Slashdot Mirror
IBM Researcher Offers an E-Stamp Spam Solution
UnanimousCoward writes "This Internet Week article describes a research project by Scott Fahlman that looks to limit spam using e-stamps. Here is more detailed description of the system under his CMU homepage along with a link to the original paper." As crappy as it sounds, charging some tiny fee per email would cut spam dramatically. 207 of the buggers so far today. Hundreds of megs a month. I'd love to see something done.
cut spam dramatically? how do you explain all the junk mail I get IRL? they pay for postage on that, you know....
I'd rather deal with filtering the spam I get, than have to pay for sending email.
Any solution that involves paying for something that used to be "free" is not going to catch on.
A better solution would be to make people register for a signing certificate and require email software to sign all messages. At least that way people would know who sent spam... and a national spam blacklist could be created for certs that get a certain number of complaints filed against them.
--
"What do you want me to do? Whack a guy? Off a guy? Whack off a guy? Cause I'm married."
Charging for spam will not stop it any more than it stops snail mail spam.
The spammers will simply pass the cost through to their customers who, granted, might become more discriminating in response but it will not stop them.
As crappy as it sounds, charging some tiny fee per email would cut spam dramatically
Yeah. Sure.
How much crap do you get a day in your postal mailbox? How much of that was sent with a $0.37 First-Class stamp? How much of that was sent with heavily discounted postage because of its "bulk mail" status? (I won't even go into how ordinary citizens end up subsidizing this crap, even junkmail from large companies that could afford a full-cost stamp).
How much you wanna bet that some kind of postage on email won't make much difference, as the cost will either be so low that most won't care, or there'll be ways for companies to get out of it (or to get a much cheaper rate)?
Sure, it might cut back some. Maybe. But remember how the big junkmail senders got cheaper rates in the first place: Lobbyists. So I wouldn't expect it to last.
Yes, it does seem reasonable, but
a) I'm used to having FREE email
b) Once you start charging for something, it's only a matter of time before the fees go up and up as high as it can "sustainably" go, and like stamps we'd be seeing it rise every couple of years.
Fuzzy Knights: New RPG Strips Tuesday and Friday!:
http://www.fuzzyknights.com
Nearly all the spam I get comes from bogus addresses. If SMTP servers did not allow forging of the from: address, the problem would be drastically reduced since the spammers would have to get new accounts much more frequently, and most people would be able to block all the "free" email domains like hotmail and msn, where spam is most probably coming from.
Why pay for some type of filter when SpamAssassin is free (as in speech)?
habeas is a way to help prevent spam sent to you. By subscribing to Habeas, you have X-Habeas headers put into your email. You can filter based on these to help prevent more spam and know the email is legit.
Check it out. I don't use it personally, one of the mail lists I'm on uses it.
-- DuckWing
And this is why. Assuming you have the computer, phone line and small monthly fee(depending on service) Email a an effective and free form of coomunications. In effect, you are already paying for it, when you pay for your monthly service. Adding a fee for E-mail would in effect be an "E-Mail tax", but instead of going to public works or anything like that, it goes to line the pockets of the sellers of the E-stamps.
Case in point, bad idea.
You say you want a revolution....
Lots of people have talked about this sort of system (pay $.01 per email you send, receive the same per email you get), but it's good to see someone writing it finally.
A question remains: my Social Implications teacher also teaches Telecommunications Law. She maintains that this sort of thing will open a floodgate of per-use fees on our internet access that we won't want.
I guess that by having a third party do it (instead of the ISP), we can get around that problem for now. Does anyone have any idea if she's right, and if so if it could affect this as well?
-- Bill "Houdini" Weiss
If you read the article, the idea is to whitelist your friends and mailing lists, and then you personally choose to set a fee that you charge for accepting mail from any person/business unknown to you.
So basically, you get paid for receiving email, but you only need to pay if you are in the habit of sending unsolicited email to random strangers.
I do not deploy Linux. Ever.
OK, a lame suggestion full of holes, but...
:-(
Your ISP could foot the bill for the "estamps" and each email you send could get marked in this way making the message "legitimate" going through their email servers.
Though the spammers themselves could easily get around this. Unless, however, every ISP clubbed together to create a list of legit stamp-issuers and not allow anything unstamped to pass through. their relays.
Though this is just filtering based on an email field that does not exist.
MS would probably hijack it and bastardise it anyway
Just me thinking out loud.
Smokey, this is not 'Nam, this is bowling. There are rules.
The only way to make this work would be to make the person buy the stamp from the mail receiver. Maybe a middleman would take a little cut, but I wouldn't mind getting a penny or more for receiving each email. I pay for the bandwidth anyway. . . its not like its free for me to get the mail (unless it is at work where the corporation should get the money since they fund the system)
Not only would it cut down on SPAM, people would think through their emails before writing as many flames and time-robbers.
A payment for email would be cracked or bypassed within a week, and social engineering could be use to get other unfortunate users to foot the cost for those who cannt work it out.
Quote from the pdf:
"When a message arrives at my machine or mail-server, it is examined. If the sender is on my accept list, the message is passed through to my in-box."
spammers do this with forged email addressess all the time... and pass trough whitelists all the time as well.
I don't have a solution to spam, but there are a few things I do that make me feel so much better when I get it.
I own my own domain name so any email address at my domain gets to me. So when I register for stuff, I use unique email addresses every time (i.e. amazon@mydomain.com, circuitcity@mydomain.com). So if anyone SELLS my email address, I know because I start getting spam at a particular address. So anyways... here are my two simple solutions:
1. For every piece of spam that I get, I send a 5 copies back to the mail relay that sent me the mail. If they are going to annoy me, at least I will chew up some of their bandwidth and CPU cycles.
2. And if someone "sold" my address, then I also send 5 copies of the spam to the rat-bastard seller. I hope to chew up their resources as well.
If EVERYONE did this, I think it would totally crash the offenders machines and clog up their big fat internet pipes.
many developers depend on them. I hardly ever send mail to such lists, but read all of them. Not really fair if they'd have to pay for sending me valuable information.
It's so silly to see so many complex anti spam solutions, if all we need is jurisdiction aruond the concept. The biggest issue with spam is that tere's no law forbidding it. Fix that, and trigger happy lawyers will take care of the problem.
When will I end this grieving ? When will my future begin ?
Well, you don't have to pay when you email your friends, colleagues, etc. people that you know (if you read the article). Hmmm... apparently, not many people have actually read the article. You really don't have to pay money unless you are sending out unsolicited emails.
... something doesn't sound right.
But I still don't think that this is a great idea. That's my hunch. Email wasn't designed to pay for it under any circumstance including, what you know today, spam. Once any email becomes non-free, free as free beer, it really changes the way in which email is used today. Sounds like a good idea to me generally, but
How about a protocol for personal PGP stamps.
I can issue stamps with as many tags as I like and configure my email front end to deal with messages based on the stamps
"Friends"
"I am a customer of company X"
"I work for A and buy from B"
"I work for A and sell to C"
"Registered at site M to enter contest"
"Tech web site registration"
"News web site registration"
"Entertainment web site registration"
In the event you went on holiday you could even set up forwarding based on the message stamps.
I have previously worked at an ISP, and now in a software development organization, and it has always been common practice to send automated emails from webpages or servers.
How would a pay-per-email fee affect people like this? What about the "Forgot Your Password?" links on sites that email your registered email?
I think something like this would hit the Internet a lot harder than people think, since most people just seem to be concerned with Joe User at home sending 50 joke mails a day.
no comment
http://www.pbs.org/cringely/pulpit/pulpit20030313. html
Though I have to say, neither one are originators of the idea - I've seen it plenty of times before, but this IBM guy is closer to the implementation of a system.
That's the supposed goal of Microsoft's Penny Black Project which had a story earlier on /. The idea is to require a small amount of money for each e-mail sent. I don't think I want this to be a requirement that Microsoft implements.
Developers: We can use your help.
Actually, what we want to do is post an acceptable use policy on our mail servers and have that be legally enforceable. Right now, I'm trying to convince my local district attorney to file obscenetiy charges against porn-spammers. It's not free speech when it intrudes on my privacy.
bance.net
By associating a fee with the sending of spam, you're legitimizing the practice, much as junk postal mail is "legitimate".
Don't even begin to open that door, you fools. We must make it illegal to send spam, then from there, make it illegal to send unsolicited postal mail, solicit on your doorstep, and make unsolicited commercial/charity/political telephone calls.
It's my phone, my email inbox, my mailbox, and my doorstep. Fuck off if you think you have a right to use it at will to sell your crap.
Why are you letting these clowns ruin our country?
This approach means that spammers have to pay for a charity stamp for every single spam they send out. And that would undoubtedly eat into their profits, and prevent the most ineffective spams from being sent.
But here, I think the developer of the idea pushes the logic too far. He says, "The whole spam industry depends on spam being free to the sender," Fahlman says. "If we change the social rules of E-mail just a tiny bit, I think the whole problem of spam goes away."
I think it's far more logical to conclude that the problem won't go away at all. But it might become more manageable, because it will force spammers to only launch campaigns that can return a profit after charity stamp expenses. In essence, spamming will become more like bulk mail. It costs Land's End a dollar a catalog for their postal mailings, and they probably get a 3% response rate, but the profits they make on that clothing is worth continued and highly targeted mailings. The same dynamic may one day be true with spam. And I'd rather get 30 emails a year from reputable companies like Land's End than 3000 emails a year from Viagra pushers.
I've heard a variation of this idea, and I think it might in fact be Fahlman's work, and that the Internet Week article sort of missed the boat on this reporting. In the variation I've heard, the "charity stamp" is expensive, say a couple of dollars. This system would create a social agreement that redeeming a charity stamp is sort of a slap in the face. Your best friend from elementary school could email you, and you'd be perfectly entitled to redeem his charity stamp since he's not on your whitelist. No reasonable person would burn friends and family like this. But what fun it would be to burn spammers this way, having each unwanted email result in a dollar being sent to your favorite charity!
I think this kind of optional redeeming of charity stamps is the core of what would make this idea work. But we'd need to set up a new email/micropayment infrasture to make it possible, and couple it with strict laws that spammers trying to evade the charity stamp face criminal penalties. Creating a new system like this would pose enormous problems, but it sounds workable. I think the bottom line is that the spam problem can almost certainly be reigned in, but whatever approach is used, it's going to take big money, government intervention, and a partial redesign of how email servers currently operate.
As for me, I recently started using the Bayesian filters in Mozilla 1.3's email client. I can't say enough good things about how well this has worked--I've reclaimed my email box. It used to take me ten minutes or more a day to delete spam. But Mozilla does it with uncanny accuracy, and probably with fewer mistakes than I would make if I'm hurrying.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
The article seems to be a new wrapping for a years-old idea of making the sender pay for each individual message mailed.
The article proposed to maintain a white list of trusted addresses. Anyone not on the white list would have to pay money and (manually) obtain a token allowing to send a message to a mail box. I would say this is too difficult.
I think obtaining a token manually is sufficient for all spam-fighting purposes. If it can be assured that the e-mail was sent to me individually by a human being, then it's worth my effort of looking at the subject line. So, if the sender is not on my white list, my server could reply with an automatic message something like "Your message has not been delivered. Visit the page http://.../?id=123456789, read the number in the image and enter it in the box". That would cut pretty much all spam.
I know at least one free e-mail vendor who implemented this technique. It's simple and easy and still not widely used. I bet the idea from the article would suffer the same fate.
The bulk mail subsidises your 'regular' mail. Your post office runs an infrastructure to let you buy individual bits of gummed paper, tramps around the country individually receiving each bit of mail you've written, tries to decipher the scrawl you've made across the front with the biro and then delivers- all for your 37 cents a pop. The junk mail sender just drops several thousand pre-paid, pre-typeface-addressed identically sized mailshots on their doorstep. They're obviously a lot cheaper to process, but bring up the number of items they handle allowing them to pass on the ability to send a 37c letter to you due to economies of scale.
I think a better though analogous solution was already proposed and discussed on slashdot. Basically, to accept or relay any e-mail (not on a whitelist) the sender would have to perform a small numerical calculation of the recipients choice. E.g. find the roots of a sixth order polynomial with 7 coefficients provided by the recipient.
This takes a few millisecond to calculate the answer and its is trivial to check. One could dial up the problem strength as needed.
For normal users this is a trivial cost since my CPU is definitely idle many many milliseconds every time I send an e-mail. But for bulk senders its a problem.
It could be done either by the relaying e-mail servers or as long at the final recipeint. The latter is probably superior as long as forged sender info does dont create accidental DOS attacks.
In any event, it adds a trivial burden to the amount of internet traffic, and given a reduction in spam traffic over time would save on total traffic. And It cost nothing since it uses unexploited resources. And it would I believe kill any centrally served spam dead.
In fact one could actually get useful work out of this.
Imagine this scheme. To get your stamp of approval you have to get a ticket issued from some grid computing server that supplies the mini-tasks. For example, I might sign up with some service that issues mail stamps in return for doing 1 second of calculation on some easily stated but hard to solve problem (prime searching, etc...)
Some drink at the fountain of knowledge. Others just gargle.
I started using ASK( Active Spam Killer ).
It works great. It works by requireing a response the first time someone emails you. They repond to an automated email and are whitelisted. Since spam has it's replay lines forged the spammer never replys to the automated email and you don't get any spam.
Since I have started using this 2 months ago I have gotten 2 spam emails. That is down from about 40 a day.
The other bonus is that unlike filters if someone needs to get an email to you they will and it wont accidentally be junked.
We should take a lesson from Iraq and shoot 40 Tomahawk cruise missiles at spammers' headquarters.
... about an "email tax", consider this: Microsoft's Penny Black Project aims to do the same thing, but implementation only requires some sort of cost, not necessarily monetary.
One method is especially interesting, the CPU-based scheme in which "the sender must solve a recipient-defined puzzle in which computation of the solution is moderately and provably hard." If that were the case you wouldn't even notice if you're sending one email, but a spammer certainly would if he tries to send out 1,000,000 at a time.
.
To end Spam, you must "de-monetize" it.
To do this you must increase the bandwidth loading of the spammer's sponsor (the 'business' paying to have the spam sent) beyond tollerable levels. The only way to do this is with a distributed "insincere curosity attack".
To do this you must write a mail app plug-in that allows you to drop spam into an analyser bucket on your desktop. This analyser would parse the spam for URLs and toll free numbers in the body of the spam. This analyser then routes these "targets" out on to a peer to peer, gnutella style network. As soon as each peer in the network gets about, say, 20 or so copies of that same target submitted from other peers, then a small HTTP client would start making random requests to the target URL or toll free number. This would keep up until the target disapears.
Oh, and to play the Flute, you just blow across the little hole on the one end while moving your fingers back and forth on the outside of the tube.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Asking for some kind of money (even for charity) for sending mail to something will stop a lot of people of sending email, even mail that you would want to receive. Suppose that I want to mail someone with this system because he have a worm, or an open relay, warn him about something or whatever that he wants to know. If I have to pay to do a favor to someone, well, I will forget about it. Worst than this, suppose that the author of this paper use the system, and I want to warn him of a problem there, well, in this case the problem will happen in the worst moment possible, but I will not warn him.
Only unknown addresses will be charged, you could probably extend known addresses to include entire domains. Finally, if there's a third party involved, I would think it would be trivial to refund these charges from legitimate people. Finally, you don't HAVE to charge for unknown recipients.
And if the costs are so low that it does not bother me then it will not bother the SPAMMERS either to pay the amount.
Wrong, it WILL bother and even stop many spammers. They're business model completetly depends on their ability to send millions of e-mail messages a day without cost. If you start incurring costs, you've just blown their business model. Even if it's half a cent. Let's see, what's that crazy thing called again? Oh yeah MATH:
$.005 X 1,000,000 messages = $5000
So for each mass mailing of that size, the spammer is paying $5000. Currently a lot of the big guys are sending out over 10 million a week! Hello? That's a log of money!
Now maybe they'll have to actually FOCUS thier mailings and maybe even (gasp!) start pushing products that aren't of dubious value and legal content. Junk is here, but we don't have to tolerate this amount or content.
Computer Science is Applied Philosophy
Wow, more than 100 posts already and still 90% of posters obviously did not grasp the (rather) simple concept. I've seen a number of completely irrelevant objections:
The law would never pass : That's one of the best feature in this idea. No need for a new law. The recipient already has the right to block incoming messages. You know, when your phone rings, you won't go to jail if you don't take the call.
Spammers will never accept this : Of course not, but nobody asks them! Using this kind of solution is YOUR decision; you don't have to ask anybody's permission, especially spammers.
Widespread adoption will never occur : So what? This system will work for me even if I'm the only user. It's not one of those things that require a critical mass of users to be useful.
This will not completely eradicate spam : Frankly, I don't care. If it prevents spam sent to me, it's good enough.
5 cents to read spam is not worth it : You're missing the point. This is not about making money, it's about discouraging spammers. No spammer will ever send you an email if it costs him 5 cents. And the price is not for making you actually read the spam, it's only for allowing it to reach your inbox. In the very unlikely case a spammer actually pays, just delete the message as usual.
So please, read the article. The idea may not be completely new (email stamp) but the details address most obvious objections.
One problem I can think of is still pending : what happens if the sender is also equiped with a similar system? Will we see payment notices bouncing back and forth between both ends without ever reaching an inbox? I guess a solution would be to automatically whitelist any address you've sent an email to, if only for 1 hour.
Now, the really funny part is that ALL of the above (including subject line) is the exact post I submitted on Dec 10, in reply to an article about the same research by the same researcher.
We're discovering the notion of meta-dupe: it's a dupe slashdot story with dupe replies. By the way, my original post was modded +5 informative. If this one gets modded +5 too, we will achieve uber-meta-dupe status: the exact same story, with the exact same comment, with the exact same moderation. Perpetual motion, sorta...
It would be nice to be sure of anything the way some people are of everything.
yeah, and if you become a COMPLETE recluse, you need never speak to, see or be seen by another living soul in your life!
Not using email is NOT THE ANSWER to spam.
That was classic intercourse!
What am I missing?
Bandwidth.
If you're filtering 100 messages per day, those messages are still making it all the way from the spammer's system to your mail server (or even your computer itself, depending on the type of filtering you use.) If each of the 1000 people who use your (relatively small) ISP get 100 messages a day, that's 100,000 pieces of spam a day. Seeing as a lot of spam now comes in easy-to-digest 48k and 123k attachment crapbombs, you're talking massive amounts--gigabytes and gigabytes--of spam that gets sent over your ISP's lines every day.
Filtering is, in many ways, a catalyst in the "spam eats up bandwidth" equation. Since you never need to deal with the mail, you're not nearly as likely to get up in arms about the mass of crap flowing over your network. You'll still pay for it though, in the form of higher access charges, slower server response, and less money at your ISP to go towards support or more useful tasks.
The Internet Powers That Be don't care one whit about the time people lose sifting through their junk mail--that's Somebody Else's Problem. By that point, the damage is done.
Obliteracy: Words with explosions
The 2.3 cents per envelope paid in postage can hardly be the largest cost of real life junk mail. TRANSFAL, bud. You could jack up the costs of email to real life levels and you would get the same amount of email, because it's still cheaper than TV, billboards, radio and all that. In fact it's the only way to reach many people so anoyed with adverts that they no longer watch TV listen to radio and make laws against billboards. They will come and they will pay.
In any case the aproach is completely backward.
I'll pay a stamp for Email when the US government or some private company sets up a system just as good as real life mail. If someone can devise such a system where there are NO ACCESS charges whatsoever and all the work but writing the mail is done for me, a stamp might be a reasonable way to pay. As it is, I pay a private company for wires to my house and a private company on top of that to be able to read the web, and another to host and another to have a name. I do not feel like paying yet another party just to connect to another computer on port 25. No, 1,000 times NO. Paying for each and every email I send would be like having the worst of all worlds for email.
Shame on anyone who thinks a novel system that extracts your money will do anything more than extract money in the long run. Rember paying the cable company for advert free TV? Now you simply pay for TV. Anyone who pays extra for email will simply pay extra for email. In the end, the company running the system will be bought and you will get your censored adverts.
The only real solution is to make spam against the law and fine those who send it. A fine on those who receive it is stupid.
Friends don't help friends install M$ junk.
The day they start charging per email, is the day slashdotters begin work on a free alternative.