Slashdot Mirror
Would you Warranty Your Email?
Kurt writes "A team from the University of Michigan is proposing an economic solution to spam. Instead of relying on technical solutions or government regulations, they use a sender warranty system. In some cases, they argue, it can even be superior to a perfect filter with zero cost, and no errors. Their working paper is available at SSRN. With the caveat that some infrastructure is necessary (isn't it always?), they also claim their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange."
I wonder how well this would work if everyone on Slashdot could warranty their posts. It could be implemented by adding a checkbox next to Post Anonymously, call it Post With Warranty. Your comment then gets bumped up to "+5, via Warranty." If people think it's not worthy of being +5, and they have mod points, they can moderate it down. If they mod it down, they take subscription points from the poster. If the metamoderator disagrees, the moderation is reversed as expected *and* the subscription points are returned to the poster.
I think this could work. But it sounds like a pain to implement.
(fp)
A programmer is a machine for converting coffee into code.
If I start rejecting all email which is not from a verifiable sender, I'll quickly cut spam, and impose some costs onto those who wish to sent me email. I'm willing to pay those costs when it becomes my turn to send an email. I would start with the recent authorized sender protocols, in addition to Public Key Infrastructure, to begin to authenticate a sender.
Once PKI starts to take hold, there would be an incentive for the spammers to start creating throw-away identities, which we could counter with a reputation system for the sender's domain. We could also create a "web of trust", automatically managed by our mail servers, or ourselves, to nip the counteroffensive.
So, there it is... my alternative... sign and validate all email.
--Mike--
I propose that any and all spammers be subject to possible castration when caught. No infrastructure required... although verification of actual spamming may be a good idea, I say we fly by the seat of our pants... As a positive side effect, Open relays would be fixed pronto... for many admins would fear for their manhood...
;)
Laugh, it's a joke!
---
Programming is like sex... Make one mistake and support it the rest of your life.
A team from the University of Michigan is proposing an economic solution to spam.
if you stop sending me spam now, I won't kill you
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
will I get charged a restocking fee when someone replies?
One benefit to having email is the ability to post information anonymously in order to avoid possible repercussions. Slashdot has that feature with the "Post Anonymously" checkbox (which should be pointed out, is not 100% anonymous and can be tracked by IP and logged-in account name) and it also exists with anonymously emailers.
Forcing someone out into the open by the use of such 'warranties' imposes a chilling effect on free speech through email.
I hate spam, but I hate the idea that important speech could be stifled by the use of badly considered spam 'solutions'.
I have been pwned because my
The idea is basically this: You (the recipient) put a value (say $10) on incoming mail from strangers. If someone wants to send you mail, they have to put that in an escrow account. Then if they meet your requirements, you can recieve the mail. -- If you don't like the mail from any reason, you can take the money from escrow. If you don't do anything, escrow will be released after some time. Oh, they mention that this might not be neccessary for people you already know (whitelists).
This is just lame. The amount of "infrastructure" required is totally ridiculous.
They ignore the fact that email is a general communications media / People who do not like eachother do email because it's practical / but under this nutty system, people would only email people they trust not to "steal" their money in escrow. Mailing lists, anyone?
Once again, someone thinks that you can "solve" spam for the recipient at a huge penalty to a legitimate sender.
Arrg! I hope they didn't get paid to write this tripe.
A team from the University of Michigan is proposing an economic solution to spam. Instead of relying on technical solutions or government regulations, they use a sender warranty system. In some cases, they argue, it can even be superior to a perfect filter with zero cost, and no errors. Their working paper is available at SSRN. With the caveat that some infrastructure is necessary (isn't it always?), they also claim their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange.
Would you mind writing a little more and saying a little less. I found this description too short and full of specific information.
-Colin
The primary problem I see with this is getting enough people to start using this system. The majority of people probably aren't going to bother with it unless they have to, which means that most emails will be accepted whether or not it costs the sender money, good or spam, because most of a given recipient's contacts will not have the escrow set up. Unless creating the escrow account is mandated, which makes it no different than most of the 'tax' systems, I don't see this model working any better than what we have today.
What looks good in an academic paper doesn't always translate into the real world. Would their idea work? Yes, with sufficient participation. Will there ever be sufficient participation? No. Look at pgp keys/signatures. There are means of validating the sender's identity now that would stop spam, but they are not used because it requires people to opt-in and most people don't care enough (no matter how much they complain about spam).The bigotry of the nonbeliever is for me nearly as funny as the bigotry of the believer. - Albert Einstein
There we go. It creates a marketplace!
If it didn't, wouldn't it be one worthless invention?
These guys must be going for their Advanced Circumlocution degree. After the usual introductory review of existing solutions that don't work, they dive directly into graphs proving how their system will increase everyone's well-being. I gave up halfway through. Could somebody briefly sum up the mechanics of their solution -- what exactly are they proposing that the sender and receiver (and the third party) do? Maybe it was so obvious that I just missed it.
They spend way too much of their paper on analysis of why this would work, but nothing on how to implement it securely.
And because you ARE talking about money, it would have to be secure.
why does evry problem in life have to be solved by creating a free and open market?
I for one think that there are some things that can not be solved simply by attaching a price tag to it.
do you want to polute? how much money do you have to buy pollution credits?
do you want to send email? how much money do you have to buy a warenty?
do you want to get laws passed how much money do you have to "lobby" with.
sigh...:(
--meh--
So these guys want our computers to spend our money? First they have to secure every machine. Of course, once you do that, you don't have DDOSes, nor proxy spam. The first step of their solution *is* the solution; the remaining steps would be a waste of time.
-russ
Don't piss off The Angry Economist
So you get infected with MyDoom.D and it warrants your email... then all the people in spams collect the small fee for each message and you're broke.
Mailing lists would be a bit difficult too, not to mention usenet gateways. If I mail a gateway and it posts to usenet, does that count as one email? What about the other way around: I post to usenet, does the gateway owner have to cover the cost of the message going to all subscribers... I shouldn't, I didn't even send an email.
Then people who get this nonsense in their inboxes can get together and take the companies who use spammers (and the spammers themselves) to market their junk to court. Once the companies who use this service start getting served with class action court orders to stop or else, they should soon get the message.
Of course, there's nothing to stop the spammers moving/subcontracting to e.g. India or some other place where sending unsolicited emails isn't illegal, but it's a start. Ultimately we can hopefully have a worldwide ban against the sending of unsolicited commercial emails.
-- Fuck Beta
I'm a geek. I'm a security engineer. I'm here to say -- the solution is not in the packets, but the dollars.
Spammers have gotten to the point where they're breaking into people's machines to get them to illicitly send spam. Look at that carefully -- you can't even trust your friends not to spam you anymore. If you don't think Spyware is going to adapt to a spam transport, you're not paying attention. Ultimately, we need criminal prosecution for fraud that follows the money (because money transfers are really well traced). The money link needs to be broken.
Nothing else has even a hope of working.
--Dan
...that will put him in pound-you-in-the-ass prison...
Shouldn't that be Federal-pound-you-in-the-ass prison?
"That's not ironic, it's just mean!" - Bender
We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
After having introduced the concept of "whitelists" for known senders the article continues:
In the case of strangers, the warranty mechanism is more suitable. Analogous to a standard bond mechanism, delivering email to an inbox requires an unknown sender to place a small pledge into escrow with a third party. In the case of screening, recipients determine the size of this bond, which they can dynamically adjust to their opportunity costs. The email is delivered only after the recipient receives suitable confirmation that the bond has been posted. When the recipient opens the email, she may act solely at her discretion to seize the pledge. Taking no action releases the escrow after a period of time.
IMHO this means the end of mailing lists - what would prevent me from signing up (automatically, of course) to thousands of mailing lists and collecting all the bonds placed for messages posted through these lists ?
"Of course mailing list operators would first get your approval that you let through all their messages".
This is where it starts getting complicated. And complexity is exactly what I don't want with email - it is simple, and shall remain simple.
Therefore I am perfectly willing to put up with the current spam levels - hey, I can deal with those five to ten messages a day which pass through my Bayesian filter. On certain days I get more than that in my smail box.
Is there anyone who ISN'T proposing an economic solution to spam or email? Every day it seems like someone is proposing it and making it sound as though they are the first ones who are making the suggestion. Everyone making a proposal would a long, long way to show why all of the competing methodologies will fail or be compromised and why theirs will succeed (or have a greater chance of succeeding).
Let us not forget what William Henry Gates III said [1], "I don't care what the information superhighway looks like as long as I've got a tollbooth on it." Everyone is making suggestions to charge for email not because the ideas are technically superior but because they want to be the tollbooth collecting a microcent for every piece of email running across the 'net. Unless|until there are certain issues taken care of online, micropostage will not solve the spam problem although it may still drop money in someone's open pocket (and they will likely not care about spam once that happens).
[1]ca. 1995-96 just after he returned from his annual sojourn and realized Microsoft almost missed the Internet boat.
I send you email. I have to put money in an account.
You receive my email, but you've set a monetary level to be checked before it is delivered to you. If I didn't put enough money in my account to meet your level, it doesn't get delivered.
Now, you read my email and don't like it. You get to collect the money I have in my account at the level you set.
If you do like my email, I go on a whitelist.
Example #1: I put $1 in my account, you set your level at $5. None of my email will ever be seen by you.
Example #2: I put $5 in my account, you set your level at $1, you get my email. You don't like my email, you collect $1 from me.
Example #3: I put $5 in my account, you set your level at $1, you get my email. You like my email, so I go on your whitelist.
Simple, really. In theory.
In practice, almost impossible to work.
Comment removed based on user account deletion
I don't think that free speech requires anonimity ... Basically, you add accountability.
Which would lead to --
"Children should be seen and not heard." (Because they cannot be held accountable for what they say.)
"The nail that sticks up, gets hammered down." (Because you can't voice dissent without drawing attention to yourself and your family.)
Effective free speech requires anonymity -- There's usually needed a period of underground "pot-stirring" in order to add momentum to a movement.
For example: Let's say your boss regularly beats the shit out of you when you walk in the door in the morning. But it's your first job, so you don't know if it's normal or not. But your family depends on your income. You could post anonymously on some forum asking "Hey everyone! Do your bosses kick your asses in the morning like mine?" / or sign your name and likely get a bigger ass whopping along with being fired.
---
Proud UofM Alumnus
Thede Loder
University of Michigan.
...it assumes that all the mechanisms for posting and collecting these bonds are perfectly reliable, perfectly secure, and unhackable.
Right.
If they aren't this just opens fresh avenues for abuse.
For example, you receive an email saying "Your PayPal account will be suspended if you don't reply." You find that in order to reply you will have to post a bond of $0.0001, which is the going rate for such things, so you do so without thinking about it. Later, you discover that due to some cunningly-engineered HTML, the part of your screen that you THOUGHT was telling you that the bond was $0.0001 was somehow faked, and that really you posted a bond of $1000 which the sender has collected.
Or whatever.
"How to Do Nothing," kids activities, back in print!
Ohhh look another "best idea on the internet" that's the same old "charge them" idea that many others have had that's still stupid.
Basically this idea annoys everyone and solves nothing. There would be a lot of rich people who simply spend all day signing up on lists and then collecting the "fine" when they get e-mails.
The way to stop spam that doesn't require messing with STMP is to use web-forms. The web-form on my mail server is written in PHP and is basically a custom e-mail client. It connects to the mail server and sends to exactly one address that's hard coded in the script. Giving it random letters and numbers would prevent spammers from guessing it and users wouldn't care because they don't have to remember it. My particular PHP script only sends text only e-mails as well.
If you use a non-generic web-form with a unique filename and unique variables, it makes it quite impossible for spammers to make bots to whore their spam automatically.
What would be really clever if you want to prevent bots entirely you just have an array of images. And an array of questions, one for each picture. And the user has to answer the question like "what color is the apple?"
No amount of image scanning by a bot is going to figure that out.
Then instead of telling people an e-mail address you just give them your domain. It's still SMTP so you can contact people out side the script if you want.
The other method I use on the server side is filtering domains that spammers use to host their product pages or images. I've gotten hundreds of e-mail attempts according to RinetD's logs and only a couple spams with domains I hadn't added to the filter yet have gotten through. Since the PHP script goes through the mail server and doesn't actually send the e-mails itself, all the spam prevention is also applied to the web-form. And since no legitimate e-mails use those domains, I've had 0% collateral damage.
I get virtually no spam and have yet to break SMTP or charge anyone anything just to send me an e-mail. It's really not that hard.
Ben
Work Safe Porn
Email is one of our last few partially anonymous methods of communication. Emailing (and posting) as "Anonymous Coward" is a seriously useful thing and taking it away from people will probably be more disasterous than originally imagined.
There was some drama recently around an anonymous e-mail communication this past few weeks at my roommate's place of employ. What did the sender use? Hotmail.
Hotmail, yahoomail, and other free mail services use ciphers to identify people as human beings, and track IP's to resist automated signup scripts, but the medium is still essentially anonymous. Except for the IP address of the sender, which can be masked via a little wardriving or a trip to the library, the system is as anonymous as the sender wishes.
The ______ Agenda
The problem is, there are a TON of moderators that will go and mod-bomb people because they don't like them, regardless of how well-reasoned their post is
Who are these mod-bombers? I mean, what does it take to earn the wrath of people on Slashdot? Who takes Slashdot that personally?
Myself, if I've got mod points, I mod up when I find value to the post, I mod down if I feel it's overrated, and very rarely I'll mod down for other reasons.
How do these mod-bombers get mod points? doesn't the meta moderation system let you put the screws to these mod-bombers? Can't we moderate their own posts down, so that the system deems them unworthy of mod points?
Orson Scott Card did exactly that on "Shadow of the Hegemon". A lot of the book is comprised by e-mail exchanged by the characters. The format he used was "user%key@domain". If you have the key you go through, if you don't have it you get rejected. This might work, but it would just make the spammer's job harder, not impossible.
http://www.eecs.umich.edu/~tloder/one_pager.html
That site has a shorter and easier to read description of the ideas presented in the paper. The paper is really a technical economics paper, not a mass-market thing. The one-pager is much easier to read, and its the same people.
Good enough summary?
The sender deposits money with a third party to send an email. Once enough money is in, the email is delivered to the recipient.
The recipient can choose to take the money for whatever reason (needs a beer etc). If the recipient doesn't do anything, after a while the money returns to the sender.
The recipient can put the sender on a white list which means the sender doesn't need to put up money.
The authors/proposers say that the alternative of making everyone digitally sign their emails doesn't work. I don't see why that is harder to implement than this approach, esp since digital signing involves a lot less money AND there is no need for trusted third parties to be trusted to hold millions of bucks in escrow. It is very easy to blacklist CAs who certify spammers, CAs can always insist on valid IDs - so spammers will have to keep hiring Joes to send their spam for them, and ISPs and Antispam software can easily detect the unusual case of a single Joe sending 1 million messages.
So digital signing can work if everyone uses it. But would everyone use it? Similarly would everyone use this money deposit thing? You have to set up even more infrastructure than digital sigs (already many email clients support s/mime, and there are plenty of CAs).
This has many of the disadvantages of digital signed emails and few advantages.
Imagine when the next email worm makes tons of random people very rich and millions of stupid people poorer just coz some kid in Belarus thought it would be funny.
Stupid idea.
It also won't be approved by Banks/Govs/etc because these ppl like to keep track of money transferred around. Think: "money laundering", and keep thinking some more.
Stupid idea.
Is it different than what we currently have?
If so, it won't work.
Looks, spam, spam mail, telemarketers all exist today due to profits. People profit from them, so people will continue to do it.
"But take away the profit then!" far easier said than done. And even if you could, I would argue that you shouldn't. At least not legislatively. Let's see someone be half as creative in the private market as the spammers are. If they are creative, and their system works, then they get to be rich beyond belief. What's that? You don't want to pay for a spam solution? Well, believe me, those little things called Taxes? You're paying that judge to sit and preside over your case and you're paying those hundreds of Congressmen to sit and chat about this e-mail spam problem. It ain't free people.
If there was no market for spam, then it wouldn't exist. There is a market, you don't like it and I don't like it, but it does exist. People aren't sending chunks of steak through the mail unsolicited because that wouldn't be profitable.
www.jackasscritics.com
Anyone else getting this:
Hotmail.com has added some interesting new filtering to their 'spam blocking' tools. Essentially, they're blocking mail based on the content of the message (what you send), but they won't tell you why it was blocked. There's a magical formula there somewhere. It is not blocked by IP address, as some messages go through and some do not.
This is occuring from *all* senders, in *all datacenters*.........It's a hotmail specific problem. Here's a microsoft.com employees response to the issue:
quote:I've been talking with others here at MSN Hotmail and going over possible options for a domain having this problem with our filtering system and trying to find out what we can do about it.
We recognize that our filtering technology is blocking your email and unfortunately, we are not able to reveal the details. Although we have no obligation to ensure that your email is delivered, we are working on a solution for people in your situation. At this time, however, we have no solution to offer you.
We have hopes of such a solution sometime by next couple of months but that is by no means a guarantee.
I'm sorry I can be of no further help in this matter.
Julius Caesar - Act I, Scene i: "What mean'st thou by that? Mend me, thou saucy fellow!"
What about the third parties who are supposed to manage the escrows? There would doubtlessly have to be very few of these companies (maybe even just one) doing the job, otherwise you have the problem of trust -- with thousands of companies holding escrow like this, you may well be wary of a company that comes along and says "don't worry, we've got the escrow, now give us your bank account number..." So we're primed for a monopoly of sorts. And whatever megacorp comes along and fills this position, they will have access to the e-mailing habits and history (not to mention financial records and perhaps even buying habits) of potentially billions of people. Anyone else scared by this prospect?
stratjakt sayeth: "only degenerates and hotmail users recieve spam." You are forgetting people whose email is listed on a company or univ. website. "Degenerates" that use usenet also get spammed, alt.kool-aid should not attract penis cream ads for god's sake
... that i have no mod points.
I agree completely and emphatically. Email is not a free-speech/privacy issue, and i think people are forgetting that.
There is no provision in the constitution that guarantees an audience for free speech, yet this is precisely what anonymous email does. It puts a burden on me, the recipient, to sort through the garbage of others.
If you want more anonymous speech, get a blog, post to a web board, post to usenet.
Your freedoms stop when they infringe on the freedoms of others. Your freedom to be heard is wholly consitutionally blocked with my right to post a no soliciting sign.
I see no reason why I can't effectively put a similar sign on my email box. (let alone my meatspace mailbox)
the only reason bulk mail persists, is because it's effectively privately subsidizing the outdated and inefficient USPS. Spam, on the contrary, is wholly an economic drain on the delivery system. there is no benefit to anyone to retain spam, except those corporations who wish to have no responsibility to maintain an honest opt-out policy.
sure, spam finds willing recipients, so someone must want this garbage - but so do door to door salesmen. And I'm perfectly within my rights to forbid them from coming onto my property. a right which does not in any way infringe on their right to be heard, or their ability to simply bug my neighbor.
// "Can't clowns and pirates just -try- to get along?"
And yet, there are moderators who will mod down anything that goes against the "geek norm", regardless of content. On some recent thread about movies, I posted what I thought were reasons why LOTR-ROTK was just a good movie and not fantastic. I was modded as a troll faster than you can download a picture of Natalie Portman. See for yourself Now granted, I didn't go on in great length about my points, but I still think that if you can let go of the fanboy fanaticism and look at it honestly, what I said holds. I was by no means trolling.
The problem with moderators is that meta-moderating is just a little-too-late. And even if it did work well, it wouldn't be able to stop biased moderating. Or it would plunge it into the void of predictable moderating. Or are we already there? There is a mod of "Troll", but not of "Karma Whore".
My beliefs do not require that you agree with them.
I might be missing a critical idea. I feel that I must be. (In my defense, I was up all night playing Crimson Skies and then preparing for an 8:30AM project status meeting.)
It seems that this warranty, escrow account system would not work well with hacked computers, viruses, et cetera. Here's a simple example; please tell me that I'm wrong. My grandma makes a reasonable attempt to secure her system but leaves some holes. Some hacker, working for a spammer, gets in her system and installs a nice little backdoor program. The spammer starts emailing people from her computer until the money in grandma's escrow account can no longer cover the warranties. The recipients are obviously angered by receiving this spam and collect the money on the warranty. How is she going to get her money back?
I don't need to belabor this point, but does this plan assume that all email sent from a user's account was purposefully sent by that user? If so, I can't support that. Virus writers and hackers aren't going away. Computers may become more secure; users may become more experienced. But our increasingly interconnected world is simply too complex to eradicate every security hole.
This is an interesting idea. Maybe a good target for the application of a micropayments system too, possibly for commercial e-mail marketers. For example, a company with an escrow account may need to pay a certain percentage of one cent per message based on volume and message rejection rate. This would keep costs down for the sender (especially if the formula allowed for completely free delivery when in excellent standing), discourage the casual spammer, allow the escrow to generate revenue, and possibly avoid e-mail tax laws and the like by making e-mail usage earn taxable money. That's just off the top of my head. I don't have any specifics in mind, but I'd be interested in hearing more from the economics geeks. Anyone care to pick me up?
ascii art
Another solution that won't work, mostly because it doesn't contain the magical phrases "shotgun" and "spammers head".
Seriously, though: Spammers have been breaking into computers for years now. The current international spam mafias run bot-networks of several hundred-thousand machines each.
So sending mail will cost money (stamp, warrenty, tax - no matter the mechanics). Why exactly should the spammers care? It's not like they're sending from their machines or spending their money.
The serious, working solution to spam is two words: Jail time.
Assorted stuff I do sometimes: Lemuria.org
The best current solution is really the only one. Have a list of friendlies ( possibly with server information ).
How often do you get an email from a complete stranger that you really want to read. For most personal accounts you have a limited set of email buddies, a lot like an instant messenging service.
Building this list is the big issue.
Say you buy something from amazon.com, or another site. The web application needs to be able to add itself to your friendly list. Of course this does not happen automatically, but with something you click. A simple standard would not be that hard to devise so any mail client could recieve the message. Upon receiving the message the user is asked if the email is a friendly. At this point the program could check for a valid MX record, and a slew of other tests to see if the record is valid and issue a warning, or give the green light.
Now if the email is webmaster, or your the kind of person that does get lots of emails from people on the Web, like a CmdTaco you need some
more tools. But current spam checkers matched with MX lookup could seriously limit the number of records. You could also do some kind of verification routine where your email program sends an auto-response with one of those pictures. This has gotten worked around with letting porn surfers answer the question for you, but I'm sure it won't be long before people write bots to answer the porn guys wrong.
MX lookup I think will be the first step. If you can reverse an address, then ask that server if the email is authentic, and even give a CRC/timestamp to see if the email came from it. This would make it harder to run your own email server, but if you doing this you probably know what the hell MX records are.
<spammer> Crap, this warrenty plan for email has destroyed my spamming. .ru. Spammer then invokes warrenty, quickly withdraws money, and continues the cycle with a new virus.**
<spammer> **thinks**
<spammer> **Writes email virus that causes the infected computer to send email to a dummy account in
Your idea is borked, methinks.
Would you Warranty Your Email?
No, I wouldn't. It's an interesting approach, but I'd never participate in it. It will COMPLETELY break the way things work, and make communications much more complicated. For example, friends/family/colleagues send me a ton of crap. Let's suppose for a minute that I set my cost as $50 per message. I have multiple addresses, so when people forward some ridiculous chain mail on some topic that I vehemently disagree with them on, I get multiple copies. So let's say I get three copies of this chain mail from someone. With the click of a button, I can set a friend out of $150. Obviously, they wouldn't remain a friend for long, and maybe there's something to be said for making people think twice about forwarding me crap.
But now consider a corporate setting. Let's say I'm really sick of spam at work, and set the price to $500 a message. My boss sends me mail informing me of budget cuts; I'm angered by it, and thus flag it as spam, charging my boss $500.
And I won't even get into the potential for abuse, where I try to impersonate someone else sending me spam, charging random people insane amounts of money.
And this just won't work. Spammers have a 'spam and dump' mentality -- they're sign up for a server, or find a new open relay, dump a ton of spam, and move on. I would fully expect spammers to completely disregard this, running up hundreds of thousands of dollars of debt on a credit card they used to purchase the server. They never pay the bill, and move on. In some strange way, it's kind of like the "If you outlaw guns, only outlaws will have guns" -- spammers will find ways around this, and we'll only inconvience people trying to send legitimate e-mail. And the basic premise sounds to have a ton of potential issues.
________________________________________________
suwain_2
They miss an important point in the article :
... unlimited.
... right, noone.
In RL, a warranty usual is the value of the purchase, that is from 1$ to
Now, who has ever returned a floppy disk to the store to claim the warranty
Warranties ONLY make sense if they are expensive, at least 50$ or so, but 1cent warranties just dont work. The money at steak must be important enough for the customer to actually justify the trouble for claiming the warranty.
In their proposal, the trouble of claiming is minimized for the recipient, so that they may be more kin to claim the warranty. However, even then, this still doesnt make sense. I wouldnt do more than click on ONE button to claim 1 cent. If I had to click on two buttons, it wouldnt be worth it.
(I might, however, do it anyway, but in this case not for me, but to punish the spammer, hoping that others do it too)
BUT : the warrant must also be large to justify the trouble of FIGHTING a false claim. As well as the spammer will be harmed by millions of claimed warranties, a hacker could make the world send him 1cent warranted emails and claim the warranty on all of them.
This is far more realistic then the 1000$ warrant someone mentioned. If I'm charged 1000$, I go to the police. Will you go to the police if someone steals you 1 cent? But with computers, a hacker could easily steal 1cent from millions of people, making tens of tousands of money.
As the warrant is to small to make it worth fighting a false claim, we will see a complete new wave of cyber-crime here.
And this even without the technical problems of actually tracing an email.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
This technology requires a sender-verified, secure, trackable, unbreakable e-mail system that ensures the sender is who they say they are, the recipient is who they say they are, and the message is exactly what the sender sent. All mail-sending accounts must be registered and accessible in a centralized database, and must contact that database to send mail.
The domain hosts then become responsible for the activities of the spammers, because the discovery of the spammer and their account address becomes trivial. Deal with the problem, or be black holed. Or, alternatively, the spammer can be locked out at the db level.
No where does charging the spammer become necessary. The spammer is simply locked out. E-mail stays free. Nobody gets charged when hacked.
Personally, I would support a domain-sender-message verification system, whereby a message is Md5'd (or some quicker form of hashing) on its way out and stored in a database for each 12 hour period. Upon receiving the mail, the recipient's mail server queries the reported sender's mail server with the message's listed Md5 key. The mail server goes through the databases for the last 3 12 hour periods (in reverse order) and searches for the listed key. If the key matches, it gives a positive response. If not, the message is destroyed.
Bingo, verification that the message originated in the particular domain, and that domain is responsible for the activities of its constituents. If that domain owner refuses to take action, their domain and their IP addresses would be blacklisted.
The ______ Agenda