RE: [Asrg] Thoughts so far

At 03:44 PM 3/19/2003 -0500, you wrote:
> At 11:31 AM -0800 3/19/03, Steve Schear wrote:
> > Sender-pays is like being armed.  I'm betting that clients implementing a 
> > stamps approach will fare well enough at controlling spam to eventually 
> > gain serious industry consideration.  But even if it doesn't it may still 
> > help those so armed.
> You keep missing the issue.  This is nothing like being armed.  A gun 
> works whether or not anyone else has one.  Sender pays works *only* if a 
> significant proportion of the users have one.
A PoW system could be deployed almost immediately at a web-based email 
system. The only 'special' tool is that the user would be required to 
accept a small PoW calculation applet or install it to manufacture the 
stamp using client CPU cycles.
For people wishing to contact me for the first time that don't use such a 
service my bounce mail reply would provide them with a link to an applet 
downloader web page. They would only have to create the stamp and appended 
it or include it in-line in their email.
Past that I really don't care if they can or cannot contact me. I can live 
with that.  A bit of balkenization might be desirable, even necessary, to 
coerce a change.
But...
> At 2:13 PM -0500 3/19/03, Paul Judge wrote:
> > 2.      must not affect delivery(latency, integrity, cost, reliability) of
> > wanted messages to a point that would effect the normal use of email
> > 3.      must be easy to use
> > 4.      must be easy to deploy, incrementally
> >         a.      must provide incentives to deploy for those doing the
> > deployment
> > 5.      must not depend on universal deployment to be effective
> > 7.      must have minimal administration and implementation overhead
> > 8.      must have minimal computational and bandwidth overhead
> ...it has serious problems with those requirements.
I don't accept number 8 as being necessary.


> > > If you are someone who is technically active online, or running a 
> > > business that requires timely contact with random people in the outside 
> > > world, such a system will be more painful than the spam.
> > Agreed, no one solution is likely to fit all.
> If we are proposing incremental solutions to limit spam, then that 
> statement is perfectly fine.  However I don't see how you can propose an 
> architecture that works only if it is universally accepted, and then admit 
> that it won't fit all needs.
I don't think postage requires a universal acceptance off the bat.  If it 
works for me, that's all I care.  Progress occurs when a small, but 
influential group, adopt some new technology or behavior which is 
beneficial to them.  As other's notice the advantages they too will see if 
it can work for them.  I like Freenet and other P2P systems.  I don't care 
if they are not universal.

> As an aside.  Another way to look at the current situation is that we have 
> a system that meets everyone's needs pretty well--it's just that there is 
> one particular class of user whose needs we would rather it *didn't* 
> meet.  We're trying excise that one feature without impacting any 
> other.  Personally I think that at the very least, "able to send mail as 
> anyone from anywhere" is going to have to go with it.  Or rather--it may 
> be able to remain, but it will require special software and protocols.  On 
> the other hand.  If we can come up with a change that prevents email 
> forgery of any kind, and requires custom software only for people who need 
> to do it for legit purposes, I'd say we had a winner.  Obviously it's not 
> quite that simple though.
No its not, eh?


> > > Spam solutions which violate basic economic principals (e.g. "Most 
> > > people will not spend money in order to hurt themselves") are not going 
> > > to be successful.
> > > At the early adopter stage, sender-pays is indistinguishable from simple 
> > > whitelisting.  Except that it costs the sender more money.
> > Forcing unknown senders to spend even a bit more time or a bit of money 
> > in order for their emails to be seen is all that may be necessary to sort 
> > them out from others who's economics depend on enormous volumes of free 
> > or nearly free emails.
> Stop thinking about your system as though it were fully deployed and 
> consider how it works in the early stages.  If you continue focusing on 
> the future, without looking at how you get there, you're never going to 
> get there.
> At the early adopter stage you aren't forcing unknown senders to spend 
> more time and money--you're forcing the users of the system to spend time 
> and money.  The unknown senders aren't using the system. And you can't 
> block them because they constitute the majority of your correspondents.
No they do not.  I'll white list all my current correspond ants all others 
are, ifso facto, unknown senders.  My .sigs will inform respondents on 
lists how to contact me in the same way people sometimes use intentional 
ill-formed email addresses to thwart harvesting.

> > > If you think I'm missing something here, then please let me know. But 
> > > please keep in mind that I'm not arguing that the system isn't 
> > > technically feasible, or even desirable.  I'm simply arguing that a 
> > > system that hurts early adopters more than it helps them is not likely 
> > > to be adopted.
> > Many people are already forced by spam to abandon email addresses they've 
> > used for years.  This transition hurts them (they must spend time and 
> > effort to inform their previous/frequent contact), yet its done all the 
> > time because they believe it may provide a respite from the flood.  Would 
> > adopting a sender-pays be more harmful or difficult?  I don't know and 
> > none of us will until various combinations of sender-pays are fielded and 
> > trialed.
> Again, you've skipped to the "everyone has it" stage.  Take that person 
> currently facing the pain of having to change their address. You say to 
> them, "Here, instead of changing your address.  Install this system.  It 
> will take longer to send your email (or cost you money to send), and it 
> won't stop any spam right now.
It will stop spam and all unknown senders immediately.

> But it will eventually."
>
> Stop telling me how it's going to stop spam when everyone is using it.  I 
> believe you!  Tell me how you're going to convince people to use it in the 
> first place.
For those who cannot or will not accept this aspect its not for them until 
it approaches more universal acceptance.
steve

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg