ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] News Article - Microsoft and spam

2003-06-26 12:04:39
from [Yakov Shafranovich] [Permanent Link] 
At 10:57 AM 6/26/2003 -0600, Vernon Schryver wrote:


> From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>

> ...
> I was wondering about that as well. Would hiring people for go through the
> human interface test increases the costs for spammers? Does it matter since 
> the cost is so small anyway? What about in a C/R system where a human
> interface test is used, would spammers actually go ahead and hire people to 
> pass the test from each bounced message?

Let's do some arithmetic.  At $10/hour and 10 seconds per challenge
answered or account created, the cost would be about $0.03 address.
That sounds a little but not very high to send mail until the
challenge whitelist entry is deleted by the spam target.  It sounds
low for a valid sender account that can be used for millions of
messages for days until the free provider notices enough bounces
or receives a complaint and terminates it.
[..]
Even if every single message has to be manually verified or sent by a human, how much would it cost anyway to hire people to do so? It seems that the advantage that spam enjoys is due to low cost of the transmission medium. In the postal system junk mail is restricted not by the fact that its sent by humans or machines, but rather by the cost of the postage itself and various laws covering illegal mail scams. Thus, in the email world it would seem that an economic solution that imposes postage costs would seem like a good solution but then again the real world does not correspond directly to the Net world.
On the other hand snail mail recipients cannot have an automated system reject junk mail, unlike email users. Thus this brings us back again to consent-based communications. Users and/or their providers define filtering rules under which email is rejected or put into the bulk folder. For the most paranoid, all email is rejected unless the receiver is known, for others filtering, C/R, HTML blocking, etc. systems can be used. Once the receiver has given his consent to the sender, all email will flow freely. Consent can either be given by being put on a whitelist - then issues of forged sender must be resolved. Other ways to give consent is cryptographic tokens or passwords. 

Just some thoughts.
Yakov 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Proposal: Separate ISP(s) for "guaranteed delivery" of email, Kurt Magnusson
Next by Date:  Re: [Asrg] hiring challenge responders, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] News Article - Microsoft and spam, Chris Lewis
Next by Thread:  Re: [Asrg] Proposal: Separate ISP(s) for "guaranteed delivery" of email, Kurt Magnusson
Indexes:  [Date] [Thread] [Top] [All Lists]