On Sat, 5 Jul 2025, [email protected] wrote:
It's a fine paper but it has one problem which is it sets up a
strawman: It proposes a particular architecture for e-postage (ok,
granted, more than one, but similar) and proceeds to knock it down.
1. Professional spammers send O(1B) msgs per day per each.
In the aggregate, sure, but there are plenty of spammers who send a lot
less than that. The B2B spam I get from throwaway accounts at large mail
providers is probably only 1000 or less at a time since that's all you can
send that way. I do not think there is one master criminal with a million
throwaway Gmail accounts.
3. We only need to increase the costs to the sort of people who send
O(1B) messages per day to introduce some sanity into the system.
Beyond the fact that the underlying assumption is wrong, that's extremely
unlikely to work unless you envision a world where you have to show ID and
get a license to send mail. It is certainly true that a large flow of
mail from an unfamilar place is suspicious, so spammers have lots of ways
of making their stuff look like lots of little flows. It even has a name,
snowshoe spamming.
At this point I get a whole lot of mail from Salesforce and Sendgrid. I
would love to block them but unfortunately they also send a lot of mail my
users want, so I have to do hacks that try to recognize the customer and
let through the less bad ones. It is painfully clear that they have made
business decisions not to spend enough money on abuse management to clean
this up. The mail gets through, why should they?
Regards,
John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/Q7SYU36U4YCE552OSQKZDEE7AU4KEZNU/
