On Wed, Apr 24, 2002, Eran Tromer wrote about "Re: OT: The Heaviest Wave of Viruses": > > That still leaves open the forgery issue: Why don't I get tons of > > forged snailmail with your name as the sender? Answer: Because every > > forged letter costs a postage stamp! It's expensive. There may be no > > other way, other than to charge epostage for email. That's ugly - but >... > On the other hand, a poststage stamp scheme requires the cooperation of > ALL parties, namely the sender and receiver and ISP. Moreover, it has a > significant cost, both for specific parties (the sender) and globally > (money down the drain for costs of money handling, resulting fraud and > its investigation, etc.). So, even if all ISPs in the world decide to > cooperate on this, which has probability zero, all that will happen is > ad-supported webmail (or something equivalent) becoming prevalent.
Actually, there are two ways I know of to handle these these email "charges": 1. Do some sort of a "compensation agreement" between ISPs (as you say, this will need a lot of cooperation between ISPs and at this point looks like a pipe dream). This means that a sender of email surrenders a (say) cent that his ISP pays to the receiver's ISP and eventualy the receiver. A typical "real" user both recieves and sends messages, so his costs and "gains" by this scheme will tend to even out, and the costs will be minimal. Only if someone spams (sends a lot of messages but never gets any back) he will have to bear large costs. Of course there're a lot of problems with this - how to do the cooperation, what to do about bounces (nobody will want to pay to send messages that just help others). Also, legitimate mailing lists will probably need to somehow "reverse the charges" (think of collect phone calls and COD mail), to have the receiver of the mail accept the charges (after he, say, approves the mail's signature, just like in a collect call you can check the caller before approving payment. Spam would not be accepted in this way). 2. A much simpler and much more interesting method has been suggested and researched (if anyone is interested, I can try to find a pointer to the paper I read about this). The basic idea is to make email sending a computationally-expensive operation. For example, consider a new version of SMTP, where before the receiver's server accepts a mail it gives the sender some computational challenge which is trivial for the receiver to invent but hard for the sender to solve (it's not hard to design such a scheme, based on some trapdoor function or NP problem). Now, imagine that a modern server could only do 10,000 of these computations per hour. An ISP would not want to buy more servers just for this (that would cost it real money) so it will make damn sure that none of its customers could mail out more than, say, 10 emails per hour (on a daily average). Users who want to mail out more will need to either pay extra for this (which is good: spammers will need to pay) or put up their own mail server (again, causing spammers to lose money, and allow for easy blocking). Unlike today where open relays can be abused to send out millions of spams, under this scheme open relays will get clogged with all the computations, and their owners are more likely to notice the huge load on them and close the relay. Small and medium mailing lists run on hobby machines (e.g., linux-il, ivrix-discuss) will put a visible, but entirely acceptable, load on the machine. Huge mailing lists (e.g., linux-kernel) will have more problems, so they will either need to be funded better (e.g., by making them cost money), run by a distributed system of people volunteering their CPUs for these computations - or, perhaps, it would be best to run such mailing lists with the old SMTP (without the extra computations) and subscribers will need to "whitelist" mail from them, even though it didn't incur the extra computation cost. The downside of this scheme is that unlike the first, it entails a real waste of money. Money doesn't simply exchange hands, but rather gets thrown down the drain on useless computations. But I think that by a wise choice of the complexity of the computation, this cost can be kept to a minimum, below what it would cost to implement the huge beaurocracy needed in the first scheme, and close to the costs we already have in handling and cleaning up after spam. Anyway, I don't see how any of these methods will mean a boon to the ad- supported webmail industry. > Thus gradual deployment an authentication scheme is immesurably more > likely than enfrocement of a postage stamp scheme. Authentication will solve some problems (such as the Eli-slandering virus problem), for others (e.g., spam) it is either ineffective or too strong. For example, imagine authentication that simple verifies that the email that appears to be coming from @some.domain.com indeed comes from this domain. In that case, spammers will simply buy a new domain for each spam run, just like they buy "throwaway ISP accounts" today. On the other hand, either of the "postage stamp" schemes may solve the spam problem, but doesn't really solve Ely's problem. Since the virus commands your MS-Outlook (or whatever), it can cause it to mail out viruses, even if that costs you real money (ouch!) or to reach your ISPs limit (so it will only mail 100 viruses a day... I don't think this will give Ely that much comfort). -- Nadav Har'El | Thursday, Apr 25 2002, 13 Iyyar 5762 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |A thing is not necessarily true because a http://nadav.harel.org.il |man dies for it. - Oscar Wilde ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
