[Cryptography] Paid SMTP (PSMTP)

[tifkap]

>    2018-03-01 1:15 GMT+03:00 tifkap <[1]metzdowd at bikkel.org>:
> 
>      >Â  Â  First, your mail has gone to my spam box at Gmail, which
>      funnily shows
>      >Â  Â  we must do better anti-spam. Well, PSMTPÃ does not suffer
>      false
>      >Â  Â  positive.
>      Of course it does. If I want to spam people, and I'm willing to pay
>      a bit more,
>      I could do this under a P-SMTP schema. It would simply rise spam
>      prices, not
>      eliminate them.
>      So spamming al CEO's of all fortune 100 company's would cost 1
>      dollar instead of
>      of 0.0001 dollar .. big deal. In other words: spam would still
>      exist, but it would
>      be more targeted, because it would be to expensive otherwise.
>      I would still 'vote' spam into the spambox, because I don't care
>      that the sender
>      paid for it. It's still digital crap I don't want to receive (to put
>      it mildly).
> 
>    Dear Paul,
>    Please do not judge the P-SMTP world with SMTP glasses. I take it as a
>    responsibility to fail explaining P-SMTP world in mail format. A paid
>    spam does not have a second chance, and will get blacklisted
>    immediately. 

Really? How? 

And if there is a working global reputation system, then why not use this 
system instead of pSMTP? 


>    It is a world with different habbits and routines. A
>    finer segregation of incoming mails. It is where your main mail box is
>    cleaner, smaller, and full of relevant mails.. It is a mailbox where a
>    spam would be too obvious to spot and kick to death. Kicking a seldom
>    spam in a beautiful P-SMTP enabled mailbox is a different story than
>    strolling through junk mail to find false positives and greys or a
>    mailbox of all shades of grey to be sure to blacklist the spammers
>    only. A PSMTP user will have no mercy for a *paid* spam and it will be
>    just one click to send it to the blacklist hole. 

There is no such thing as 'the blackhole list'. There are no organised global 
blacklists, just a bunch of disconnected rbl's uribl's and hashix dns bl's.


>    I just checked my
>    mailbox and spam box. A great deal of the content on both boxes were
>    more or less the same for me. I remember deadly false positives and I
>    still really have to stroll through a significant list in my mailbox to
>    find the really necessary ones to read. 

I thing you need a better spamfilter (provider).

>    I accept the grey phenomenon, I
>    survive, but if this is what we get for the price that majority of the
>    mail trafic is sucked by spam, well, I don't accept it. I think the
>    time for a paradigm shift on the mail thing has come.Â
>    In the above scenario, the spammer not only spends a penny but a
>    precious spam resource as well. 

Of course not. The majority of spam is sent through hacked php-accounts, bots,etc.

In other words: some poor smuck who is clueless about computers would pay the 
bill (think: elderly people, dumb people, etc).


>    What does he get in return? Nothing but
>    a real kick. Would he risk spamming a P-SMTP account (remember P-SMTP
>    BL scheme including DNS BL)? 

Would a criminal hesitate about buying a couple of thousand hacked smtp-
accounts to spam milions of people, and let other people pick up the tap / 
consequneces?

Since this is allready the way most spammers work, I don't see why they would
not continue to operate that way.


>    I don't think so. The very existence of
>    anti-spam techniques like greeting delay, greylist temporary rejection,
>    nolisting, quit detection all show that when there is a little bit of
>    trick in the mail transaction, spammers don't bother and move on to
>    another mail address in their list where the process runs in a less
>    tricky manner. 

No they don't! The moment a couple of systems on the internet do these kind 
of things spammers don't bother about how them. But the moment a substancial
number of systems use it spammers simply adjust. 

And besides that: lot's of spam (most) is send through legitimate systems, that
do things by the book (so greylisting, etc doesn't work against those systems).


>    Therefore, a blacklisting threat would be more than
>    enough to scare spammers away.

So paying/e-stamping is useless, blacklisting is the solution? Blacklisting 
hasn't worked so far, but don't let that stop you.


>    P-SMTP is not just a protocol, it is a philosophy, a spirit, a space of
>    new habits, attitudes and routines, backed by ubiquitous, convenient
>    private key scheme on end-point TEE security.

No comment

>    Regards,
>    Ersin
>    P.S. I received a spam phone call for VIP services for Monaco Grand
>    Prix as I was writing this reponse:) Guys, this shit's got to go:)
>