[Top] [All Lists]

Re: [ietf-smtp] Anti-spam - paid network

2015-12-03 14:25:02

--On Thursday, December 03, 2015 06:53 -0800 Dave Crocker
<dhc(_at_)dcrocker(_dot_)net> wrote:

On 12/3/2015 5:44 AM, Jacob Palme wrote:
I think that the only workable method of getting rid of spam
is to charge the sender of messages a price of perhaps 0.10
$/recipient for sending messages.

There are many approaches to solving spam that will work quite
effectively, if only they were able to work at all.

Your view is one of many that is oft-repeated, very appealing,
and entirely unworkable in the current real-world.


While I agree with you (and John Levine) that there is almost no
chance of this working, I think Jacob's very considerable
contributions in areas of messaging and online discussions
justify, perhaps even require, being somewhat less dismissive.

In particular, the stereotypical and quite telling categories of
the Cory Doctorow and Vern Schryer
( lists,
Jacob's proposal is, IMO, a member of a family of things that
have been getting a lot of traction in the IETF of late.  

Models of that sort are also ancient in network time.  When the
Internet was young, the number of hosts was small and the
user:host ratio large, the assumption (never completely correct)
was that each host (and institution) was responsible for its
users and their behavior.   If someone behaved badly, the
assumption was that the institution could, and would, identify
the offending parties and apply appropriate remedial measures.  

Now we are dealing with huge numbers of users and machines.
When large-scale email services are involved, the typical
provider has very little idea who even the legitimate users of a
mailbox are, resulting in a situation in which there is too
little user identification and authentication for tracing bad
behavior and, as we've seen in a recent and continuing thread,
for too much of it from the standpoint of privacy concerns.

With each of the current proposals in that family, the notion is
that, if only a recipient can depend on the message originator
having been validated by the relevant submission server and that
submission server somehow validated, then the odds of the
message being spam are drastically reduced.  Jacob's current
ideas, as I understand them, tie that validation to the transfer
of small amounts of money.  Most of the others involve more or
less complex rituals (e.g., special DNS entries and special
header fields linked to them).  He hopes that the fees can be
set at a level that will stop spammers but not deter legitimate
users.  The DNS-and-header based methods assume (or hope) that,
despite many of us having observed that we know ways to game or
work around the methods, the spammers will be sufficiently
discouraged by the amount of effort involved in those
workarounds that they will stop spamming.

I see a lot less difference between Jacob's "pay per message"
approach and the DNS-and-header-field ones than one might like
to believe, if only because both ultimately depend on the
assumption that we can find (or have found) a sweet spot in
which the use of email is too costly (along some dimension(s))
for the spammers but inexpensive enough to not deter appropriate

The one big difference I see is that, the debacle with the
initial deployment of DMARC and mailing lists notwithstanding,
the DNS-and-header-field approaches seem fairly easy to deploy
(and confer benefits) incrementally.  The "pay" approach, at
least as I understand it at this point, requires deployment and
acceptance of a new trust structure to be at all useful.  You
have argued the difficulties of such plans far more powerfully
than I have, but we agree that such a requirement would provide
a very high barrier to success even if the ideas were otherwise


ietf-smtp mailing list