On December 1, 2008 at 02:33 johnl(_at_)taugh(_dot_)com (John Levine) wrote:
How do you plan to identify and charge bulk senders without counting
the mail? Spammers already go to considerable effort to disguise
their bulk mail as a lot of different non-bulk mail. How do you
expect to keep bulk senders from sneaking under the radar by
masquerading as a lot of non-bulk senders?
Does this mean we've moved beyond the "moral" issue?
Beats me. Nobody has mentioned a "moral" issue but you.
Well, I was referring to the idea that it's somehow (morally) wrong to
charge for email, or further it's wrong to charge for worthy mailing
lists (this one often cited), etc.
Those to me are "moral" issues.
Compare and contrast to "moral risk" in financial markets.
meters, it's up to the bulk sender to purchase the "postage", likely a
cryptographic scheme which identifies the purchaser uniquely
(analogous to DKIM) and allows the sending of however many "stamps"
were purchased, a countdown system.
Right, that brings us to the double spending problem ...
Not in any terribly unique way.
Why can't I buy one SSL cert and put it onto as many sites as I like?
Ok, that's only one dimension of the problem.
But the point is if I can distinguish between a legitimate stamp and a
non-legitimate stamp, and like an SSL cert, can know with some
reasonable certainty who must own that "postage meter", then I know
who the offender is.
Now, if, like SSL certs, it's very difficult to counterfeit a "stamp"
it must have been bought somewhere and by the culprit.
Then we go to sampling techniques, rewards, etc.
If someone is caught double-spending one presumes the postage meter
sales company (a la SSL cert sales co) is interested, at least.
It's possible it was all a big mistake, server went crazy, db out of
synch, never happened before, won't happen again. Fine, you're
forgiven or pay the clean up fee and you're forgiven, whatever, that's
marketing.
But if not then maybe you can't buy any more postage until you somehow
prove your contrition. etc. Or you'll end up on blacklists and no one
will accept your postage.
There are many working systems, business models, on this planet which
do not require or even attempt perfection.
... because none of them are attempting to work in an environment
where 98% of the attempted transactions are bogus.
You need to speak with ASCAP, RIAA, et al.
You don't think illegal muslc downloading etc faced similar stats?
And what would postal systems or phone systems face if there were no
enforcement, no economy, hence no economy for enforcement?
Who would pay their phone bill if they won't even shut your phone
service off for non-payment? Yet, that's practically the situation
we've created with email.
Send a billion messages, free! If we don't like them then...send a
billion more, free!
Hard to compare.
Say you've dropped into the local Dunkin Donuts for a donut and
coffee. But 98% of the cash that customers offer is counterfeit. How
would this affect the way that cashiers work? Would they just accept
all the cash and figure they'll call the cops when they find bogus
stuff?
But that's the point, the cashiers can (usually/often) spot
counterfeit and won't accept it in the first place. And efforts are
continually made to help that (e.g., holographic elements on bills.)
If an SSL cert is bogus your browser tells you, right? Similar.
What good is a bad postage stamp which isn't accepted? That means the
msg didn't get thru which presumably was the point. May as well put
"X-Worthless-Spam: YES" in the header.
But for example if I were an ISP (scratch that, I am an ISP) and
dropping email which contained bogus postage I might keep stats on it
and do something with interesting bits and pieces of those stats.
I think a lot of this discussion gets derailed because who we're
talking about is fast fluxed between end users, senders, ISPs or
company gateways, etc. and some action which might be perfectly
reasonable at an ISP's aggregate and technically sophisticated vantage
point suddenly sounds ridiculous when re-positioned onto dumbcluck
end-user or whatever. "What? You expect my 90 year old grandmother to
manage full BGP??? This internet thing will never work!"
If you design a system that is designed to leak a little spam, the bad
guys will aim their firehose through the leaks. Remember, they have
millions of zombies, so if your wonderful system rejects their fake
stamps with 99% accuracy, they try 100 times as often and get the same
amount of spam through.
Yeah but you've closed one eye and you're squinting with the other.
They still have to start with cryptographically legitimate "stamps"
they got somewhere, a la SSL certs.
Otherwise the postage will instantly test invalid, much like a browser
can spot a bad SSL cert, and be rejected.
Now if they buy a legitimate "cert" and proceed to double-spend we'll
know who they are. It will be invalidated (presumably any rational
scheme would have these expire at regular intervals) and no one would
sell them one again at least until they've cleared their name.
None of this should come as any surprise to anyone who's thought
seriously about e-postage. I was certainly aware of it when I wrote
my white paper five years ago.
Well, if it takes three facts to make it work and you keep dropping
one and arguing against the other two as if the third didn't exist...
1. Cryptographically verifiable "stamp".
2. At least: Identifies the purchaser uniquely (including the
permitted sending hosts), similar to "real" SSL cert requires positive
id for purchase (we had to supply our D&B id for example), and an
expiration beyond which it should not be accepted. Organizations (ISPs
etc) can and are expected to purchase on behalf of client systems and
affix to outgoing email.
2a. Yes this raises the forwarding issue but let's not jump right
there I think it's tenable. A stamp is a stamp is a stamp.
3. Can be rejected algorithmically for authenticity or source by a
receiving MTA or anyone else interested and able to read the
credentials and run a check.
4. Blacklists of abusers, particularly preventing identified abusers
from purchasing further postage until issues cleared up but in serious
cases can be made publicly available. Postage is only good for so many
sends, expires, etc. so must be purchased at regular intervals.
5. Anyone who controls their pipe can choose not to check any of this
or do whatever they want with the info. For example some ISP might
choose to pass failed email to the end-user anyhow, perhaps marked
with a warning, put into a special folder, translate to esperanto,
etc.
Therefore, if you double spend a lot you will almost certainly get
caught.
If you don't do it much you might get away with it but who cares,
really?
It's the folks who send a billion msgs a day we care about, not some
cheapskate who steams stamps off envelopes to reuse.
--
-Barry Shein
The World | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg