On April 25, 2004 at 07:55 chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
(Jonathan Morton) wrote:
First things first. The resource being consumed/abused is the
recipient's inbox. Therefore we need to make any charge a condition of
entry into a participating recipient's inbox. That means the recipient
is the one who needs to decide whether a stamp is needed, and whether
any given stamp is sufficiently valid.
Well, I disagree with this 100%, it's just false.
If people could send advertising via paper post for free do you think
the problem is primarily the recipient's? What about the effect it has
on the letter carriers and the postal system in general?
This is another proposal which works forward from spam is free, just
annoying.
It's a terribly naive way to look at resource abuse.
Unilaterally charging a levy at the sending side isn't going to work,
for a variety of reasons - primarily that the major ISPs will start
using it as a revenue stream in it's own right, rather than for the
intended purpose of preventing abuse by it's customers. Another reason
And this is a problem because...?
is that spammers will set up their own ISPs and backbones to avoid the
normal stamping routes as much as possible.
But no one will accept their stamps!
Why don't you try setting up your own post office and printing your
own stamps and see how the Royal Post reacts.
In a recipient-driven scheme, senders still have to be able to buy
stamps, but they will be able to choose their stamp vendor, rather than
being limited to their ISP.
There's always going to be a zombie-PC problem, to some extent at
least. At the moment there are hundreds of thousands of insecure
Windows machines out there, and they aren't going away. There is a
very slight possibility that it might be feasible to economically force
novice users onto a more secure platform - such as the Mac - but we
can't rely on that, either.
A problem is that zombies can't merely be used as a relay, they can
also be used to leech any stamp account the victim uses for their own
e-mail. However, the compromised stamp account will quickly either
become empty or run up a monstrous bill on the victim's credit card
(the former situation is obviously preferable, and I'd hope that
consumer stamp accounts were set up that way). After that, the zombie
can still spew mail all over the place, but it will be unstamped. The
empty account (or huge bill) also serves as a wake-up call to the
victim, to get their machine cleaned and secured.
The interesting thing is that a stamp can also act as proof of where
the mail was sent from, and/or who by, because there's a money trail
(if nothing else) to follow, and each stamp is unique. This probably
won't tell you who the spammer is, but it can help for whitelisting,
forgery detection, and for notifying victims. And it doesn't require
the victim's ISP to lift a finger, unless they also happen to be the
stamp vendor.
The big disadvantage for e-postage is that everyone now has to pay for
e-mail service. A service which we presently take for granted as
incrementally free.
There are alternative schemes which can operate alongside e-postage to
eliminate the monetary cost for most normal purposes. A combination of
a proof-of-work stamp (such as hashcash) and a proof-of-identity
signature would also serve a useful rate-limiting purpose. Again, it's
up to the recipient to decide how strong a guarantee he requires before
a mail can land in his inbox. (At the moment, most recipients'
barriers to entry are exceptionally low, even with today's content
filters, because there's no practical, universal way to detect forged
mail.)
The common factor in the above is that the sender can say "I want this
mail to go through so badly that I will do one or more of the
following: prove *I* sent it; pay for a stamp from a trustworthy
vendor; expend N seconds of CPU time". The recipient can then look at
the credentials supplied with the mail, optionally check them against
stamp vendors' databases (etc.), and decide whether they're good
enough.
People, please point out what's wrong with the above, specific
high-level design, not with "e-postage" in the abstract.
Yeha, who pays for all the overhead in your proposal.
Create an economy, or it's just schoolboy fantasising.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg