On November 14, 2008 at 14:04 d(_dot_)wall(_at_)computer(_dot_)org (David Wall)
wrote:
Such a system for charging bulk emailers could be made quite simple,
the devil is of course in the detail.
And in its implementation...
Well, I could post my observations in C or Perl if you prefer. There
is something to be said for that ("running code!") but this is a
research group.
You create a header.
In that header is a cryptographically secure string which is the
postage which was purchased from a recognized issuance party. Think,
as an analogy, SSL certificates.
I'm thinking SSL certs, yet even today, few email servers use SSL to
protect email communications because most do not care to pay extra, and
those that do typically use self-signed certs that keep the data
encrypted, if not sanctioned by a CA. Apparently CAs no longer even
claim anything because you need to be an "extended verification" cert to
do what a regular cert used to offer -- that they checked your ID before
issuing you one. Besides, an SSL cert is non-transactional unlike
postage. Furthermore, much spam, as has been pointed out numerous times
before, is sent by hijacked user computers, so the original spammer is
not actually sending the email and thus would not be paying.
A site could choose to accept or reject such "stamped" email.
First, if you wish to accept spam and other commercial email then feel
free to ignore all this jazz, just like you can with ssl info.
Second, like ssl one would hope that any sort of valid cryptographic
verification would include identifying the permitted sending hosts for
that cryptogram (i.e., ssl certs are tied to a host or site.)
That is, you couldn't (at least in theory) generate your own postage
and have it accepted as valid by anyone interested. You're right that
if the recipient hasn't any interest there's little one can do but so
what?
And you couldn't send mail with a "valid" postage cryptogram from just
any computer (e.g., a hijacked PC), SSL certs have that intent also.
I know you could have thought all that through for yourself but you're
just resisting the idea, no?
And those that chose to reject would receive no email from 99.999% of
the people out there.
That would be a bad implementation, yes.
Monies collected for such postage could be divided up, I won't belabor
this detail.
Please don't, since this would be very hard.
Giving away money is hard???
Give an example where such
a scheme exists outside of your proposal. Your phone and postal mail
examples certainly do not.
It's a new medium, we're inventing some things.
Anyhow, an example? How about click-thru advertising a la google?
Some rules exist to acquire such postage for non-commercial sites,
end-users, etc., probably amounting to about free.
"Some rules" eh? We just have to agree on those rules, right? That
shouldn't pose any difficulties....
No more so than, e.g., SSL certificates or click-thru advertising (or
SMTP for that matter.)
You want to play, fine, here's how it's done...(RFCs etc.)
You don't? Fine! Accept what you like by your own algorithms, or
accept everything, write your own mail system, etc. none of my
business.
Anyhow, isn't that why we're all here? To try to design some rules we
all may play by in a consistent manner?
You're just resisting, right?
Anyhow, obviously the entire idea would comprise many pages of details
but I hope that outlines an overview of a plausible system which
doesn't require micropayments, monopolies, or all the other straw man
nonsense which gets thrown at the stage like rotten tomatoes when the
idea comes up.
The difficultly is nobody likes spam, but nobody wants to pay to send an
email beyond what they already pay for Internet service. Pay per use
for anything trivial (like email) tends to disappear into flat
subscriptions, which is what ISPs do now when they charge us for
access. And this mailing list would die if we had to pay to send.
I guess no matter how many times I explain this each person gets to
come to the plate and bat out the same straw men...
THIS INVOLVES BULK COMMERCIAL EMAIL.
There is absolutely no reason why you would pay anything.
Real commercial emailers might send out millions of emails per day or
month anyhow.
I get some sort of boring come-on from Amazon almost every day because
I once bought a book from them. Why should they be able to do that for
free? They must be sending out tens of millions of these per day,
maybe more.
They can't ship me a book for free, even if I have a prior business
relationship with them. Even if I asked for the book and paid for it,
they still have to pay (well, charge, cause the shipper to be paid)
for shipping.
Spammers by many accounts approach A BILLION messages per day!
Now, where would you say your usage, or even the usage of a list like
this, fits in to that picture?
Almost indistinguishable from zero.
So, without trying to detail to the last bit of minutiae doesn't that
seem to lead towards a system which might charge large bulk emailers
while preserving the current status quo for most others?
Say it gave you, YOU, don't go running for other hypothetical
examples, 100,000 free messages per day for non-commercial use. Would
that cover it? Would it work for amazon or some spammer?
Even for someone like the IETF...they buy SSL certificates, no? I
assume SSL certs cost IETF thousands of dollars a year. That's ok.
So let's say umbrella "postage" was available to a non-profit, say
100M msgs a month for $500/year? Would that break the bank?
Or they could send w/o postage and people who wanted to receive their
stuff could put an exception rule in their checker if they have a
checker:
if(from(IETF)) then acceptWithoutPostage().
(whatever "from(IETF)" means, SPF, DKIM, etc.)
Similar for end-user ISPs, non-commercial usage postage license, 1B
msgs/month, $1,000/year. It'd be in the noise, mainly a processing
fee. And they would do well to pass on to their customers the idea
that if any are doing bulk commercial emailing they will need their
own license. Etc.
My company offers a secure web email platform in which zero spam and
zero viruses are sent as all users are authenticated to send and receive
-- which by itself doesn't preclude these things, but reputation does
when you can prove such abuse came from you and you can be turned off
immediately from future use. Furthermore, large files can be sent
without size limitations imposed by many email systems. All data is
encrypted on disk and when in transit. Electronic signatures can be
applied. Timestamps are accurate, no email headers to spoof, guaranteed
return receipts and tracking, etc. We have thousands of paying
customers and hundreds of thousands of users (only senders pay -- and
they pay subscriptions, not per use). But this is a drop in the bucket
compared to the massively distributed email system and its users. Why?
Because there are some business communications situations that really
need our service and they are willing to pay for those benefits, but
most people would not pay when regular email with all its warts, viruses
and scams is free. So while we're totally for making regular email
expensive so our product is more universally attractive, it's just not
likely going to happen.
Ok, straw man, right?
There are too many email users, too many email servers and too many
email clients around the world to coordinate for a such a new standard.
Then I guess we better disband the entire IETF on that basis! Why
doesn't this reasoning apply to everything that goes on here?
It would require world-wide government cooperation and mandates -- and
if you're holding your breath for that, good luck to you. It's not a
technical issue. Just because you can devise a scheme won't make it
happen. And if you can make it happen, do so and become filthy rich
rather than complaining we all don't get it. Just do it!
Hey look, I'm not complaining, I'm injecting some ideas.
You're the one whining about them, and mostly nonsensically I may add.
Have you ever considered re-reading your own posts with a little
self-criticism? A skeptical eye? Imagining how someone who doesn't
agree with you 100% a priori might read them?
Then maybe you would spare us nonsensical comments like "there are too
many email users, too many mail servers, too many email clients around
the world to coordinate for such a new standard." on a STANDARDS GROUP
(well, research for standards group) mailing list!
Sheesh. Just listen to yourself, have you no shame?
--
-Barry Shein
The World | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg