Payments as an answer to spam
Eric S. Johansson
esj at harvee.org
Fri May 16 14:04:37 EDT 2003
R. A. Hettinga propagated:
> --- begin forwarded text
> From: "Joseph Ashwood" <ashwood at msn.com>
> To: <iang at systemics.com>,
> "McMeikan, Andrew" <Andrew.McMeikan at logicacmg.com>
> Cc: <cryptography at metzdowd.com>
> Subject: Re: Payments as an answer to spam
> Date: Tue, 13 May 2003 12:28:27 -0700
> Sender: owner-cryptography at metzdowd.com
>
>>"McMeikan, Andrew" wrote:
>>
>>
>>>Put a valid 1mdc payment cheque in the subject line and I guarentee to
...
> Won't work. Here's what happens there.
...
good analysis. It's the classic reason why any payment system is cursed as an
antispam system. That latency between value retrieval and propagation of that
status is the real killer. As you point out, a secondary killer is the number
of queries one needs to make against a coin/stamp/check verifier.
now you get off to a good start
> The best solution I've seen is still the sign everything model. Digitally
> sign the outgoing messages, endpoint servers start checking signatures
> against an active database (unfortunately right now this would mean
> Verisign), email clients start verifying signatures before display, and you
> start discarding automatically all unsigned emails. This ends up costing the
> spammers marginally less (a few dollars a day), but done properly would
> actually enforce the one time computation (include the end target ID in the
> signature). But as was pointed out, this won't work unless everyone does it
> at the same time, or functionally just AOL and MSN start doing it at the
> same time, everyone else will follow suit soon enough.
then you get way off-track, and when you mention VeriSign, you are way off in
the poison ivy. :-)
> Then the spammers can
> be identified, traced and properly persued for the costs they incur. In my
> view the ultimate goal should not be to get rid of unsolicited email, it
> should instead be to create an environment where unsolicited email has to
> pull it's own weight from an infrastructure standpoint, this should put the
> junk mail in your inbox at roughly the same level as the junkmail in your
> postal box, a livable level.
one of the things we figured out how to do in the camram project is make changes
in mail systems incremental so that you can introduce them one user at a time.
This way, the change is incremental, organic, and user-friendly.
Like you, we see value in signing messages as a way at identifying non spammers.
However, for a variety of reasons, I don't trust a central authority to tell
me who is not a spammer. They can be corrupted, bought, need a new revenue
stream and as a result, will sell certificates to spammers under the umbrella of
"encouraging responsible e-mail advertising". ya right, like my ***k will get
bigger if I buy the right pills.
We're taking the approach that who you know is more important than who says they
are okay. If you e-mail someone repeatedly and a e-mail you repeatedly then
there is a good chance they are someone you will accept signed e-mail from.
There are obvious exceptions such as your local phone or cable company but for
the most part, the assertion holds because the vast majority of our e-mail is on
a person-to-person or person to mailing list basis. These are voluntary
associations.
As a result, it should be possible to propagate public keys as part of each
e-mail message. If the key remains consistent and associated with the same
address over time, then there is a sufficient level of comfort to accept
messages verifiable by that public key in place of something more severe such as
a stamp or coin.
This is one of the ways we implement the principle of "strangers cost, friends
fly free". By building a white list which tracks "who you know" and using white
list by public key rather than white list by name, you end up with a more secure
white list as well as a more useful one.
The end result of this approach is that you have a self organizing network of
permissions allowing people to send each other e-mail. When addresses change or
keys get lost, it can be self repairing. There's no central authority to sensor
people if they say something that is "not acceptable". It is also no central
authority to break under the load.
when evaluating a change for an antispam system, ask yourself to question "who
pays". If you don't make the sender pay much more relative to the receiver,
Spam will continue.
---eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list