I read Paul Graham's section on challenge-response.
He seems to think it is a good idea, but for the fact that somebody has to go to a webpage to use it, and that blind people can't do the picture-based challenge schemes.
A standardized bond system could solve that. The standard could be built into my email client. The blind person can set up an escrow account. No problem there. And when email clients support the standard directly, there is no extra step needed by the sender. In fact, the email client would probably have reasonable defaults to allow me to
say: "I'm willing to put up a $0.10 bond for any 1-off email I send. Don't bother me unless the receiver requires more than that, then I will decide if I want to raise my bond for that person or not." Then I go on my merry way, sending my email. I could even say that for people I normally correspond with, I put up a $0.00 bond
and flag it if they start requiring one from me.
How is this unscalable? Downside: there is more CPU and bandwidth required for non-spam emails. But with blacklists and bayesian filters and the huge volumes of spam going around now, there is already a lot of CPU and bandwidth wasted in dealing with the problem.
All the naysayers about free mailing lists being
forced to pay thousands of dollars are wrong.
Unfortunately the article is not explicit about how it would
work. It's basically a modified whitelist system.
Imagine this:
Your inbox is set to block all mail which is not
on the whitelist. If the sender's address
is not on the whitelist, it cannot get into your inbox. It doesn't matter if it came from armies
of zombie windows boxes or whatever, it is
blocked at the front door. But what about
the free mailing list I want to receive?
I put it on the whitelist, and it gets through,
and no money changes hands. But what if I
sign up for the free mailing list and then
claim it is spam, can I collect money? No,
you can't collect money, because the free
mailing list is not willing to spend money
to deliver the message. The message would
get dropped on the floor, end of story.
But what about my long lost friend who found
my email address and wants to contact me?
Your long lost friend must "escrow" the
amount of your attention bounty in order
for the message to be placed in your inbox.
That doesn't mean you will claim the money.
If you do, your friend may be upset and
probably won't email you again. Probably
you won't claim the bounty. You will add
the friend to your whitelist, he will
pay nothing, and everyone is happy.
What about the spammer? He is not on the
whitelist, so he must put up the "escrow"
money to get the message into your inbox.
If once you get the message, you decide
it's wonderful, you don't take the
money. If you are upset about the message,
you take the money as your price for reading
an unwanted message. If you don't take
the money, the sender goes on your whitelist,
and next time can send to you without charges.
What if you later remove yourself from that
sender's list and they still keep emailing you?
You remove them from your whitelist. Now
they have to pay the price again to get
your attention.
Do you think this will cause marketers
to consider their audience much more carefully?
Yes. Will spammers send fewer messages? Yes.
Could other problems happen as a result of this?
Probably... one I can think of is the zombie
windows machines using the owner's "escrow"
account illegally to put up the escrow money.
In effect, the spammer would be stealing
money from grandma's credit card to pay for
his spamming. While that is bad, you can
bet that grandma will be very motivated to
secure her box now. At a minimum, she will
protect that credit card info for the
"escrow" account and not allow it to stay
in her computer so that the spammer's worm
could take advantage like that. Without
that escrow money, the spammer's unsolicited
messages will not get through the whitelist
filters.
I think the main problem with this is the
complexity of it all. But I think another
advantage of it is that it could be rolled
out incrementally. Senders on the whitelists
wouldn't be affected at all. So I could
set up my inbox with the whitelist. People not using the system and mailing
lists not using the system would all be
able to communicate with me fine.
During the transition, any new mails
without the escrow money capability
could have an automatic
reply that I require the new system to be
used to receive their email.
If their email client doesn't support
the new system, I'm sure some enterprising
soul will set up a web-based email system
supporting the scheme, and they could email
me from that to get things started. Or
I could even have my own website tied into
my inbox, and that could require them to
escrow some money in paypal before it puts
the message in my inbox.
The bottom line of the system: if the sender
is on the whitelist, no money changes hands.
If the sender is not on the whitelist, he
must be willing to put up the escrow money for
the message to be delivered. The receiver
sets the price the sender has to meet.
If the sender is unwilling to risk the
price, the message is not delivered.
Slashdot Mirror
I read Paul Graham's section on challenge-response. He seems to think it is a good idea, but for the fact that somebody has to go to a webpage to use it, and that blind people can't do the picture-based challenge schemes. A standardized bond system could solve that. The standard could be built into my email client. The blind person can set up an escrow account. No problem there. And when email clients support the standard directly, there is no extra step needed by the sender. In fact, the email client would probably have reasonable defaults to allow me to say: "I'm willing to put up a $0.10 bond for any 1-off email I send. Don't bother me unless the receiver requires more than that, then I will decide if I want to raise my bond for that person or not." Then I go on my merry way, sending my email. I could even say that for people I normally correspond with, I put up a $0.00 bond and flag it if they start requiring one from me. How is this unscalable? Downside: there is more CPU and bandwidth required for non-spam emails. But with blacklists and bayesian filters and the huge volumes of spam going around now, there is already a lot of CPU and bandwidth wasted in dealing with the problem.
All the naysayers about free mailing lists being forced to pay thousands of dollars are wrong. Unfortunately the article is not explicit about how it would work. It's basically a modified whitelist system. Imagine this: Your inbox is set to block all mail which is not on the whitelist. If the sender's address is not on the whitelist, it cannot get into your inbox. It doesn't matter if it came from armies of zombie windows boxes or whatever, it is blocked at the front door. But what about the free mailing list I want to receive? I put it on the whitelist, and it gets through, and no money changes hands. But what if I sign up for the free mailing list and then claim it is spam, can I collect money? No, you can't collect money, because the free mailing list is not willing to spend money to deliver the message. The message would get dropped on the floor, end of story. But what about my long lost friend who found my email address and wants to contact me? Your long lost friend must "escrow" the amount of your attention bounty in order for the message to be placed in your inbox. That doesn't mean you will claim the money. If you do, your friend may be upset and probably won't email you again. Probably you won't claim the bounty. You will add the friend to your whitelist, he will pay nothing, and everyone is happy. What about the spammer? He is not on the whitelist, so he must put up the "escrow" money to get the message into your inbox. If once you get the message, you decide it's wonderful, you don't take the money. If you are upset about the message, you take the money as your price for reading an unwanted message. If you don't take the money, the sender goes on your whitelist, and next time can send to you without charges. What if you later remove yourself from that sender's list and they still keep emailing you? You remove them from your whitelist. Now they have to pay the price again to get your attention. Do you think this will cause marketers to consider their audience much more carefully? Yes. Will spammers send fewer messages? Yes. Could other problems happen as a result of this? Probably... one I can think of is the zombie windows machines using the owner's "escrow" account illegally to put up the escrow money. In effect, the spammer would be stealing money from grandma's credit card to pay for his spamming. While that is bad, you can bet that grandma will be very motivated to secure her box now. At a minimum, she will protect that credit card info for the "escrow" account and not allow it to stay in her computer so that the spammer's worm could take advantage like that. Without that escrow money, the spammer's unsolicited messages will not get through the whitelist filters. I think the main problem with this is the complexity of it all. But I think another advantage of it is that it could be rolled out incrementally. Senders on the whitelists wouldn't be affected at all. So I could set up my inbox with the whitelist. People not using the system and mailing lists not using the system would all be able to communicate with me fine. During the transition, any new mails without the escrow money capability could have an automatic reply that I require the new system to be used to receive their email. If their email client doesn't support the new system, I'm sure some enterprising soul will set up a web-based email system supporting the scheme, and they could email me from that to get things started. Or I could even have my own website tied into my inbox, and that could require them to escrow some money in paypal before it puts the message in my inbox. The bottom line of the system: if the sender is on the whitelist, no money changes hands. If the sender is not on the whitelist, he must be willing to put up the escrow money for the message to be delivered. The receiver sets the price the sender has to meet. If the sender is unwilling to risk the price, the message is not delivered.