ietf-asrg
[Top] [All Lists]

Re: [Asrg] Email Postage (was Re: FeedBack loops)

2008-11-14 17:05:11

Such a system for charging bulk emailers could be made quite simple,
the devil is of course in the detail.
And in its implementation...
You create a header.

In that header is a cryptographically secure string which is the
postage which was purchased from a recognized issuance party. Think,
as an analogy, SSL certificates.
I'm thinking SSL certs, yet even today, few email servers use SSL to protect email communications because most do not care to pay extra, and those that do typically use self-signed certs that keep the data encrypted, if not sanctioned by a CA. Apparently CAs no longer even claim anything because you need to be an "extended verification" cert to do what a regular cert used to offer -- that they checked your ID before issuing you one. Besides, an SSL cert is non-transactional unlike postage. Furthermore, much spam, as has been pointed out numerous times before, is sent by hijacked user computers, so the original spammer is not actually sending the email and thus would not be paying.
A site could choose to accept or reject such "stamped" email.
And those that chose to reject would receive no email from 99.999% of the people out there.
Monies collected for such postage could be divided up, I won't belabor
this detail.
Please don't, since this would be very hard. Give an example where such a scheme exists outside of your proposal. Your phone and postal mail examples certainly do not.
Some rules exist to acquire such postage for non-commercial sites,
end-users, etc., probably amounting to about free.
"Some rules" eh? We just have to agree on those rules, right? That shouldn't pose any difficulties....
Anyhow, obviously the entire idea would comprise many pages of details
but I hope that outlines an overview of a plausible system which
doesn't require micropayments, monopolies, or all the other straw man
nonsense which gets thrown at the stage like rotten tomatoes when the
idea comes up.
The difficultly is nobody likes spam, but nobody wants to pay to send an email beyond what they already pay for Internet service. Pay per use for anything trivial (like email) tends to disappear into flat subscriptions, which is what ISPs do now when they charge us for access. And this mailing list would die if we had to pay to send.

My company offers a secure web email platform in which zero spam and zero viruses are sent as all users are authenticated to send and receive -- which by itself doesn't preclude these things, but reputation does when you can prove such abuse came from you and you can be turned off immediately from future use. Furthermore, large files can be sent without size limitations imposed by many email systems. All data is encrypted on disk and when in transit. Electronic signatures can be applied. Timestamps are accurate, no email headers to spoof, guaranteed return receipts and tracking, etc. We have thousands of paying customers and hundreds of thousands of users (only senders pay -- and they pay subscriptions, not per use). But this is a drop in the bucket compared to the massively distributed email system and its users. Why? Because there are some business communications situations that really need our service and they are willing to pay for those benefits, but most people would not pay when regular email with all its warts, viruses and scams is free. So while we're totally for making regular email expensive so our product is more universally attractive, it's just not likely going to happen. There are too many email users, too many email servers and too many email clients around the world to coordinate for a such a new standard. It would require world-wide government cooperation and mandates -- and if you're holding your breath for that, good luck to you. It's not a technical issue. Just because you can devise a scheme won't make it happen. And if you can make it happen, do so and become filthy rich rather than complaining we all don't get it. Just do it!

David
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg