[Cryptography] Paid SMTP (PSMTP)

Ersin Taskin hersintaskin at gmail.com
Wed Feb 28 05:53:39 EST 2018


2018-02-27 22:53 GMT+03:00 John Levine <johnl at iecc.com>:

First thing's first. Thank you for your time. I appreciate it.
Let me answer your questions in an order providing a train of thought.


> * Hacker X broke into grandma's account and sent $100 of spam.  Does
> grandma pay the $100?  If not, who decides?  If so, why would grandma
> want to do this?
>
Let me repeat: " ...my proposal (which does not claim to be Final Ultimate
but rather an additional tool in the toolbox) ". I also stated explicitely
that PSMTP lives simultaneously with SMTP. So by definition I am not
proposing a FUSSP covering the entire mail space.
Anyone who is not capable of installing, filling, using a crypto wallet
cannot be a part of PSMTP. They can continue with SMTP. Granma can keep
mailing her granchildren in SMTP.

* Spammer Y claims that Hacker X broke into his account and sent $100
> of spam. but he's lying.  Does he pay?  How do you tell the difference
> between him and grandma?
>
Yes he pays. I don't have to tell the difference. Security is crypto wallet
level. If you lose your private keys you lose your CommCoins just like
Bitcoin. You would admit as a cryptographer that crypto-wallets and
cryptocurrency use cases increased end-point security significantly. This
raises the bar a lot for the spammer.


> * There are roughly three billion e-mail users in the world.  How do
> you plan to set up accounts for all of them and sell them all stamps?
> A large fraction, perhaps now the majority, of mail users are on mail
> systems like Gmail and Yahoo and Netease that have no financial
> relationship with their users and do not want one.
>
Again, I have to repeat that my proposal is not a FUSSP. It does not cover
everyone.
GMail, Yahoo have nothing to do here. I have explicitely written that you
have a crypto wallet installed on your PC and Mobile. It is that crypto
wallet that takes care of the coin (PSMTP) business through your CommCoin
private keys. One can think of a HD key scheme to manage multiple PSMTP
registered mail accounts. We will need some integration here, I admit. But
the integration will not involve Gmail into financial relations. My money
is at the CommCoin Network and I reach it through my private key(s) that I
manage locally through my wallet app.


> * Some people are much richer than others.  For example, when I had a
> phone SIM in India, the data plans started at 10 rupees, about 15c US,
> and plenty of people bought that plan to check crop prices and maybe a
> handful of messages.  How do you set a price that's affordable for
> people in the developing world while not rounding to zero in the rich
> world?
>
Again, my proposal is not a FUSSP. Anyone that cannot afford a penny cannot
use PSMTP. However, the aim is to make spam less profitable. What is the
point of spaming a poor guy in India who cannot afford a penny? If you have
the ability to find a way to sell him Cialis, you are wasted at spam
business.

* The vast majority of non-spam mail is sent in bulk, some through
> discussion lists like this one, some transactional info such as
> receipts, shipping notices, and bank statements, quite a lot of
> marketing stuff that people have said they'll accept.  Assuming that
> the list owner is not a philanthropist willing to pay to subsidize his
> habit, how do you tell your mail system to waive the fee for the bulk
> mail you want?  How do you unwaive it?  How do you do it in a way that
> Hacker X can't claim you just subscribed to his list and waive
> everything and you don't notice until your mailbox is full of his
> junk?
>
I thought I covered that. The answer is white-listing, ie putting the
sender in the exception list. Let me repeat below.
"2. How about mail lists?...
When a user subscribes to a mail list he puts the mail list address
to his white-list and acknowledges that the mail list will not attach
payment script to emails. Therefore, its mail client skips redeem process
for the mails from the list. It has to skip if the user wants to get mails
from the list. White-listing an address is much easier than subscribing to
a mail list. We can provide automatic and one-click convenient ways to do
that. So anyone who bothers to subscribe to a mail list will whitelist it.
Since mail list white-listing is so seldom I don't see it as a problem."
Therefore, the mail list would not add a payment script. The recipient will
accept the mail without contacting the PSMTP node because it is in the
exception list (white list). You can remove the sender address from the
white-list anytime, for example when you unsubscribe. Hacker X can't claim
that I subscribed to his mail list because I do it in my mail client or
wallet app. I manage my contacts. Imagine the following algorithm run by
the mail client-wallet couple
IF (the sender is white listed)
  Fetch the mail
ELSE IF (payment script not included)
  Apply my non-white SMTP settings
ELSE IF (syntax valid AND I am the receviver of the CommCoin (I use my
private key))
  IF (RedeemCoin())
     Fetch the mail
  ELSE
     Reject the mail
ELSE
   Reject the mail

Please note that all the reject mail scenarios above end in black listing
of the spammer as I mention below.

* What is the overall capacity of your scheme?  If it's under 10,000
> messsages/sec you're not serious.  100K/sec would be better.  When
> making your estimates, assume that the mail is 90% spam, and the spam
> will all have bogus stamps pointing at empty wallets, so you'll have
> to do the check but there's no money to be collected.
>
Think of a solution that spots the spammer at the first instance of a spam
mail from him and then forwarding him to the routine blacklisting
procedures we already have. That would be scary for any spammer. Now let's
see if we can do that with PSMTP.
A wallet keeps track of money. That's what it does. A CommCoin wallet never
signs invalid payment scripts. An empty wallet signature is invalid. Its
security is to the level of keeping private keys secret. Therefore, if a
spammer wants to attack the system from an empty wallet, he would do it via
an invalid script, it will be spotted as a spammer by the system at the
first such attempt. The PSMTP system will then apply DNS Black Listing
procedures as well as push the PSMTP blacklisting data to the relevant
MTA's. Therefore, the same address cannot send a second spam. Not to
mention that the empty address is deleted from the PSMTP DB. So the
simplest version of the requirement is that a PSMTP address is allowed to
have empty account but is prohibited to try to use it. You can try to use
an empty account once before it gets deleted. The spammer would not bother
with PSMTP and sail towards SMTP. The very existence of anti-spam
techniques like greeting delay, greylist temporary rejection, nolisting,
quit detection all show that when there is a little bit of trick in the
mail transaction, spammers don't bother and move on to another mail address
in their list where the process runs in a less tricky manner. That is the
essence of brut force. PSMTP trick is much harder to cope with than those
at the presented techniques. And PSMTP applies balcklisting measures
immediately while these techniquies do not. I could easliy imagine that the
PSMTP threat would cause spammers to stay away. How about a minimum opening
deposit requirement of 100 CC (1 $) on top of that? This although not
necessary, would further scare spammers away while 1 $ is nothing for
someone who would prefer the privildge of PSTMP.

I certainly have to admire the chutzpah of someone who, having seen
> that this idea has failed every single time it's been tried over the
> past 20 years, wants to do it again.  (And, sorry, no, there's nothing
> very different about it this time around.)
>
When I saw so many patent applications and failures based on stamp/postage
scheme to fight spam by so many experts in the field the feeling I get is
"this is a good idea waiting for the right time". History is full of good
ideas that failed until the right time has come. Technolgy history is no
different. The right time provides right conditions where prerequisites to
succesful implementation/adoption are met. You can see so many failures and
conclude the idea is completely bad or you can see so many experts having
tried over and over again and may still conclude that it is a good idea
waiting for the right conditions. I believe the cryptocurrency revolution
is the key difference against past trials. This revolution made wallets
convenient to the computer literate people who would be the first adopters
of PSMTP. I see a lot of development activity at wallet/ledger and TEE
spaces. I don't see a reason why we shouldn't get the convenience-security
level of end-point/wallet private key + ledger schemes to anti-spam.
Besides my proposal is different form all the past implementations I have
seen. They either lack the cyrptocurrency-wallet approach or go for the
wrong direction of paying high amounts to important people (earn.com). None
involved an organization like IETF. Adding DANE to the list of differences
now, I think there may be a chance this time.

One other aspect of PSMTP is that it does not posess any false positive nor
false negative as long as private keys are safe.

Once you've figured these out, we have lots more questions to ask.
>
If you take your precious time, I will do same. After all, this is a
constructive discussion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180228/32d41050/attachment.html>


More information about the cryptography mailing list