RE: [Asrg] Thoughts so far

At 11:31 AM -0800 3/19/03, Steve Schear wrote:
> Sender-pays is like being armed.  I'm betting that clients 
> implementing a stamps approach will fare well enough at controlling 
> spam to eventually gain serious industry consideration.  But even if 
> it doesn't it may still help those so armed.
You keep missing the issue.  This is nothing like being armed.  A gun 
works whether or not anyone else has one.  Sender pays works *only* 
if a significant proportion of the users have one.
> > Now put a value on a spam jail which contains 90% of your email. 
> > And consider what happens if it becomes common enough that the 
> > spammers take notice and start forging addresses from commonly 
> > whitelisted senders.
> I think this is where signed content could help.
Yes, it certainly could.  And the combination of a system which 
required either stamps or a signed message, and blocked messages that 
didn't have those; in combination with a good protocol for signing up 
for lists and obtaining the signature, would go a very long way 
towards providing an email system that isn't overloaded at either the 
network or individual level by spam.
A good proposal on that would require integration of web browser 
plugins, email plugins and MTA changes.  I'm sure an elegant 
architecture could be created, if it hasn't already.
But...
At 2:13 PM -0500 3/19/03, Paul Judge wrote:
> 2.      must not affect delivery(latency, integrity, cost, reliability) of
> wanted messages to a point that would effect the normal use of email
> 3.      must be easy to use
> 4.      must be easy to deploy, incrementally
>         a.      must provide incentives to deploy for those doing the
> deployment
> 5.      must not depend on universal deployment to be effective
> 7.      must have minimal administration and implementation overhead
> 8.      must have minimal computational and bandwidth overhead
...it has serious problems with those requirements.

> > If you are someone who is technically active online, or running a 
> > business that requires timely contact with random people in the 
> > outside world, such a system will be more painful than the spam.
> Agreed, no one solution is likely to fit all.
If we are proposing incremental solutions to limit spam, then that 
statement is perfectly fine.  However I don't see how you can propose 
an architecture that works only if it is universally accepted, and 
then admit that it won't fit all needs.
As an aside.  Another way to look at the current situation is that we 
have a system that meets everyone's needs pretty well--it's just that 
there is one particular class of user whose needs we would rather it 
*didn't* meet.  We're trying excise that one feature without 
impacting any other.  Personally I think that at the very least, 
"able to send mail as anyone from anywhere" is going to have to go 
with it.  Or rather--it may be able to remain, but it will require 
special software and protocols.  On the other hand.  If we can come 
up with a change that prevents email forgery of any kind, and 
requires custom software only for people who need to do it for legit 
purposes, I'd say we had a winner.  Obviously it's not quite that 
simple though.
> > Spam solutions which violate basic economic principals (e.g. "Most 
> > people will not spend money in order to hurt themselves") are not 
> > going to be successful.
> > At the early adopter stage, sender-pays is indistinguishable from 
> > simple whitelisting.  Except that it costs the sender more money.
> Forcing unknown senders to spend even a bit more time or a bit of 
> money in order for their emails to be seen is all that may be 
> necessary to sort them out from others who's economics depend on 
> enormous volumes of free or nearly free emails.
Stop thinking about your system as though it were fully deployed and 
consider how it works in the early stages.  If you continue focusing 
on the future, without looking at how you get there, you're never 
going to get there.
At the early adopter stage you aren't forcing unknown senders to 
spend more time and money--you're forcing the users of the system to 
spend time and money.  The unknown senders aren't using the system. 
And you can't block them because they constitute the majority of your 
correspondents.
> > If you think I'm missing something here, then please let me know. 
> > But please keep in mind that I'm not arguing that the system isn't 
> > technically feasible, or even desirable.  I'm simply arguing that a 
> > system that hurts early adopters more than it helps them is not 
> > likely to be adopted.
> Many people are already forced by spam to abandon email addresses 
> they've used for years.  This transition hurts them (they must spend 
> time and effort to inform their previous/frequent contact), yet its 
> done all the time because they believe it may provide a respite from 
> the flood.  Would adopting a sender-pays be more harmful or 
> difficult?  I don't know and none of us will until various 
> combinations of sender-pays are fielded and trialed.
Again, you've skipped to the "everyone has it" stage.  Take that 
person currently facing the pain of having to change their address. 
You say to them, "Here, instead of changing your address.  Install 
this system.  It will take longer to send your email (or cost you 
money to send), and it won't stop any spam right now.  But it will 
eventually."
Stop telling me how it's going to stop spam when everyone is using 
it.  I believe you!  Tell me how you're going to convince people to 
use it in the first place.
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg