Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com> wrote:
[snip]
The transaction cost issue is the simplest: any kind of e-postage system
is going to need a transaction per message to check the stamps. Spammers
are going to put bogus e-postage on their mail, and the only way to see
if
an e-stamp is valid is to check with the issuer. Even if you use a
crypto
signature scheme to see if the stamp is real, you still need to ask
issuer
if it's already been used somewhere else. I have yet to see a faintly
plausible plan that would build and pay for a transaction system big
enough to handle the world's e-mail. I'm not talking about settlements
here, just whether the stamp is OK. The biggest transaction system to
date is the one for Master Card and Visa, and it's both too small and too
expensive by several orders of magnitude each.
Again, you're describing a particular model which is easy for you to
object to, a straw man.
How come SSL certificates in HTTPS transactions can work? Aren't they
reasonably analogous?
HTTPS transactions aren't remotely analogous to postage. You don't have to
check whether that certificate has been used before (using a certificate
many times is normal, but a stamp can only be used once).
However, a "pay for what you post" model (as opposed to a "stamp" model,
which is just one particular type of "pay for what you post" model) can be
quite simple, and can be fairly analogous to HTTP. Basically have the ISP
sign a digest of each outgoing message (signing a digest covers the re-use
issue quite nicely, unless the spammers are clever enough to generate digest
collisions). That means that every outgoing message has to be routed
through the ISP, and the ISP meeds to verify who is sending it (so he knows
who to bill) so the real cost of email will be increased and the email
system will cease to be end-to-end.
For most users, all outgping email is already routed through the ISP's
outgoing mail servers, so the extra costs they cause are limited to the cost
of generating the digest and signing it. For most emails, outgpoing email is
not routed through the ISP's servers, so there is also the additional cost
of accepting, storing, and forwarding the email. A charging model which
allows say 50 emails per day free will probably leave email free to the
average consumer (and there's nothing to stop massmarket ISPs adopting a
range of charging models, in the way that mobile phone operators have - pay
a higher subscription and get more free outgoing emails, or a lower
subscription and get fewer). There are some problems with mailing lists,
since they add headers, unless the digest is only of the mail body and
doesn't include the RFC 822 headers, unless eachmessage is payed for twice
(once when sent to the list server, again when relayed by the list server).
We have to think about the effect on organisations like the ACM and the BCS
(which provide permanet address capabilities for their members through
adress mapping realys) as well.
There is no need to introduce inter-ISP payments for handling each-other's
email traffic distinct from any payments already used for providing
bandwidth and/or handling general internet traffic. The european postal
union certainly deosn't have such transfer payments between its members, why
should an email system?
In order for the charges to have a deterrent effect on spammers, they have
to be high. Much higher than the extra costs incurred by the ISPs. It's
not going to deter spammers if we merely double the cost of an email, we
have to raise the cost to a level where their operation is no longer
profitable. This is where the trouble starts. The costs have to be high
enough that it's worth going to the trouble of settting up your own ISP to
avoid them, even if you are a legitimate business that doesn't use
significant amounts of bulk email. That's what spammers will do - set up
their own ISPs. This could perhaps be avoided by bringing in those transfer
payments - and now we have all the complexity that Levine was complaining
about, and it's probably neccessary to introduce a central clearing house -
or rather a hierarchy of clearing houses, as in the banking system. Since
these clearing houses will be dealing with the transfer of serious amounts
of money, they will be subject to government regulation (regulations to
prevent money-laundering, regulations to prevent fraud, regulations for this
that and the other) and the email system will be tied up in a vast
bureaucracy.
The vast bureaucracy may not be too great a price to pay to eliminate spam.
Government control of our email (through government regulation of the
clearing houses) may not be too great a price to pay. After all, the
alternative to getting a handle on spam may be to do without email at all.
Personally, I'd prefer to carry on searching for a better solution.
Tom
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg