[Cryptography] Paid SMTP (PSMTP)

Tue Feb 27 14:53:19 EST 2018

In article <CACMCW-PrtvyUc=_1RtxVScDvOzkAwZEBiy35Zu0CHHBSRA663g at mail.gmail.com> you write:
>The whole idea is that a sender-pays-receiver scheme as presented below as
>an extension to the current SMTP system will provide a robust tool in our
>anti-spam toolbox. The cost per mail is the same for all mails and mail
>addresses. It is as low as not hurting honest people/agents but high enough
>to kill most of the spam. Let us make it a penny for the sake of clarity in
>this introduction.

I certainly have to admire the chutzpah of someone who, having seen
that this idea has failed every single time it's been tried over the
past 20 years, wants to do it again.  (And, sorry, no, there's nothing
very different about it this time around.)

Here's a few questions:

* What is the overall capacity of your scheme?  If it's under 10,000
messsages/sec you're not serious.  100K/sec would be better.  When
making your estimates, assume that the mail is 90% spam, and the spam
will all have bogus stamps pointing at empty wallets, so you'll have
to do the check but there's no money to be collected.

* The vast majority of non-spam mail is sent in bulk, some through
discussion lists like this one, some transactional info such as
receipts, shipping notices, and bank statements, quite a lot of
marketing stuff that people have said they'll accept.  Assuming that
the list owner is not a philanthropist willing to pay to subsidize his
habit, how do you tell your mail system to waive the fee for the bulk
mail you want?  How do you unwaive it?  How do you do it in a way that
Hacker X can't claim you just subscribed to his list and waive
everything and you don't notice until your mailbox is full of his
junk?

* Hacker X broke into grandma's account and sent $100 of spam.  Does
grandma pay the $100?  If not, who decides?  If so, why would grandma
want to do this?

* Spammer Y claims that Hacker X broke into his account and sent $100
of spam. but he's lying.  Does he pay?  How do you tell the difference
between him and grandma?

* There are roughly three billion e-mail users in the world.  How do
you plan to set up accounts for all of them and sell them all stamps?
A large fraction, perhaps now the majority, of mail users are on mail
systems like Gmail and Yahoo and Netease that have no financial
relationship with their users and do not want one.

* Some people are much richer than others.  For example, when I had a
phone SIM in India, the data plans started at 10 rupees, about 15c US,
and plenty of people bought that plan to check crop prices and maybe a
handful of messages.  How do you set a price that's affordable for
people in the developing world while not rounding to zero in the rich
world?

Once you've figured these out, we have lots more questions to ask.

R's,
John

PS:  By the way, I'm on the committee that runs the IETF's finances
and I can say pretty confidently that we're not interested.