Payments as an answer to spam

Eric S. Johansson esj at harvee.org
Fri May 16 14:04:37 EDT 2003 

R. A. Hettinga propagated:
> --- begin forwarded text
> From: "Joseph Ashwood" <ashwood at msn.com>
> To: <iang at systemics.com>,
> 	"McMeikan, Andrew" <Andrew.McMeikan at logicacmg.com>
> Cc: <cryptography at metzdowd.com>
> Subject: Re: Payments as an answer to spam
> Date: Tue, 13 May 2003 12:28:27 -0700
> Sender: owner-cryptography at metzdowd.com
> 
>>"McMeikan, Andrew" wrote:
>>
>>
>>>Put a valid 1mdc payment cheque in the subject line and I guarentee to
...
> Won't work. Here's what happens there.
...
good analysis.  It's the classic reason why any payment system is cursed as an 
antispam system.  That latency between value retrieval and propagation of that 
status is the real killer.  As you point out, a secondary killer is the number 
of queries one needs to make against a coin/stamp/check verifier.

now you get off to a good start
> The best solution I've seen is still the sign everything model. Digitally
> sign the outgoing messages, endpoint servers start checking signatures
> against an active database (unfortunately right now this would mean
> Verisign), email clients start verifying signatures before display, and you
> start discarding automatically all unsigned emails. This ends up costing the
> spammers marginally less (a few dollars a day), but done properly would
> actually enforce the one time computation (include the end target ID in the
> signature). But as was pointed out, this won't work unless everyone does it
> at the same time, or functionally just AOL and MSN start doing it at the
> same time, everyone else will follow suit soon enough. 

then you get way off-track, and when you mention VeriSign, you are way off in 
the poison ivy. :-)

> Then the spammers can
> be identified, traced and properly persued for the costs they incur. In my
> view the ultimate goal should not be to get rid of unsolicited email, it
> should instead be to create an environment where unsolicited email has to
> pull it's own weight from an infrastructure standpoint, this should put the
> junk mail in your inbox at roughly the same level as the junkmail in your
> postal box, a livable level.

one of the things we figured out how to do in the camram project is make changes 
in mail systems incremental so that you can introduce them one user at a time. 
This way, the change is incremental, organic, and user-friendly.

Like you, we see value in signing messages as a way at identifying non spammers. 
  However, for a variety of reasons, I don't trust a central authority to tell 
me who is not a spammer.  They can be corrupted, bought, need a new revenue 
stream and as a result, will sell certificates to spammers under the umbrella of 
"encouraging responsible e-mail advertising".  ya right, like my  ***k will get 
bigger if I buy the right pills.

We're taking the approach that who you know is more important than who says they 
are okay.  If you e-mail someone repeatedly and a e-mail you repeatedly then 
there is a good chance they are someone you will accept signed e-mail from. 
There are obvious exceptions such as your local phone or cable company but for 
the most part, the assertion holds because the vast majority of our e-mail is on 
a person-to-person or person to mailing list basis.  These are voluntary 
associations.

As a result, it should be possible to propagate public keys as part of each 
e-mail message.  If the key remains consistent and associated with the same 
address over time, then there is a sufficient level of comfort to accept 
messages verifiable by that public key in place of something more severe such as 
a stamp or coin.

This is one of the ways we implement the principle of "strangers cost, friends 
fly free".  By building a white list which tracks "who you know" and using white 
list by public key rather than white list by name, you end up with a more secure 
white list as well as a more useful one.

The end result of this approach is that you have a self organizing network of 
permissions allowing people to send each other e-mail.  When addresses change or 
keys get lost, it can be self repairing.  There's no central authority to sensor 
people if they say something that is "not acceptable".  It is also no central 
authority to break under the load.

when evaluating a change for an antispam system, ask yourself to question "who 
pays".  If you don't make the sender pay much more relative to the receiver, 
Spam will continue.

---eric


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list