Slashdot Mirror
Microsoft, Yahoo Investigate Spam Solution
bllfrnch writes "The NY Times (account required, yada yada) has an article about the suggestion of email postage to stop the advent of spam. Apparently, both Microsoft and Yahoo! support such an initiative, as they are the largest email service providers. Best quote: ''Damn if I will pay postage for my nice list,' said David Farber, a professor at Carnegie Mellon University, who runs a mailing list on technology and policy with 30,000 recipients'."
Paying for postage already exists, it's called a fax.
This is the worst solution ever and the only reason that MS/Yahoo support it is because of Hotmail/YahooMail. They stand to make huge profits because they host the inboxes of millions of users. Every email received at those accounts would invoice the sender. It's a no brainer for BARRELS OF CASH !!! (tm)
In fact, there already was a good solution proposed a few weeks ago, by microsoft no less. Combine it with Spam Assassin the way Spam Interceptor does (replacing the C/R component) and the solution is plausible.
Story also posted on C-Net (no account required, yada yada).
What hapened to Yahoo's (as yet unveiled) scheme-to-end-all-schemes for authenticating mail? IMHO, I think that SPF:Sender will make great strides towards combatting spam, combined with new laws that make spoofing illegal. And AOL is backing it, so I think there is a good chance for success, as they are both one of the largest sources of e-mail as well as one of the most commonly spoofed domains.
Here is a Washington Times summary that doesn't require registration.
1 23126-8662r.htm
http://washingtontimes.com/upi-breaking/20040202-
And here is a IHT article which appears to feature the same quote as the NYT article. Same article? I won't register...
http://www.iht.com/articles/127677.html
Josh.
How many roads must a man walk down? 42.
It's a ridiculous concept really, the reasons email has become successful to begin with is that it's fast and free. If you charge for email, people will just move over to instant messengers or other systems. And how do you enforce charging people who you may or may not be able to track, the proposal to charge for spam based on the reciever's choice is absolutely ridiculous.
Would this really help?
How come stamps can't stop all the spam I get through snail mail? Please, make those AOL disks stop!
"There is no teacher but the enemy."-Mazer Rackham
There's no way to enforce this. The irony is that the only way a pay-for-email scheme would work, is in the context of a network of trusted mail relays, which is in effect, A WHITELIST.
All this does is prove that eventually, there will be a network of whitelisted SMTP relays that will do more to combat the spamedemic. You don't need to charge money - that's an extra, goofy idea to make profit for a few select corporate interests. It won't fly because millions of systems will refuse to pay the "postage" extortion fee in order to be whitelisted.
Asking the sender to process a quick math question seems a better solution to me.
Spam boxes would be prohibitively expensive due to the heavy requirements for sending millions of spams, and it would have the added benefit of notifying people when their box has been owned due to 100% processor utilization on said owned relay box.
The money option just sounds like pushing for a new revenue stream. To heck with that.
"AOL is taking a different approach and is testing a system under development by the Internet Research Task Force. The system, called the Sender Permitted From, or S.P.F., creates a way for the owner of an Internet domain, like aol.com, to specify which computers are authorized to send e-mail with aol.com return addresses." Shouldn't AOL have thought of this a long time ago? I remember a few years ago when I used to use AOL and got deluged with FormMail spam with faked @aol.com return addresses. Good to see they're getting their act together.
Oh, maybe if the postage goes to further line the pockets of M'soft and Y'hoo, as a likin worked, I can see their true motivation.
A feeling of having made the same mistake before: Deja Foobar
How will this affect websites sending their users emails from requested sources?
Like I'm the programmer of Gemsites, a Slashdot clone. When we register a user, we shoot them an email. So are we going to have to pay money to do that?
Because that would be totally stupid, and it would possibly put an end to discussion websites that require logons to validate users, unless there was a method to bypass the charge for sending email.
The way Microsoft will turn it, would be that we all *should* be paying per email, because of this reason or that reason. Bottom line is Billy Goat Gates on his mountain of cash, trying to pile up more of it.
Everyone, please go home and open your mailbox. Now tell me if having to pay for postage has cut down on the level of unsoliceted mail arriving in you snailmail mailbox.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
What you say? Microsoft would get huge bills because of the abusers of it's Hotmail service? That would be a pity, wouldn't it?
It seems that both Yahoo, and lately Microsoft, have discovered a pretty good solution for spam. My YM mailbox has been largely spam-free for a few months, and in the last week or two, Hotmail has been doing a pretty good job as well. Every now and then a spam gets through, but that's about it.
What is wrong with migrating to a replacement for SMTP? What is wrong with developing better challenge/response systems?
...
If email gets a postage fee applied to it, people will stop using it. If I have to pay to send mail to someone at yahoo or hotmail, I would tell that person to get a different email address. No one is going to use email if it has a mandatory fee attached to it. Then again, maybe that's what needs to happen to give people a reason to stop using SMTP
Wasn't one of the hallmarks of a doomed .com company the fact that they tried to get people to pay for something they usually got for free?
Just spitballin' here..
Joe
Why can't MX records become required to list all in AND out going official SMTP for a domain. From then on, SMTP servers could reject non matching MXed sender IPs and if spam does get through - you know you to blame.
Exactly how will this work outside the US? Considering that $0.01 is a lot of money in third-world countries, and not much in the UK, you can't just make it a flat rate. But if you make it a sliding scale, what's to prevent a spammer from using an address in Somalia to make it cheaper?
G
Other proposed solutions involve lengthy computations on a sender's machine, which can be trivially verified on the receiver's machine. These will be overcome with faster machines, and spammers can afford better hardware than the rest of us anyway. Legislation is no solution, as the only sort that respects the First Admendment rights of emailers provides the same rights to unsolicited email.
As the saying goes at our local Mensa chapter: wise thoughts may go into your mind, but pultem calidus invado pantorum. At the end of the day postage is the cheapest option, given the cost of enforcement or technology updates.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
I realize you're being facetious, but I still don't get 100 AOL discs a day, like I do spam. Hell, if I did, I wouldn't have had to use my nice Snoop CD for my wall mural.
What about me who runs a mail server (a legit one at that for a no-profit) on an old Pentium 166? It's a fine smtp server but don't ask it to do any heavy math. This would screw the little guy using old hardware too.
Evolution or ID?
Someone also has to provide software and systems to meter and invoice email. Gee, who could that be...
A feeling of having made the same mistake before: Deja Foobar
my tweezer skills. It's not enough that I've spent decades removing paperclips, business cards, broken diskettes, credit cards, diskette labels, coins, and other assorted crap from drives and systems....
Now I need to worry about stamps too, just as my eyesight is diminishing.
Score one for the hardware folks! Best idea ever!
Oh, great. One of the proponents is a bulk-emailer called "Goodmail", who wants this system because if they pay to send out spam (with the postage going to ISPs), the ISPs will have a financial incentive not to block them.
>;k
...A scheme to encourage spammers to send out even more trojan laden viruses to send their spam from compromised machines at the expense of the victim.
I fail to understand how a scheme that involves the schemes administrators making a profit for every mail sent is going to reduce the amount of mail sent.
"Linux is a serious competitor"
- Steve Ballmer, Chief Executive Microsoft Corp.
Yahoo! Mail already has a spam filter engine, and it's ridiculously effective for a freemail provider. I rarely use my Yahoo account, but still tend to check it daily for email that should go to my new email addy and doesn't.
On a typical day, Yahoo! Mail will have around 100 new spam messages for me, and only two to six of them will make it to my inbox. After a quick setup a month or two ago, I can now check them all with one click and have them identified and deleted as spam with a second click.
While I understand Yahoo! wanting to lessen the burden on their filtering software by supporting postage, I think the sheer cost of such postage would eliminate Yahoo! Mail as a free service and wipe out most of its users in the process. I honestly can't imagine why they would want to use it instead of their already very effective spam traps.
The Goodmail "solution" is the worst of all possible worlds. What they want to do is convince people doing spam filtering that paid-for spam should still go through. They want to raise the quality of the spam, not get rid of it.
Please. That's not the answer.
thad
I love Mondays. On a Monday, anything is possible.
Or just click here.
This would put a huge damper on collaberation with companies. If it cost me for all the eails I send for the projects I work on then I wouldn't send them. It would make my job harder and make the products I work on more costly and and take longer to due just due to the fact of it slowing down my work or i have to wait longer for things.
Evolution or ID?
Why am I not going to be shocked when in 3 years my Postfix box will be ignored by Exchange servers because it's open-source and thus and open relay. This is such a shameless grab, almost as bad as their campaign to paint Linux boxes as unsecure. Any linux users remember THAT back in '99? Talk to any MS admin about a Linux box and they swore it was virus infected.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
And how do you enforce charging people who you may or may not be able to track, the proposal to charge for spam based on the reciever's choice is absolutely ridiculous.
This is not so hard at all; you simply require the payment be placed in an escrow account before the mail server will accept the message. The sender would include some unique token in the message headers that corresponds to the escrow funds.
Read about it here: Selling Interrupt Rgihts. The article is from 2002, btw, this is hardly a new concept.
...Does this mean if I don't pay, I won't get another email from yahoo or msn?
Remind me again, where's the downside of this?
--Storm
Reading the headline reminded me that I heard a story on NPR while laying in bed this morning about ways to go about eliminating spam on the internet.
Not sure if it contains any "new" information, but it might be worth a listen.
I have a Yahoo.com e-mail account and I agree. However, the problem is only solved for you, not them. They still have to add extra hardware (with associated increased power and maintennance costs) because of the volume of spam coming in.
That's naive. You know Ralsky and the like use open relays around the world. He's even contracted some in China. You might tighten a net at best, but eventually you come back to the problem of trying to bill non-USA service providers. Lotsa luck. At best you encourage them to clean up their open relays and implement some decent security, lest their IP traffic be blocked at the border. But this should already be happening. Start locking these things out and they'll get around to fixing things pronto.
A feeling of having made the same mistake before: Deja Foobar
Yet again Microsoft is doing their best to prostitute something which is currently "free" into something which they can use to screw their customer for unreasonable amounts of cash.
Today they're trying to "embrace and extend" email.
A Microsoft backed solution will lead to proprietary enhancements, patent litigation, prosecution and the general demise of email other than through Microsoft Proprietary Commercial Products.
Oh and you can forget about sending email from any *NIX like OS, absolutely not from any GPL or otherwise OpenSource OS.
I am not predicting the future, these things have already occurred In other areas of computing, just not email (yet).
Visit CryptoGnome in his home.
I wrote it up here:
http://slashdot.org/comments.pl?sid=94145&cid=807
The key points:
You set the fee, and collect it.
You can refund the fee if you wanted the email.
You can add people to a whitelist.
The whitelist uses digital signatures, not easily-forged header fields.
It doesn't really work unless we have a micropayment system that can charge small amounts (five cents) without expensive overhead.
In the discussion attached to that article, one person pointed out that this system could be exploited like this: advertise a job, one that looks like it's really worth applying for. Charge about 20 cents per email to accept resumes. Pocket all the money. It's a perfect small-time fraud scheme: you steal so little, from so many people; who would be motivated enough to check up on whether there was ever really a job to apply for?
I have to say, even without the charging of fees, a whitelist based on digital signatures would be great. You could have a special folder where known-good emails go, and another one for the rest. I'd have my email client play a chime sound when known-good emails arrive, but not the rest.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
This pretty much says it all. If there's a postage charged for email then email will become all spam, not spam free.
The first to go will be lists like the above, no free newsletter is going to be able to justify paying postage on mailings of 30,000 or more.
Along with that will be the automated emails. Think /. will still email you when someone responds to your post if it costs them? Think again. You will not get email order confirmation, notice about your rebates, shipping tracking information, or other automated business related email that you want either.
Some people might pay a micro payment on some email, but others will not. Rather than being the killer app for the Internet, email will fall into disuse.
While all of this is going on, the spammers are not going to be slowed one damn bit. If they could be held accountable they would be stopped already. They will either continue to sign up for throw away accounts and then abandon them and not pay for the email, or they will continue to make their deals with shady ISP who damn well know they are spammers and let it slide. If a spammer has a deal with an IPS to send spam you can bet he isn't really going to pay the ISP postage fees. Worse yet, the claim will be made that the spammer is paying postage fees, and that those supposed fees omehow make it legitimate for then to cram your mailbox with spam for the p3nis patch and the paris hilton video xjrf.
And one other effect it will have is that I will certainly not pay to forward all the hundreds of daily spam I get to utc@ftc.org, and other spam fighters will see their complaints of spam dry up too.
In short order, much of the valid uses of email will come to an end because of this "postage", and spammers will continue completely unaffected. And it seems hard to believe that Yahoo and Microsoft don't already understand this.
I'm an American. I love this country and the freedoms that we used to have.
"The very notion that I have to get permission to send you a marketing message doesn't make sense and is not good public policy," said Richard Gingras, Goodmail's chief executive.
What the hell? It >does make sense from a consumer's perspective, and it might not be good public policy to a corporation because how else will people really know that they want thier product? Unless they actually knew that they needed it, and looked for companies that would produce it?
Actually, this problem can be solved without charging postage on each and every piece of email.
The problem can be addressed by putting people at risk of being charged postage. This can be done by requiring that senders post a bond of say 1/10 of 1 cent per item sent.
If you are sending 30,000 pieces of mail a week, your bond would only be $30.00. If people like your email, you will never have to pay the toll, but if they don't like it, then you will be subject it.
The folks that will be caught in this web are spammers and direct marketers. They send millions of spams in the hope that just a few folks will bite. If we raise their cost of doing it above the return, they will be out of business ASAP.
The only way to kill spam, which depends on a frictionless mailing process, is to introduce some friction (i.e. cost) into the system.
Yours,
Jordan
I remember the original idea being something like this:
1) The user determines how much to charge to read email from someone not on his/her whitelist. For example, I would look at untrusted emails for at least $0.10 a pop.
2) The user can choose not to collect the payment if the unknown sender is someone legitimate, like an old acquaintance, a friend with a new email address, a job offer, etc.
This would effectively kill spam without creating much of an inconvenience to legitimate email.
See charts for twitter trends on Trendistic
Seems to me the quickest way to prove how little postage does for spam would be to sign up a few top-level MS and Yahoo execs for every free catalogue there is... anyone up to posting names and addresses? ;)
(Yeah, I'm mostly joking, but wasn't it slashdot that reported it when the "Spam King" got this same treatment?)
The longer I'm a member of the Human Race, the more I believe Apocalypse is a valid solution.
There are millions of stolen credit card numbers floating around. It may be risky to use them on products delivered to a home, but what about the spammers. How many spammers are going to be buying these numbers and using them to charge up their spam? Could this cause an increase to identity theft? -
Tech News, Reviews and Tutorials
But another method of delivering news is available to content serializers: RSS feeds. RSS feeds allow for true "push" content delivery like email. But, RSS feeds are not as easy to grasp, access or view as email.
Proposal: create an add-in RSS feed aggregator into common email platforms such as Outlook, Outlook Express, Mozilla, Eudora, pine (kidding), etc. Build content creation mechansism into the same email clients with the ability to post the feeds to a public directory (Google? Anyone listening?) with various subscription options on both ends.
This way email could be returned to a person-to-person(s) communication tool for low-volume communication needs; content aggregators could better server their readers/viewers and we can all experience whirrled peas.
Whatever. Anyway, just an idea -- what thinkest thou?
-- @rjamestaylor on Ello
There already is a solution... It is called a digital signature and comes from a Certificate Authority. Couldn't ISP's, Yahoo, or even Hotmail be required to issue PKI certificates to a paying user? Email administrators would then have the option of dropping any email that wasn't digitaly signed (as coming from a legitimate CA). This digital signature would shed light on the responsible parties involved in sending SPAM. Then fines could be levied on the guilty parties. Screw the stamp people. I already pay for the privilage of sending email.
gllshhht...
The answer to the prof's concer is RSS. You give back control of subscriptions 100% to the 30,000 subscribers and eliminate all that mailman/listserv/lyris/yahoogroups/topica nonsense.
If you've ever seen a post to a public list that reads "please take me off your list" you know how goofy subscription management via email can be. RSS is intuitive. Email listserv is not.
I'm not endorsing the email postage solution, but I'll take it if it helps the spam problem significantly. I can control my own mailing lists, Professor. Don't underestimate your users. If they want what you got, they will find a way to get it.
slashsearch.org - slashdot search. powered by google.
Or if we just convinced the RIAA that spam was affecting their music sales
;-)
hummm, I think your on to something here.
how 'bout a peer to peer system that uses open relays. Pit the RIAA against the spammers and let them fight it out!
Thats a fight that I would like to watch!
So, I realize that this is heresy on slashdot, but, playing devil's advocate:
What is so wrong about paying for a resource you are using? Few people expect free phone calls, why should sending "email" bits be different than sending "voice" bits? (ok, a lot of people now use the internet to have free international phone conversation, etc. etc.). Many people on slashdot believe in capitalism - under which you expect to pay in some way for most services. Do we just expect free email because we've always gotten free email, or is there a fundamental reason why email should be free?
Note, I am asking this as a philosophical question separate from implementability of a system like email stamps, or whether it will cost more to charge for 0.00001 cents worth of service than you get, or whatever.
-Marcus
The media accounts are wrong. Microsoft is pushing a processor cycles idea. The NPR interview with Ryan Hamlin the GM of the anti-spam division is a more accurate example of what they have presented.
The accreditation scheme that Microsoft and Yahoo are considering mean you pay for sending spam. You do not pay for sending email. It is like ironport bonded sender, you spam, you forfeit part of your bond. You no spam you no pay.
Ryan was pushing the computational scheme hardest. But the basic scheme is, you stop impersonation spam so you know where the message comes from, then you act on what you know about that person. It authentication and accreditation.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
There already is a solution... It is called a digital signature and comes from a Certificate Authority. Couldn't ISP's, Yahoo, or even Hotmail be required to issue PKI certificates to a paying user? Email administrators would then have the option of dropping any email that wasn't digitaly signed (as coming from a legitimate CA). This digital signature would shed light on the responsible parties involved in sending SPAM. Then fines could be levied on the guilty parties. Screw the stamp people. I already pay for the privilage of sending email. Digital Signatures are free!
gllshhht...
...as long as there's a way to send email "collect". If sending an email costs you 2 cents, you're not going to want to send out a list mailing to 30000. That's $600 per issue! However, if you can send each of those emails and have the recipient agree to pay the 2 cents, then there's no problem. Of course, then you need to prevent spammers from sending collect... Maybe have people wanting on your list pay 24 whole cents up front for a year's subscription? Idunno, seems like yet another 'net problem that could be overcome with micropayments.
All this is going to do is make email totally proprietry and over complex. It will mean banding about digital cirtificates and various payment methods - (probably controlled by microsoft) just to send a simple email the length of this post. But something most people will probably miss is that if two people know eachother then they will just have their email addresses on a "safe" list in their email client and theres no reason they would need to use the payment system.
If your going to make email more complicated i dont see any reason to use a payment based system over a challenge-based system - eg: you send an email to someone for the first time, their server or client sends back an email with a human test (eg type a number from a graphic, answer a simple random question such as "if mary had a little lamb what animal did mary have?" or ask them the name and gender of the person they are emailing) the advantage being that its not a central system, its not complicated, it only needs to be done once, and it can be set/edited/tweeked by the user.
This comment does not represent the views or opinions of the user.
Just because it's on the Internet doesn't make it free. Operating an e-mail server costs money, you have to plug it into a wall and we all know power isn't free. You also have to plug it into a computer network, and we all know those aren't free. You also have to plug that network into an Internet connection, and we all know those aren't free either.
It's the fact that e-mail has no per-message unit of charge that makes it appear free, and why e-mail lists you want to be on are so cheap to operate, and spam you don't want to get is so cheap to throw at you. It's hard to raise the cost of one without raising the cost of the other.
However, e-mail lists can simply convert to a pull-based mechanism such as a web page or RSS... so I think e-mail list operators who shout down anti-spam measures that interfere with their current operations are just being lazy, they can convert their subscribers to other delivery methods if they want to.
Experience has shown that those who say "simply replace SMTP" do not understand the nature of the problem. It's no coincidence that one of the symptoms of being an anti-spam kook is that your solution involves replacing SMTP
My next sig will be ready soon, but subscribers can beat the rush
The solution is out. It's called authentication. It is used in a source forge project called Tagged Message Delivery Agent, and by a for profit company called mailblocks.com. It's simple, it works
-Nuke the moon
(Apologies to those who have seen this before.)
Your company advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
(x) Extreme stupidity on the part of people who do business with Microsoft
(x) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
The REASON we have spam is because some stupid people are BUYING the CRAP the spammers are selling.
My Linux Command of the Day site : LCOD
... and bingo, new SPAM also. If people migrate to IM, then Spammers can just use dictionaries to hassle people's screen names (I have already experienced people trolling for sex talk online) and soon we'll be dealing with dozens of pop-up (which makes it worse) windows asking if we want Printer Ink. And it doesn't necessarily help having a buddy list, because all IM services will still pop-up a window "Spammer has sent a message, would you like to see it", so even though you can avoid the Spam, you still have to deal with the window.
It helps that you can be offline, but if IM is the chief communication then we won't be able to stay offline, if we want our messages. And those that collect messages while offline (i.e. Yahoo) will just flood you with back Spam.
If Spammers can break email, they'll break IM. It's just that up until now there hasn't been reason to. Don't give them a reason, either.
[Please exuse me if this is what the article is about, I didn't feel up to sacrificing my first male child to the Times.] The newsletter for the Society for Industrial and Applied Mathematics has an interesting article about postage. from the article (link goes to page with link to PDF Read "Math 1, Spam 0")
The Penny Black Project instead uses "proofs of work," a concept first introduced in 1992 by Cynthia Dwork and Moni Naor of the IBM Almaden Research Center. The idea is simple: "If I don't know you, you have to prove to me that you spent ten seconds of CPU time just for me, and just for this message," says Dwork, who now works at Microsoft Research. For legitimate senders, spending ten extra seconds to send an e-mail message is no problem. Most of the time, you spend more time than that simply composing the message. But for spammers, those ten seconds are the kiss of death. The one thing that no one can steal is more seconds than there are in a day. For a single computer, the CPU time available in a day amounts to 86,400 seconds; a spammer who wanted to put electronic postage on millions of messages would thus need hundreds of computers. Dwork is betting that most spammers cannot afford that kind of expense. Spam costs almost nothing for a spammer to send, but a recipient who looks at the message and manually deletes it incurs a perceptible cost in lost time.
There are dozens of "great" ways to solve the spam problem, this may or (more like) may not be one of them. But the real problem is finding a migration path away from the current system to any new "fixed" system.
During the transition period, users will either have to accept e-mail from the old SMTP system, or refuse it. If they accept it, why would anyone move to the new system when they are still going to get spam via SMTP? If they refuse it, why will anyone move to the new system when it means they anyone still using SMTP (which at the start, will be virtually everyone) will be unable to e-mail them?
If we could say, "OK, from Jan 1st 2005, SMTP is gonna be switched off and everyone will use the new system", there wouldn't be a problem, but obviously we can't do that.
Or we could somehow stop spam from SMTP getting to accounts on the new system. But then, if we could do that, we could presumably use exactly the same technique to fix SMTP.
If we are going to pay postage, we must have some electronic way of doing that. It could be creditcard or something else. Whatever it is you will have to be able to do payments through your computer. That will probably include som account information et.
What an admirable target for viruses, trojans or spyware that would be. The relatively small problem of using e-mail filters to prevent your inbox from clogging up will be replaced with the bigger problem of keeping your money in the wallet.
A better way would probably be to only accept digitally signed mails, that way the sender could always be identified, and if spam was illegal in most countries we would be able to prevent spam with legal processes.
The problem is that there could be legitimate use of anonnymous mail. E.g. who would send an e-mail to the press telling that their company is doing an Enron to the press or even the police if they knew they could be identified.
But I think its easier to learn to live with this disadvantage, than to loose the money in your wallet. After all wistle blowers could still slip a paper note into an unmarked envelope and slip it under the doorstep of the reciever.
God is REAL! Unless explicitly declared INTEGER
Doesn't it just come down to killing the easy anonymity of email? If the whole system was run in a secure fashion, then it would be child's play to sue the pants off a few high profile spammers and put the whole bunch of them out of business. And blacklists would actually be useful.
Of course it requires a major conversion of the ol' SMTP, but with a huge amount of power concentrated in AOL, MSN, and Yahoo, I think they could come up with a secure email alternative and force everyone to upgrade. It would be painful for a bit, but in the long run I bet it would be better.
I'm all for anonymity in general, but not in my inbox. Post to a discussion or something through an anonymizer if you want that.
Cheers.
It's the same ridiculous concept as the RIAA is pushing. There's not enough "friction" currently so let's make it harder and more expensive to use so that it will cut down on "spam." Obviously the end result is that ordinary people pay more and have less freedom to use the technology.
Advantages: real email stays free, spam costs, microtransaction standards emerge.
Disadvantages: Microsoft and Yahoo don't make as much money. Sorry.
mt
If there was going to be a charge for email, consider how one group of email users, namely universities, would react. First, they'd find a workaround/new protocol so internal "messages" wouldn't be charged for. Next, universities would find a way to exchange "messages" between each other without charges. Then others would pick up on the idea and ...
There are technical solutions, but they won't be adopted until a certain pain threshold is reached. Spam filters have improved a lot lately and have been holding the pain down. Charging for email would ratchet the pain level up immensely.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
I'm drowning in spam, and it's getting in the way of my job. The only solution that can possibly work is one that involves putting a price tag on spam. So here's my proposal (which I've put on here before, btw; this is not a new topic). The only way to put a price tag on spam is to put a price tag on email. But it doesn't have to apply to all email.
The price, then, is for the right to touch MY mailbox IF you're a stranger -- if you're a mailing list that I've subscribed to, you would go onto my whitelist, and come in postage-free. If you are somebody I know, you go onto my whitelist, and come in postage-free. Yes, for this to work, there has to be some way for the POP server (NOT the client) to maintain per-user whitelists.
If you're not on my whitelist, you need to use a one-time "stampette", whose price would have to be high enough to discourage spammers, but low enough to not bother anybody worthwhile. I'm thinking around a quarter-cent per message, but it wouldn't be fixed by anyone in particular. These stampettes would be issued on a free-market basis, and anyone could set up a micropostage service, provided that the *recipient* whitelisted it. So if somebody were giving away stamps at, oh, a million per dollar, then spammers would use them, and those stamps wouldn't be on my whitelist. Again, it's a free market solution, no government intervention.
ISPs, in this scheme, should issue all subscribers a batch of stampettes (which mail clients would learn quickly to attach, if needed). A thousand for a quarter-dollar (or quarter-Euro) would be more than enough for a month, don't you think? How many strangers (or first-time correspondents) do you write to?
Also check-out the Mailbox Reputation Network, which can provide the infrastructure for doing this on a global scale.
Saying that making people pay for e-mail because someones uses e-mail to send SPAM, is like saying that people should pay for pings because someones uses pings for DoS attacks.
The best solutions (but hard to implement due to the stupidity of a major portion of computer users, like those who open attachments and spread MyDoom) is to have verifiable sender and reciever. I.e. have e-mails digitally signed, so that you'll be sure that it's send from that specific someone specifically for you. That would actually also stop e-mails from viruses who fake the "From:" field.
Perhaps if digital signing and verifying will be made seamless in the mail (STMP and POP3/IMAP/HTTP servers) servers, it will actually work!