What's the point of e-postage? All the e-mail systems I know would
have no trouble handling their incoming mail if they only got mail
that their users wanted, even with a little unwanted mixed in. This
tells me that the goal of e-postage is some combination of
compensating recipients and deterring or at least rate limiting
senders.
If you're going to compensate recipients, you either need a single
central post office (or a cartel of post offices that trust each
other, which amounts to the same thing), or else you need settlements
to get the money from the sender's stamp provider to the recipient's.
We presumably agree that we don't want a central post office to meter
the mail as it's injected into the system. I have a pretty good idea
of what it would cost to build a transaction infrastructure big enough
to count the stamps to get the raw data needed for settlements, which
tells me that settlements aren't going to happen, either.
So let's think about rate limiting or deterring senders. Perhaps I'm
suffering from a failure of imagination, but I don't see useful rate
limiting without some cooperation from the recipients. This is for
two reasons: one is that recipients don't want to rate limit the mail
they want, and the other is that without some way for the recipients
to audit the rate limiting, naughty senders will lie and claim they're
rate limiting when they aren't.
There's a minor exception here to the cooperation rule for for ISPs
and their customers. If I were an ISP, I would rate limit my
customers' outgoing mail since anyone who sends a whole lot of mail
and hasn't told me they're running mailing lists is a zombie.
Although I can imagine various ways to rate limit by charging by the
message, it seems a lot easier and more effective to rate limit by
rate limiting, either slowing down senders or just firewalling them
until they fix their problem. If you charge, you'll have trouble
collecting (credit card companies aren't thrilled about penalties
other than their own) and spammees won't find the fact that you made
extra money from the spam your users sent them very reassuring.
Receipient rate limiting might take the form of hashcash, although
that seems too easily circumvented so long as the bad guys have
zombies to do their hashing. With better authentication, recipients
might be more able to count mail by sender and tell the overeager
senders to back off. With agreements a la Bonded Sender, recipients
might demand consideration to accept mail from dubious sources, but
then you're back to a cartel or settlements to make the demands stick.
So where does this leave e-postage? Other than as a clumsy way to get
people to fix their zombie machines, nowhere I can see.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg