[Cryptography] Paid SMTP (PSMTP)

Kevin W. Wall kevin.w.wall at gmail.com
Wed Feb 28 01:00:13 EST 2018


On Tue, Feb 27, 2018 at 8:15 AM, Ersin Taskin <hersintaskin at gmail.com> wrote:
<snip>
>
> The whole idea is that a sender-pays-receiver scheme as presented below as
> an extension to the current SMTP system will provide a robust tool in our
> anti-spam toolbox. The cost per mail is the same for all mails and mail
> addresses. It is as low as not hurting honest people/agents but high enough
> to kill most of the spam. Let us make it a penny for the sake of clarity in
> this introduction.

Unlike John Levine who's a recognized expert in this field, I don't
even pretend to know enough to judge whether or not your idea is
technically sound or not. However, based on the above paragraph alone,
I am concerned about one unintended consequences.

If the cost per email and all email addresses is the same, I think one
unintended result would be to move a substantial portion of the spam
to unmoderated mailing lists (and make even moderated mailing lists
harder to moderate). I know that I've dealt with periods of excessive
spam to our various open OWASP mailing lists and it's been a royal
pain. OWASP is using something like Baracuda now for spam filtering,
so it's a lot more tolerable than it was 5 years ago or so, but there
are probably a lot of mailing lists run by individuals (I'm subscribed
to a few) who don't have the resources to fight spam. And if spammers
are going to have to pay a flat rate, they likely will go with
something like mailing lists so they can get the biggest bang for the
buck.

Just my $.02,
-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/    | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.


More information about the cryptography mailing list