|
[Asrg] My take on e-postage
2004-04-25 00:14:45
First things first. The resource being consumed/abused is the
recipient's inbox. Therefore we need to make any charge a condition of
entry into a participating recipient's inbox. That means the recipient
is the one who needs to decide whether a stamp is needed, and whether
any given stamp is sufficiently valid.
Unilaterally charging a levy at the sending side isn't going to work,
for a variety of reasons - primarily that the major ISPs will start
using it as a revenue stream in it's own right, rather than for the
intended purpose of preventing abuse by it's customers. Another reason
is that spammers will set up their own ISPs and backbones to avoid the
normal stamping routes as much as possible.
In a recipient-driven scheme, senders still have to be able to buy
stamps, but they will be able to choose their stamp vendor, rather than
being limited to their ISP.
There's always going to be a zombie-PC problem, to some extent at
least. At the moment there are hundreds of thousands of insecure
Windows machines out there, and they aren't going away. There is a
very slight possibility that it might be feasible to economically force
novice users onto a more secure platform - such as the Mac - but we
can't rely on that, either.
A problem is that zombies can't merely be used as a relay, they can
also be used to leech any stamp account the victim uses for their own
e-mail. However, the compromised stamp account will quickly either
become empty or run up a monstrous bill on the victim's credit card
(the former situation is obviously preferable, and I'd hope that
consumer stamp accounts were set up that way). After that, the zombie
can still spew mail all over the place, but it will be unstamped. The
empty account (or huge bill) also serves as a wake-up call to the
victim, to get their machine cleaned and secured.
The interesting thing is that a stamp can also act as proof of where
the mail was sent from, and/or who by, because there's a money trail
(if nothing else) to follow, and each stamp is unique. This probably
won't tell you who the spammer is, but it can help for whitelisting,
forgery detection, and for notifying victims. And it doesn't require
the victim's ISP to lift a finger, unless they also happen to be the
stamp vendor.
The big disadvantage for e-postage is that everyone now has to pay for
e-mail service. A service which we presently take for granted as
incrementally free.
There are alternative schemes which can operate alongside e-postage to
eliminate the monetary cost for most normal purposes. A combination of
a proof-of-work stamp (such as hashcash) and a proof-of-identity
signature would also serve a useful rate-limiting purpose. Again, it's
up to the recipient to decide how strong a guarantee he requires before
a mail can land in his inbox. (At the moment, most recipients'
barriers to entry are exceptionally low, even with today's content
filters, because there's no practical, universal way to detect forged
mail.)
The common factor in the above is that the sender can say "I want this
mail to go through so badly that I will do one or more of the
following: prove *I* sent it; pay for a stamp from a trustworthy
vendor; expend N seconds of CPU time". The recipient can then look at
the credentials supplied with the mail, optionally check them against
stamp vendors' databases (etc.), and decide whether they're good
enough.
People, please point out what's wrong with the above, specific
high-level design, not with "e-postage" in the abstract.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] My take on e-postage,
Jonathan Morton <=
|
|
|