re: Hal's suggestion I don't think that banning multiple recipients solves the whole problem which is the spamming of the remailer network by cybervandals like Detweiler. What needs to be done is to create some system that "charges" remailer requests to the sender which then limits the size or frequency of their messages based on their ability to pay. For a play money system, the issue is, how do you distribute the play money accounts without letting spammers open up as many accounts as they like? (e.g. if Detweiler spends his one account dry with his cyberterrorism, how do we prevent him from opening up an unlimited number of accounts without trying to attach accounts to a user's e-mail address?) By making remailers charge users, and even other remailers on the network, we can also prevent rogue remailers from allowing Detweiler attacks through the network (since they'd have to pay for his traffic) Here's a nutty idea I had one night which would accomplish these goals and also encourage more people to run remailers: o each remailer upon being setup distributes a large but finite amount of digicash certificates. These certificates are one use only. The initial distribution and price system can be altered to tailor the usage of the remailer to the owner's wishes. o after the initial distribution, the remailer distributes a somewhat smaller amount of digicash each renewal period (probably once a week) This smaller amount is sufficient for casual use, but not abuse o if you want more than what a remailer is willing to give you, you must trade service for it. That is, you must set up your own remailer and issue some cash to the other remailer which can be redeemed for chaining service. Example: Bob was unsatisified with his $10 of Ann's remailer coupons, so he set up his own remailer and issued $100 worth of service to Ann, in return, she gave him $50 of service for her remailer. (obviously, her remailer is more popular and is more in demand so his is only worth 1/2 of hers. Ann could use bob's coupons to either chain requests through him, or she could sell them off to other remailer operators.) The hard part is making sure that Bob doesn't cheat, offer to run a remailer, issue $X worth of credit to Ann, and then just file her remail requests to /dev/null I'm hopeful that a "consumer reports" like organization will pop up which periodically tests remailers to make sure they aren't cheating. (besides, the remailer network itself should do such testing with fake traffic) Call it "the free market of remailers" Other issues: How to distribute coupons/stamps/dollars? First come first serve? Popularity/Reputation? Reputation market? We want to prevent people from collecting digicash certificates multiple times during distributions, but at the same time, we don't want to use their real e-mail address. So in a system where users can create as many identities as they wish, how can we achieve a fair distribution? The only thing I can think of is to distribute cash to users based on their reputation or trust level. If a Detweiler is found abusing remailers, operators simply stop giving him cash for their remailers. Remailers which sanction Detweilers end up paying for them in the long run. (either because he runs up the costs for the remailer to use other remailers on the network, or because the operator gets too many complaints from systems which it directly delivered Detweiler mail to) Anyway, limiting multiple recipients will stop geometric growth, but it won't prevent Detweiler from hacking up a script to send a hundred thousand remail requests posting to every newsgroup and mailing list out there. Remailers would also have to limit the amount of remailer requests allowed per day, but this would still allow Detweiler to spam up the system by preventing anyone else from using it (by running out the global quota) Some sort of authentication is needly, IMHO. -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- rjc@gnu.ai.mit.edu | politics is the implementation of faith. --