Spam-proofing the mail system

Posted Dec 18, 2003 14:53 UTC (Thu) by tonnesen (guest, #3589) [Link]

Should anonymous e-mailing be a pay-as-you-go system? You can send mail from your account at wekeepyouhidden.com which you pay $20/month for.

What about the "free" e-mail systems like hotmail, yahoomail, etc. They'll presumably get domain keys, and continue allowing spamers to send spam through them. What percentage of current spam is sent through these systems now? They wouldn't solve the anonymity problem because, as far as I know, they all attach the originating IP address to the messages they send.

Should anonymous e-mailing be a pay-as-you-go system? You can send mail from your account at wekeepyouhidden.com which you pay $20/month for. My gut tells me this is the only way to get true anonymity now (short of cracking computers and sending from there, but I can't exactly endorse breaking the law as a solution).

My feeling is that blacklists like SpamCop et al would be significantly more effective under the domain keys proposal. Blacklist systems could easily link all messages from one domain together and aggregate the complaints they receive about that domain.

Posted Dec 18, 2003 16:03 UTC (Thu) by freemars (subscriber, #4235) [Link]

Doesn't your system preclude the possibility of sending anonymous e-mail (since every e-mail account must be hooked up to a bank account)? And what about people who don't have a bank account?

I believe in the value of anonymous email, and believe this plan supports it better than the ones suggsted above. While it's true the ISP must be hooked up with a bank an individual sender needn't be. Imagine a system where you go to a convenience store and buy a CD with 200 email stamps worth a dime each. The CD might cost $25 -- $20 for the value of the stamps, $2.50 markup for the store, $2.00 for the bank, and $0.50 for the CD, packaging & distribution. You could pay cash for the CD and take it to your local Starbucks/Internet Cafe to send emails.

Since you're trying to be annonymous, you forge your return address, so you never get your rebate. It either gets lost in cyberspace (and never cashed in; the bank thanks you) or goes to your favorite charity.

A poor person might have to scrape to come up with the $25 purchase price, but doesn't need to jump through all the hoops of getting a bank account. If most of your mail goes to people who know you -- and have you on their whitelists -- your initial supply of stamps will last a long time.

Posted Dec 18, 2003 10:16 UTC (Thu) by ekj (subscriber, #1524) [Link]

But the thing is, the requirement alone to attact a dime to every outgoing spam is likely more than enough to make spamming a non-issue.

If you have to attach say $0.10 to every outgoing message, then even if 90% of the spam is never read so you eventually get the money back (I assume there'd be a timeout of some sort), you'd still be paying $0.01 a message.

Sending a million spam-emails at this rate would cost you $10K. Personally, I think this is low. Because the economics of reading spam would completely change. I would, for example, happily read and delete spam if I knew it would gain me, and cost the spammer, $0.10 for each one. Why, with my current load, and assuming I could process one spam a second, I would make around $5 a day, and would be spending less than 10 minutes to do so.

In practice offcourse, the chanse of any spammer paying me, even a single cent, for me to read their message is miniscule.

Posted Dec 18, 2003 14:52 UTC (Thu) by freemars (subscriber, #4235) [Link]

The more successful people become at filtering, the less penalty is applied to the spammer. Surely that is not what you intended.

Indeed that's not what I intended. Filtering spam would have the same effect as what I described as blacklisting; accept the payment for the spam but throw away the message unread. It costs them a dime but they have no idea if the message was ever seen by human eyeballs.

Posted Dec 19, 2003 2:00 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

Posted Dec 19, 2003 4:50 UTC (Fri) by brouhaha (subscriber, #1698) [Link]

Who would fund mailing lists?

That leaves open the possibility of a spammer masquerading as a list server, but other anti-spam techniques such as SPF easily thwart such misrepesentation.

It also would be possible to set the amount fairly high, but refund it in the case of unsolicited but non-spam email. For instance, I'd probably set my software to charge at least $0.25, and perhaps as much as $1, for unsolicited email from non-whitelisted senders. But for non-spam email, for instance people inquiring about free software I've written, I would refund it.

Probably a fee as low as a penny would discourage a lot of spam, but having the fee higher would serve to also discourage email from students that want me to do their EE or CS homework for them. (I get such email routinely as the result of having a web page about PIC microcontrollers, despite the web page clearly stating that I don't have time to offer free help.)

Posted Dec 19, 2003 13:46 UTC (Fri) by freemars (subscriber, #4235) [Link]

Who would fund mailing lists? I'm sure you couldn't depend on every user subscribed to a list to return the funds (no to mention the list admin is out those funds until they are returned? This would be a huge problem for large mailing lists.

Mailing lists would depend on whitelists. (This means that any new software supporting micropayments must support whitelists also. Because the whitelist would be stored at the ISP both the userland mail-reading software and the ISP SMTP software would have to support whitelists.)

Mailing lists could operate much like current "double opt-in" lists do today... when you subscribe the list sends a 'welcome' email which asks you to whitelist the mailing list address. When you do (sending a rebate to the list) the software notices and adds you to the list. To remove yourself from a list, simply remove it from your whitelist. When the list software gets a request for a micropayment (not whitelisted) it declines to pay and removes the recipient from the list of subscribers.

Who would manage the micropayments? Would we all get PayPal (shudder) accounts? What prevents micropayments from being stolen by ISPs or someone hijacking accounts?

You've found the potential showstoppers. Ideally, there would be a few banks in the business so there would be some pressure on them to hold rates down. It will be up to individual ISPs to decide if they will accept payments from Fred's Bank (where Fred's Bank might be located in some unsavory nation). I would expect ISPs would quickly settle on accepting payments only from member banks of some International Collaboration of Cooperative Micropayment Banks, all of which agree to the following standards:
**** All payments are made in (what, Euros? Something stable)
**** All payments may be converted to [list of currencies] with a conversion rate set by [someone's daily conversoin rate index]
**** All payments can be redeemed at full face value (the sender pays the bank's mark-up, whatever it is)
**** All member banks will honor payments from any member bank (the cost of this service is built into the sender's mark-up)
**** All member banks use a standard set of protocols when clearing payments
**** ???

I'm hoping a few companies -- probably current-day banks -- would step up and offer such a micropayment system. If all email were to convert to a micropayment system there would be enough use to justify setting up the kind of heavily automated system that would be needed to be affordable.

Spammers will no doubt try to hijack computers which have access to email 'stamps'. Cautious people will not store large numbers of 'stamps' on their computers. Prediction: someone will decide it's a really cool idea to keep the user's credit card information in the computer so the software can automatically buy extra email 'stamps' from the International Bank of Microsoft as needed -- some people will get burned.

"Bad" ISPs stealing people's micropayments ... you ask tough questions ... perhaps the legislation protecting ISPs from anti-trust lawsuits should only apply to those which pass on 100% of the micropayments to their customers. "Bad" ISPs could also mess with customer whitelists, but I don't see what they would gain from doing that.