way to deal with the fact that SMTP doesn't do any real authentication of ANYTHING when it receives a message. Developing a whole side protocol to run along-side SMTP and "verify" that a message is sent by a human or creating some micro-payment scheme really seems like a waste - getting it widely adopted would be at least as hard as getting a replacement protocol for SMTP adopted - so why not focus on that?
An SMTP replacement that verified - at least - that the domain of the sender was correct - would cut down on spam tremendously. Virually all spam I get has forged headers and invalid reply addresses.
Since spammers most often hijack the resources of others to send their spam, making the "sender" pay directly will often hit the wrong person in the pocket. The real solution is to prevent the hijacking of resources in the first place. It does look like some of the Microsoft Research proposals (the Turing test idea in particular) might address this problem to some degree too, it will be interesting to see some more details once the research has progressed.
Here is an idea, it is borrowed from the way ISP's pay for bandwith.
Why not make networks pay for the e-mail that originates there? Subtract the e-mail that arrives. For most companies/networks - that will be just about an break even proposition. For the ones who allow spammers - well... that is going to get expensive pretty quickly. Sooo... they will either boot the spammers off, or get them to pay it. Either way, we win!
Changing SMTP means switching over every SMTP server and relay.. that's a lot of work and there's a lot of financial resistance to that.
On the other hand this micropayment system can be implemented on TOP Of SMTP... using a server that issues digitally signed tickets, which can simply be appended as an attachment to the emails.
Certainly this system will meet some resistance as well, but much much less. It will only require the clients to change what they are using, not the servers. However in the long term we could probably consider a replacement for SMTP... for example we could roll out the client code together with the client code for this Penny Black system. Then, if this system gets wide spread then people can deploy replacement-for-SMTP servers confident that clients will be able to use them
every mail over 100 per day through a server outside of the inteernal network (you know to the internet) would cost 1 cent a peice.
IE you could send 1000 internal e-mails over your own network and pay nothing.
You send 1000 e-mails to people "outside" of your inernal network in a day you pay 900 cents, or for those of you with math mad skillz thats 9 bucks.
So a spammer trying not to pay a lot of money would have to send only 100 e-mails a day for free.
if he sent 5000000 e-mails in a day thats 5000000-100, 4999900 pennys, or for those of you in the math "know" its 49,999 dollars.
Now im sure that if a spammer were to have to pay 49999 dollars to send E-MAIL, their business would become less than profitable.
Most users dont send 100 e-mails a day, even when i was getting 70 e-mails a day i didnt reply to all 70.
auto responce mails could be ignored.
large companies might get a "bulk" rate on e-mail, or move there services to online methods of checking (IE they dont have to flood mail servers with 'gamespy announces it got cooler') kind of e-mails.
anyway the idea has some merits, though even now I can tink of a great many problems with it.
anyway just a little teaser idea.
If you don't vote, you don't matter, so don't waste your time telling me your opinion
Actually, I just wanted to make sure that the submission wasn't misinterpreted to mean that "Microsoft" was planning to implement this system, and that it's still ("just") a research project.
It sounds like a decent idea to me, but with certain thorns. The biggest one is What about legitimate, truly-opt-in mailing lists? Email is a genuinely low-cost communication method for non-profit groups (not just official tax-exempt non-profit groups,I mean all kinds of clubs, associations, groups of friends, etc.), and a per-email fee intended to hinder junkmail could also pinch a lot of people I wish it wouldn't. Maybe in the end that would be a fair tradeoff, but as spam filters get better (and ISPs get more aggressive about blocking spam on their side), I'm skeptical of that.
Also, some people send a lot of short emails; does charging per-email make sense vs. (for instance) per-byte?
And as for my opinions of Microsoft, well, you're free to read my earlier comments about Microsoft if you want to learn that;)
Tim
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
RTFA, this isn't about charging for email use. This is about making people ACCOUNTABLE for excessive email abuse (i.e. spam). Just one of the options being considered is charging money for it, also considered are cpu cycles, etc.
"It takes considerable knowledge just to realize the extent of your own ignorance." - Thomas Sowell
So if you send an email, you have to put a penny on the line. If it gets through, and the person on the other end doesn't think it's spam, then you get your penny back.
This is an interesting idea.. I just don't see how its any better than forced verification of the originating addresses on an incoming email, though.
I mean, I can see how this could get expensive for the type of people who forward around those annoying chain emails, or jokes or what have you. Undoubtedly, they'd cut it out after realizing that people aren't reimbursing them for their email. But for the spammers at large..
See, the thing is, you're putting the responsibility for this back on the users. If I get an email, I'm either going to have to manually reimburse them, or manually not reimburse them. The onus is still on the end user.
Sure, they might be investigating Turing-test checks for spam, and the like, and yes, there is Bayesian filtering now too. But this is all still going to have to be there to automate the process, even with this transaction system.
I would've hoped that, by now, we'd be looking at ways to move this onto the system, in the form of proper verification or something, so we the users don't have to deal with it as much. (To those of you talking about having to upgrade all of our infastructure to handle verification, should the protocol change, what makes you think we wouldn't have to if a transaction pay-per-email system comes into place?)
The other problem I see is that these spammers might just not care about the cost. I mean, c'mon, a penny an email? That's still cheaper than a snail-mail ad.
People are focusing a lot on the idea of paying real dollars in order to send e-mail. The thrust of the research in this article appears to be for alternative "currency" models.
So for CPU cycles, here's what I think they are doing:
Every email account has a notion of a "ticket pool". A valid ticket is very expensive to create. Say, it takes 5 minutes to make one on a fast modern machine, at 100% CPU.
When I send an email, a ticket is attached to it. This ticket is required for sending mail (say, through the Hotmail SMTP servers, for example). No ticket, it bounces back to me. When I get a reply to the mail, or perhaps some other sort of acknowledgement from the receiver that they meant to receive the mail, I get credit back for the ticket I used.
In normal circumstances, you almost never have to create new tickets. If you have 10 in your pool, and you are mostly emailing co-workers and friends, you never run out of tickets, and everything acts just like it does today.
However, if you are a spammer, and you want to send 1,000,000 emails per day to people who don't really want to get them, and are never going to reply to your email address (which, to make things worse, probably changes with every batch you send out, to keep yourself anonymous), it's too "expensive" to stay in the spam business. To send 1M unsolicited emails could cost up to 1M tickets, which you may never get credit back for. To generate those would cost 5M minutes on the client machine, which would mean 9.5 years of number crunching, to send one day's worth of email. Clearly not feasible.
Let's say we cut the time per ticket from 5 minutes to 5 seconds. Now, it's almost unnoticeable for normail email usage. An extra 5 seconds to send a mail? Totally not a big deal unless you are mass mailing. But again, to send 1M mails per day, even 5 seconds per mail costs 57.8 *days* worth of CPU crunching. Also completely not feasible.
Sounds like a great plan to me, once all the details I'm glossing over are worked out, but that's what research is for!
The only issue here, that Timothy hit on in a follow-up comment, is that there'd have to be mechanisms for valid mass-email to be sent out. Banks sending statements, Organizations sending email-newsletters, etc. Perhaps there'd be a way to give them a pool with a million tickets, and rely on whatever mechanism was used by the receiver to credit them back after the newsletter was read/received..something like that.
(Ah, the devil is in the details...)
Tricky project to get right, but it could definitely be a win/win.
Doesn't it suck to be Microsoft; you come up with some at least half-sensible idea, something that under normal circumstances people would debate the pros and cons. But everyone so little trusts them that the natural reflex response is "noooo!"
Microsoft: "Hey what if we abolished spam?"
"Screw you! An obvious attempt to embrace and extend!"
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
http://cr.yp.to/im2000.html
I'll tell you why this would never work - or actually maybe why it *will*. Because big business can afford a penny per message and little guys can not.
For instance, I run a popular auction site and on your average day my system sends out about 1,500 auction-won notices, 1,500 auction closed notices, 2,000 auction closed without a winner notices, 200 account related notices (new accout, lost password, etc) and about 500 misc emails for other various reasons.
This comes out to almost 6,000 messages per day from my system (which is 100% free by the way). This doesn't even count personal correspondance.
Now there are a few questions. First, I run my own mail server for the auction site. Do I pay myself $60/day to send email? Or do I pay my ISP even though it isn't their server? Or do I pay microsoft for the right to send email from myself through my own server to my own users who are expecting to get these messages?
So, Microsoft is just considering writing an extra inefficient mail protocol?
If your theory is different from practice, then your theory is wrong.