From: David Morris [mailto:dwm(_at_)xpasc(_dot_)com]
It is pure naviety to assert that increasing the cost of
sending spam will not reduce the amount sent. The operative
word is REDUCE. Also note that my choice of words was 'cost'.
There are many ways to associate cost with sending spam.
Actually it won't reduce the amount sent for a different reason, the criminals
will use stolen card numbers to pay for their spam. This is now a major problem
for DNS registrars and ISPs.
I don't disagree that making spammers pay will reduce spam. Where we disagree
is that I don't think that it is necessary to charge legitimate email senders
in order to penalize illegitimate ones.
As Bill Gates proposed a few years ago, bonding type schemes are much easier to
deploy than payment schemes, much cheaper to run and only cost money for the
abuser.
Regardless of what payment mechanism you propose you have to start with an
authentication scheme to bind the payment to the message. So DKIM is actually a
starting point there.
Alternatively you could use a trustworthy hardware device that implements my
patent-pending velocity indicator mechanism.
Or you could link the DKIM signature to a digital certificate that demonstrated
that the holder can be held accountable (e.g. VeriSign Class 3 or an Extended
Validation certificate). This could then provide information on where to find
reputation services reporting on the sender.
A company can ignore a $100,000 fine as simply the cost of doing business.
Having their email rejected by other companies is a much more critical penalty
for them.
Micropayments are fun but having tried to deploy them in the past I don't think
it is practical to do this to stop spam. It is possible to have the same effect
on the bad guys without any effect on the legitimate sender and without
creating a whole different set of cost issues.
The solution to spam is accountability: authentication, accreditation and
consequences.
DKIM is the authentication component. We will come to the other components
later, not necessarily in this forum.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf