Re: [Asrg] Economic model is borken. (sic.) Let's fix it

At 11:28 AM -0500 3/8/03, Eric S. Johansson wrote:

1) the incentive is to make sure their messages delivered. In thephysical world, if I call them up on the telephone and order acatalog, they have an incentive to add postage to make sure I getbut I asked for otherwise they risk me taking my business elsewhere.so, why should not be the same electronically.

That incentive does not exist until a significant percentage ofsystems block non-stamped email. Until then the only personsuffering is the one who installed a non-stamp-blocking system, notthe vendor.

2) increasingly, antispam filters are taking out legitimatecommunications from businesses. The use of a stamp would allow themto bypass the filters without requiring the recipient to do anythingspecial (i.e. white list, filter exception).

This logic works better. But of course any standard authorizationmechanism can provide this benefit, not just stamps.

2. If they do automatically add a stamp, what keeps me from abusingthat fact by continuously generating non-paying transactions whichrequire responses?
this is a serious risk factor before near full adoption. In anutshell, the business would need to be careful about how manymessages it was prodded into generating for a given address. Therewould need to be some logic put into the robot to say "hey! I havereceived over X messages in the past Y hours from this user. Timeto get a human".

I can register a new domain for $10. I can receive all email sent tothat domain, and create a new one every day. Now if you aren't goingto give me a cut of the stamp price, then maybe I don't have a bigincentive. But if you are then you have a fraud problem.

I accepted this is a weak spot but I believe it can be solved.Using techniques such as address probes (i.e. does this domain/userexist) and rate analysis (normal vs. abnormal levels of traffic) canhelp minimize the impact.

Yow. That's a pretty heavy bit of infrastructure for doing nothingbut set up a mailing list.

Something to remember when thinking about fraud, spam, and attacks onthe internet--especially when comparing to that in real life. Thereare lots of things that people would never do in real life that theywill do online. Furthermore, do to the point to point nature of theinternet, every single lowlife in the world has a direct connectionto you. So, multiple decreased inhibitions by increased access andyou've got to be a lot more careful.

The other thing that really concerns me about spam fighting is thecost of unintended consequences. Stamps are one type of solutionthat is very prone to this, as are many of the legal solutions peoplehave proposed.

These solutions don't try to stop spam. They try and set rules forspamming. "You may spam if you pay postage." "You may spam if youprovide an unsubscribe address." These solutions legitimize spam.They open up the door for lawsuits against ISPs who block email thatmeets the rules. They send a message to every company in the worldthat it's okay to send email to people who didn't give consent, solong as they follow the rules. A postage-paid system that doesn'tput a company like ZDNet out of business (what, a million messages aday or something like that?) is *not* going to be a barrier to entryfor most companies. Instead of having a thousand or so spammersrunning around hitting you every day, you're going to have tens ofthousands of companies sending you email every month saying, "If youdon't want to be on this list, please follow these arcane unsubscribedirections." This will *not* be an improvement.

--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg