Slashdot Mirror
Yahoo Revives Pay-Per-Email, With Charitable Twist
holy_calamity writes "Yahoo research have started a private beta of a scheme that resurrects the idea of charging people to send email to cut spam. Centmail users pay $0.01 for each message they send, with the money going to a charity of their choice. The hope is that the feel good effect of donating to charity will reduce the perceived cost of paying for mail and encourage mass adoption, making it possible for mail filters to build in recognition of Centmail stamps."
The idea is that a Centmail signature attached to a message would automatically reduce the message's spam likelihood; if enough people adopt Centmail, then receivers would be increasingly able to require a Centmail signature on mail, and killfile mail that lacks such a signature.
In theory, great. In practice, I predict it spiraling out of control as different parties try to "get in on the action" and see a chance to turn a profit instead of just giving the money to charity.
Palm trees and 8
How will this discourage spam if the spammers are just using pwned accounts?
Honestly, this is one of the stupidest things I have heard of. For one, if this is adopted it will lead to discrimination of services (as in, you are using Gmail and not our ISP's pay-mail, so your message automatically gets flagged). For another, I've found that Gmail and other webmail services are pretty good of not giving false positives, in the few years I've been using Gmail, I've gotten 3 spam messages total, none of which was a false positive and no spam e-mails in my inbox. But honestly, this is simply charging for what should be a free service to help solve a problem that doesn't exist if you use Gmail (can't say for any other mail provider because Gmail has been so good I really haven't used any other mail provider).
Taxation is legalized theft, no more, no less.
Exactly, they're trying to charge spammers for guaranteed delivery to your inbox. I prefer the Gmail model of spam management - build some incredibly good filters and eliminate 99% of all spam.
From what I understand, this is not fighting spam directly. It's to encourage the adoption of a system that eventually will allow people to fight spam effectively-- that is, if everyone's already used to paying the cent for sending an email, they won't care when every email provider adopts this model. It only costs them a few bucks, after all. However, if you're sending millions of emails...
Oh right, the only foolproof way is to rely on HUMANS.
You must manage an IT dept or something, I take it?
Mod me down, my New Earth Global Warmingist friends!
I think you would have to be authorized to Centmail's SMTP servers. Pwned accounts are not such an issue either, if you buy blocks of 500 "stamps" ahead of time and are not automatically billed for it; spammers would only get a small number of stolen stamps at a time, and that would at least slow them down.
The real issue is that it will not remain charitable for long. If it becomes popular, rival for-profit services will start cropping up, and we will wind up with a situation similar to SSL, where there are dozens of different authorities competing with each other, some with different levels of trustworthiness, some charging different amounts, etc.
Palm trees and 8
If this becomes popular I can see yahoo charging for all their mail services.
Don't worry. It won't become popular.
It's essentially a way to guarantee to recipients of my email that it is not spam.
Also, when customers with zombiefied computers get a six figure bill from their ISP, maybe they'll spend a few bucks to get their system cleaned up and secured, which benefits everyone.
Well, the best part for the spammers is when they don't pay the 10$ because the owners of the zombie PCs do... This objection was raised years ago already for other "payment" schemes like for instance the computation payment (you do a computation that takes a lot of CPU to sign the message. So you "paid" for your stamp).
It does not sound like a very well thought plan. Maybe the idea is that people will be more careful not to get pwned?
In all honesty, I would rather keep email the way it is. This "stamp" based approach will not work; either nobody will adopt it, or it will become popular and a bunch of other stamping businesses will crop up looking to make some money. I would rather just continue with my current spam filters, which kill 95% of the spam that hits my machine -- the other 5% does not amount to anything terrible.
Palm trees and 8
Look at what happened with SSL. There are dozens of different authorities, each with different requirements, and the net result is that an SSL certificate is not the highly reliable security token that it might have been if greed had never entered the equation. This system will succumb to the same problem: everyone will want to get a piece of the action, and in the end only amateur spammers will be thwarted.
Palm trees and 8
The idea is that a Centmail signature attached to a message would automatically reduce the message's spam likelihood; if enough people adopt Centmail, then receivers would be increasingly able to require a Centmail signature on mail, and killfile mail that lacks such a signature. In theory, great. In practice, I predict it spiraling out of control as different parties try to "get in on the action" and see a chance to turn a profit instead of just giving the money to charity.
Besides, this doesn't address the ultimate cause (or depending on viewpoint, the ultimate enabler) of spam. Spam exists for one reason and one reason only: someone, somewhere is willing to buy from spammers or otherwise to give them money. Any solution which doesn't address that has entirely failed to learn why Prohibition didn't stop people from drinking or why the War on Drugs hasn't made illicit substances go away. It doesn't matter how sophisticated or underhanded the spammers are, if no one gives them money anymore they WILL go out of business. This is probably a matter of education, though it's possible that credit card companies could be part of the solution since many of these transactions could not occur without their services.
It is a miracle that curiosity survives formal education. - Einstein
I thought a lot of spam came through zombie / infected computers. So, it's just going to be other people who pay for it anyways.
"The past was erased, the erasure was forgotten, the lie became truth." ~1984 George Orwell
"when they don't pay the 10$ because the owners of the zombie PCs do.."
Gives them one more to give a fuck about security does it not?
I have never understood the concept. Forget for a moment that spammers don't follow the rules, and generally work pretty hard to circumvent anti-spam measures, how are we all going to implement and maintain good measures on the receiving end? Ohh... someone like Yahoo will do that for us. Got it. Just pay my monthly dues or licensing fees and then a low $.01 per email and it's all good. Glad this is such a humanitarian effort aimed at cleaning up our interwebs and not a huge cock-up out for profit, because then it would just be unethical...
Also, why should I have to pay a new fee of any sort merely because someone else wants to send spam? The whole problem with spam is that everyone but the spammer has to bear its costs. This only increases the costs that all the rest of us have to bear because of spam. For that reason the ethics of this solution are already questionable despite its presumably good intentions.
It is a miracle that curiosity survives formal education. - Einstein
Missed a few:
(x) Many email users cannot afford to lose business or alienate potential employers.
(x) Joe jobs and/or identity theft.
(x) Countermeasures must work if phased in gradually.
(x) Feel-good measures do nothing to solve the problem.
From the paper, section 3.2 http://centmail.net/centmail.pdf :
A related scenario is when a user attempts to reuse a single legitimately obtained stamp to validate a single message sent to thousands of people. This is in fact considered to be acceptable behavior from the perspective of CentMail, similar to the use of blind carbon copy (bcc) for emails.
That sounds like exactly what spammers do - send the same message to thousands of people. So, really, that's $10 for delivery of 1,000 unique messages to unlimited millions of recipients. Good deal!
That's my main problem with it. The "logic" seems to go like this: "well, we couldn't come up with a way to make spammers pay, so instead we'll try to make everyone else pay to prove they're not a spammer." I can't support that.
It is a miracle that curiosity survives formal education. - Einstein
You offer three points in rebuttal:
...after the fact? Or will you have an automated system that prevents the mails from being sent if they seem suspicious? Otherwise a spammer can simply do a hit and run and exhaust the user's account. Regardless of that, spammers are more likely to control a very large amount of zombie Windows boxes, sending out a small number of e-mails on each machine.
1) An increase in use of Centmail points could be flagged as suspicious
2) If a user gets hacked, he just ends up donating more money to charity
Which is wonderful and all, but doesn't really solve the problem.
3) Hackers are more likely to be interested in other aspects of the user's computer
Spammers have demonstrably took over swathes of Windows machines exclusively to send out spam. Even if they didn't, centmail offers the chance to send a mail that is practically verified as genuine, which is very rare, and worth hacking a computer for.
Problem is this: if you blindly trust Centmail, then it'll be worth it for spammers to pay to send email. Don't believe it? Check your physical mailbox.
Well, you see, the best way to make it work is to make the "charity" a special fund. The biggest spammers are only a few hundred people at most. So, the way the fund works is that, when it accrues to the point that we can hire a hitman to take out one of the spammers, we pay out to a hitman and the spammer gets whacked. Pretty soon, the spam problem is solved.
Or, I guess alternately we could use the special fund to do something legal like bribe congressmen/MP's/dictators (depending on country needing the action) to pass the needed laws or simply have the spammers arrested and thrown in jail for life.
Similar to the upcoming US election results
But what if your centmail account gets hacked and the hacker uses it to send millions of spam messages. If you credit card is on their file you will be down a $10,000. Of course you can feel good about donating that much to charity!
Life is about being a Phoenix!
I'm worried about the chilling effect of email being tied to commerce. Internet commerce requires that your identity be tied to the transaction, whether it is to the ISP who provides your email account, PayPal for your ebay goodies (or supporting Slashdot), CC transactions on Amazon, etc. They know who you are. Now, in an instance where you need privacy, or better yet, actual anonymity, you are screwed because you can't use email to blow the whistle on an employer who acts unethically, violates OSHA regs, etc. And I wouldn't be surprised if the government likes the ability to track a specific email back to a specific person.
I don't mean to come off like a tin-foil hatter, and could probably write a more coherent rant if I had more time. There is no good that can come from this. Ever.
I prefer rogues to imbeciles because they sometimes take a rest.
Or the third option, they alter their botnets to sniff out centmail registered users and send the spam through that.. 80 year old grannies suddenly get hit with $100,000 email bills and lots of bad publicity ensues.
You're forgetting that most spammers do *not* send email. They have botnets for that.. and the botnets are just naive Windows users. Much as I like the concept of taxing people for not securing their computers it's not exactly fair.
SSL is a flawed system that was built on pure greed.
Why should I have to pay someone just so Firefox will not chase my users away.
SSL is nothing more than extortion and it has stopped encryption from becoming standard.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Spam exists for one reason and one reason only: someone, somewhere is willing to buy from spammers or otherwise to give them money.
I recently read a theory that challenged the (afaict, completely factless, unproven) idea that the advertisers make money off of spam. It's P. T. Barnum's "There's a sucker born every minute", as seen in get-rich-quick schemes, applied to spam.
You have two parties - advertiser, and spammer. Advertiser pays spammer $10k to send a million spams. Spammer sends those million spams. The advertiser sits around, counting his imaginary sales. But nobody shows up. A couple of days pass, he sells $1k of stuff, and is $9k in the hole due to his spamming efforts. Does he spam again? Quite possibly not.
But who learned from that? Only that individual advertiser. Even if each advertiser never makes money, as long as there is another sucker in line, there will be no end to spam.
There's nothing I've seen that indicates the individual advertisers make good money off of spam. The spammers, sure. But they're just taking money from one sucker after another.
Velociraptor = Distiraptor / Timeraptor
Cute, but wouldn't work.
Any unclaimed amounts would be confiscated as unclaimed property. The "owners" would then need to try to claim it from the government. (yes, they really do this.) As this would be a net income, they would love you. (not sure if it's the IRS or the State, but someone would pocket it for you.)
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.