A Trial Balloon to Ban Email?

bear bear at sonic.net
Fri May 9 18:05:49 PDT 2003 


I rather liked the suggestion someone made a while ago that involves
paying the recipient when sending email to them.  If they reply, you
get your money back.  But if you spam, it would rapidly become
expensive.

However, that involves financial payments again, and nobody is willing
to do financial anything in a way that allows anonymous players.  So
if we care about the ability to have anonymous email, we can simply
eliminate from consideration anything that requires a paid email
license or financial payments to be made in exchange for the right to
send mail.

There is a better way, of course. But it may not be as profitable for
the people who want to sell certs, so nobody's pushing it right now.

Remember the "hashcash" proposal from a few years ago? It basically
involved the recipient setting some computational task that would take
a couple of CPU seconds to complete and demanding the results (from
the sending machine) before it would accept an email.  IIRC, it was
proposed with a probabilistic task, but there's no reason why it
couldn't be done with a more precisely controlled linear task such as
repeated squaring under a modulus.  Or maybe you could ask
distributed.net to find a way to use CPU cycles beneficially and
provably, and require some number of work-packets to be completed
before the mail is delivered.

The computational task can get arbitrarily larger, if the recipient
system doesn't like the look of the mail.  I can picture the MDA
going, "wow, I decrypted this one, but it scores 9.2 on my procmail
filter scale, so I better ask for and get fifteen MIPS-minutes of CPU
time before I actually deliver it."

Stuff like this can be done anonymously, can be done on the recipient
and sender machines, can depend on filters (the MDA sees it after it
arrives and gets decrypted) and limits the per-machine rate at which a
spammer can send spam.

It requires no central keying authority, no registrations or controls,
allows random email from people you don't know or haven't heard from
in a while to reach you, is a barrier that's fully customizable at the
recipient site, can be implemented purely in software (meaning nobody
has to get a licence or a subscription or vouched for by someone else
to send mail), and if someone really *does* care enough to dedicate
fifteen MIPS-minutes of CPU to getting an advertisement through to
you, it probably means he's got a specific reason to believe that it's
actually something you'll be interested in, rather than just being a
"bottom feeder" who sends out a million emails in the hopes of one
response.

SMTP is a hole, and needs replaced. We have the technology.  It'll
work.

				Bear






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cypherpunks-legacy mailing list