the problem of spam prevention has concerned me for a long time. the Internet was designed to withstand a nuclear attack-- yet it is incredibly vulnerable to spam. the initial assumption was that all nodes on the network are friend, not foe, i.e. trusted. this concept is breaking down as the net scales massively. some people warned long ago that spam would become an increasing problem on the net as it scaled, and that the technical visionaries would wise to try to cooperate and come up with approaches. such a point of view is not popular on this list, which is not really big on collaboration (despite that some of the greatest successes and fame have come from it, such as via the code cracking ring). but increasingly events are forcing people to come together to come up with solutions. there are many promising approaches to spam prevention. the one I like is a system whereby the receiver can specify how much money it costs to receive an email from anyone. the mail is rejected if it doesn't contain this fee. different people can configure their incoming mail different. Gates may charge, say, $1000. joe schmoe would charge, say, $1. an interesting part of this model is that if someone you like sends you mail, including the fee, there is nothing to prevent you from reimbursing them in a return message (or paying their own fee with the money they supply). such a system would be a very powerful spam prevention system. (due credit goes to TCM for being one of the first for advocating this.) however, I would like to suggest that spam prevention is a great test for a *reputation*system*, something we have talked about a long time here but found it very difficult to implement. the reputation system would rate people based on their lack of email complaints, and allow queries that could screen email based on poor ratings. such a system would not immediately block spam, but it could be implemented in a way such that spam becomes far less powerful. there are two problems with spam that any designer has to confront. there are some internet providers who do not want their users to spam. if they inserted a few header into the outgoing mail such as the following, it would allow excellent screening heuristics: 1. total bytes sent through this email address. 2. total age of this account in days. the sender is free to calculate the ratio if it prefers, or use various heuristics on the straight values themselves. now, I consider this pretty easy. the more difficult problem is that there are some IPs that do not wish to ban spammers-- they may be making a business out of it. a reputation system that weeds out these sites may be buildable-- but it's the most difficult problem. I think a lot of fame and glory will go to someone who invents effective spam prevention mechanisms-- increasingly I think the future of cyberspace depends on solving this very difficult and seemingly intractable problem. (if anyone can point me to a mailing list that focuses on technical spam prevention, I'd appreciate it.)