ietf-asrg
[Top] [All Lists]

Re: [Asrg] Email Postage (was Re: FeedBack loops)

2008-11-14 20:48:23

You asked, right?

On November 15, 2008 at 00:45 asrg(_at_)johnlevine(_dot_)com (John Levine) 
wrote:
In that header is a cryptographically secure string which is the
postage which was purchased from a recognized issuance party. Think,
as an analogy, SSL certificates.

A site could choose to accept or reject such "stamped" email.

Monies collected for such postage could be divided up, I won't belabor
this detail.

Gee, you stop just when you're getting to the insoluble problems.

Well, we're all getting zero now to receive bulk commercial email.

I suppose one's sense of justice makes zero better than a system where
one is getting something, but something perceived as not perfectly
fair. The human mind is like that.

But the obvious attack would be you "send back" the stamps you
accepted and you get so much per stamp, money which came out of what
was paid for those "stamps". With luck and perserverance you could get
a nice two-slice toaster.

Actually I don't see this as being something which goes to end-users
directly, that would increase overhead significantly.

That wouldn't prevent an ISP for example crediting against your
account charges, or everyone's account charges, or turning it into
pennies and dumping it into the nearest salvation army bucket if they
like. That's really just marketing when you get down to it.

Probably the best way to express that is that a "license" to collect
and redeem such "stamps" might reasonably have some base cost which'd
probably be prohibitive for individuals (have you looked at what ICANN
charges for a new TLD? It's like $500,000 to start the process, all
tolled.)

But, really, this is far more detail than would need to be proscribed
in a proposal. How it might work is engineering, what it might cost
is, well, not engineering.

Look, we know how to build small closed e-mail systems that charge per
message.  MCI Mail did OK for a while until the Internet made it
irrelevant.  What we don't know is how to scale it up to anything like
the size of the Internet mail system, nor how to do settlements among
the huge numbers of mail systems that exist.

I don't propose charging per message.

I don't propose charging per message.

I don't propose...how many times do I have to say this?

Well, at least not in the way it is being described. MCI Mail REALLY
charged per message.

I'm saying that (how simply can I put this) someone like an Amazon or
JoeSpammer would have to buy cryptographic stamps for each message
they want to send out. Or, more likely, a range and they have the
software to generate the "stamps" within that range.

The recipient, at any level, some ISPs or other orgs might do this,
some might pass it entirely to the end-user, can choose to check the
validity of those "stamps", or not. If it is valid they can also
accept the message (they can accept invalid ones also if they like but
they'll never get paid for that)...

Ya know, let's make this simpler, it's a lot like click-thru
advertising in some ways. Someone has to accept/click, somehow these
have to be accounted for and that accounting is used in a charging
scheme.

Anyhow, anyone (in my imaginings) could send out email w/o any
"postage" (free or otherwise) at all, they'd just be at the mercy of
the ISP or recipient or company or university, whatever, to accept it
or not w/o postage, kinda like choosing to accept a site w/ a
self-signed certificate.

To pick an obvious and well-known hard problem, how do you plan to
prevent double spending of your stamps, and make your solution scale
up to an interestingly large amount of mail?  I know you think I'm
just being defeatist, but handwaving has never been much of a
substitute for engineering, and the engineering problems in metering
large volumes of anything are hard.

I don't think you're being defeatist, just resistant and asking
questions you could answer for yourself.

Like here's an easy scenario:

At the point something like this was implemented there's now money on
the table.

If you double-spend (and get caught), YOU GO TO JAIL!

To "spend" at all you need some sort of license, it leads right back
to you or else no one would accept your messages, right?

I mean, what stops iTunes from double-spending, from only counting
every other mp3 (whatever) downloaded in reports to the record
companies? They'd go to jail (a collective term for lose their
franchise, get sued, etc etc etc.)

But there are ecurrency methods which can make this non-trivial. And
there's a reputation system inherent. Now that it's cryptographically
signed you know who it is and if someone is a crook it's a lot easier
to discard their mail w/o reading.

For example, would you really expect, e.g., Amazon to maliciously
(accidents can happen) double-spend in such a system? Nah. So we get
back to blacklists and all that if you care. But at least you're doing
the first-line filtering right at your site (whether MTA or MUA is a
policy matter.)

The real point is tho that once you have an economy, just like with
music, once someone is relying on it for income and fair play, then
they can do all sorts of things like sampling, offer rewards
(cut+paste stamps you get into our site [so we can check for dupes]
and win prizes!), whatever.

Spam is particularly hard, since no payment system I know of, micro or
otherwise, has been designed for an environment where 95% of the
putative payments are bogus.

Spam is particularly hard because nobody has much motivation to spend
much money (and all it buys) enforcing anti-spam behavior.

Hey, I've heard it first hand, yelled at me by a three-letter
government agency rep: EMAIL IS AN OPEN SYSTEM, ANYONE CAN INJECT
ANYTHING FOR FREE, UNLESS IT'S INHERENTLY ILLEGAL (e.g., child porn)
WE HAVE NO INTEREST IN ENFORCING THE FAIR USAGE OF SOMETHING YOU VALUE
AT, EFFECTIVELY, ZERO!

Forget the LEO aspect, it's basically a true statement, but it's a
good example because go ahead call 911 and try to get them to respond
because something or someone is causing you "lost productivity", the
usual flimsy complaint about spam.

But put some $$$ value and maybe just maybe...but with money you can
do a lot of things to enforce property values.

-- 
        -Barry Shein

The World              | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg