Bill, you greedy sombitch, it's obvious from the following that you've had servants fetching (and filtering) your snail mail for quite some time...

from cnn (http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/index.html)
If the U.S. Postal Service delivered mail for free, our mailboxes would surely runneth over with more credit-card offers, sweepstakes entries, and supermarket fliers. That's why we get so much junk e-mail: It's essentially free to send. So Microsoft Corp. chairman Bill Gates, among others, is now suggesting that we start buying "stamps" for e-mail.

Since the U.S. Postal Service delivers junk mail for at bulk rates, mailboxes already 'runneth over' with credit-card offers, sweepstakes entries, and supermarket fliers. That's why you get so much junk mail: It's cheaper (per piece) to send than what you pay to send a Mother's Day card or your tax return.

If the USPS, or whoever's gonna sell the stamps, agrees to take over my ISP fees, I'll consider buying email postage stamps. They're gonna give spammers... I mean direct email marketers, bulk rate anyhow.

RED HOT! Git yer RED HOTMAIL STAMPS here!

I do have to say that his hair is looking better on the CNN link. Not good, but better.

:rolleyes:

Read the entire article before jumping to conclusions.

Details came last week as part of Microsoft's anti-spam strategy. Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle. The exercise would merely serve as proof of the sender's good faith.

At the risk of being torn a new ass... Gates does have a point.

Bill Gates said:
That's why we get so much junk e-mail: It's essentially free to send
Yeah, that, and there are a lot of people out there with nothing better to do with their time than create template emails for "BUY SOME VIAGRAAAX!!11!" etc.

A lot of people are going to simply dismiss this idea as crap, but I think that with little work (as with any idea) a serious solution to SPAM could be found.

LilShieste

Seems reasonable to donate a few processor cycles in exchange for free email, but I'm probably being gullible and clueless here.

:rolleyes:

Read the entire article before jumping to conclusions.

Read it yourself.


Goodmail chief executive Richard Gingras said individuals might get to send a limited number for free, while mailing lists and nonprofit organizations might get price breaks.

But at what threshold would e-mail cease to be free? At what point might a mailing list be big or commercial enough to pay full rates? Goodmail has no price list yet, so Gingras couldn't say. Vint Cerf, one of the Internet's founding fathers, said spammers are bound to exploit any free allotments.

"The spammers will probably just keep changing their mailbox names," Cerf said. "I continue to be impressed by the agility of spammers." And who gets the payments? How do you build and pay for a system to track all this? How do you keep such a system from becoming a target for hacking and scams?

If we're just going to need to do a little 'math puzzle', the why the talk of postage stamps and prices at all? Do you really want to solve a math puzzle every single time you send an email? Hell, most people can't even manage to use Bcc or delete the original message when they hit 'Reply', let alone type or spell properly. You know damn well they're just gonna let their PayPal account chalk up another 'postage stamp' rather than solve a math equation, and Bill knows it, too. I'll bet he's banking on it.

Of course, it's the big emailers that are going to have to put a stop to this whole idea. I mean message boards like the SDMB that allow members to receive email notification of thread activity. Of course, they could just start charging us for membership here.

gluteus maximus said:
If we're just going to need to do a little 'math puzzle', the why the talk of postage stamps and prices at all? Do you really want to solve a math puzzle every single time you send an email?
It was just an example showing that "purchasing stamps" doesn't necessarily have to involve real money. If nothing else, this should get people thinking of other "payment options."

My wife had brought up another interesting point, too-- what if people could determine the "price" of sending email to their inbox? For example: I could say, "Any emails from address xxxxx, don't need postage. Emails from yyyyy should have to pay <insert amount here>. Any other emails should cost <some predetermined amount>". In this case, you wouldn't have to worry about not getting any emails from family members, or newsletters, etc.

I still think it's a good idea. Or at least a step in a good direction.

LilShieste

Do you really want to solve a math puzzle every single time you send an email? Hell, most people can't even manage to use Bcc or delete the original message when they hit 'Reply', let alone type or spell properly. You know damn well they're just gonna let their PayPal account chalk up another 'postage stamp' rather than solve a math equation, and Bill knows it, too.
While I realise it's easy and fun to bash Gates, you really aren't even trying to be even-handed here. No-one is talking about making a user crack out a pencil to convolve a gaussian by hand; this is a suggestion for a transparent system whereby the email client would, say, factor a largeish number for a second or so for each email sent. The imposition of a small computational cost on email in this manner would have a significant impact on mass-mailers without noticeably affecting genuine correspondents.

Certainly, bona fide bulk senders would be affected, but if we're redesigning the email infrastructure then it's easy to imagine a solution to this. This, after all, is essentially a proof-of-motives system; unsolicited mails need to contain a proof that some effort has been put into sending them. If an email does not contain this proof, one might automatically consider it to be spam. However, it would be just as easy to accept such emails on a per-address basis; the only difference would be that I might have to configure my email client to accept proofless emails from the straightdope.

Furthermore, this is only one of the many, many suggestions currently circulating for spam circumvention. This, incidentally, is the cause of your confusion between the monetary price proposals and this one, which is a computational price. It isn't even Gates's idea, and doesn't involve paying him money. It's far too easy to assign eeeeevil motives to Gates ("he's saving babies? Well sure, but why do you think he wants them alive, eh?"), and it obscures rational assessment of solutions to what is, undeniably, a huge problem. So cut it out and try and think this through sensibly.

Oh christ, read it yourself.

Blindly bashing Bill Gates has become rather old.Read it yourself.


Goodmail chief executive Richard Gingras said individuals might get to send a limited number for free, while mailing lists and nonprofit organizations might get price breaks.

But at what threshold would e-mail cease to be free? At what point might a mailing list be big or commercial enough to pay full rates? Goodmail has no price list yet, so Gingras couldn't say. Vint Cerf, one of the Internet's founding fathers, said spammers are bound to exploit any free allotments.

"The spammers will probably just keep changing their mailbox names," Cerf said. "I continue to be impressed by the agility of spammers." And who gets the payments? How do you build and pay for a system to track all this? How do you keep such a system from becoming a target for hacking and scams?

If we're just going to need to do a little 'math puzzle', the why the talk of postage stamps and prices at all? Do you really want to solve a math puzzle every single time you send an email? Hell, most people can't even manage to use Bcc or delete the original message when they hit 'Reply', let alone type or spell properly. You know damn well they're just gonna let their PayPal account chalk up another 'postage stamp' rather than solve a math equation, and Bill knows it, too. I'll bet he's banking on it. Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle.

With a little thought, this is indeed bashworthy.

Sure, it sounds like a good idea. Tie up the spammers' machines with distributed calculations. But exactly how does he propose to do this?

1. Tie it into MS email programs. Sounds good, but even for Windows, there are approximately eight billion e-mail programs. Spammers don't use Outlook, there are mass-mail programs that simply read from a list of emails and spew forth the penis enlargement offers.

2. Tie it into Windows. Now, there are other OSes out there, as all of you should know. How eager would Mr. G be to give all competing systems a black eye by claiming it's impossible to spam from a Windows machine? (Well, except for 3.1-XP, assuming that this feature gets built into Longhorn)

3. Make a new e-mail standard. So, then, there'd be e-mail and MS-mail. I'd like to continue sending mail to my Windows-using friends, thank you very much. Not to mention that traditional computers aren't even the only thing that can send e-mail these days. My cell phone just doesn't have the cycles to loan out to Folding@Home. This could also potentially cripple web-based mail systems that are running at high load already.

Just some thoughts. I'll let someone else do the actual bashing.

Oh christ, read it yourself.

Blindly bashing Bill Gates has become rather old.

Ya know what, Ian Fan? Fuck you!

If you don't like reading Bill Gates bashing, then don't read it, and go post somewhere else.
Oh, nice coding, BTW. :rolleyes:



I don't use hotmail, or yahoo, or AOL, or any other web-based email, and you know what? I don't get any spam, either. So, no, I don't want to spend another 10 seconds playing footsie with my ISP to fucking use the service that I already have paid for, and I don't want to have to pay an extra fee for every email I send, either. If the email service providers really wanted to get rid of spam, they'd have done it already, just like if the USPS hated junk mail as much as the people who receive it do, it would stop delivering it.

Why should the individual, private, innocent emailers have to pay in time or money to fix a problem that they haven't contributed to (except by having an email address)? Why should I have to prove that my email to my parents on the other side of the globe, or to my friend (via cell phone) across town is legitimate when I've already paid for the fucking connection?

Ok, everyone needs to stop freaking out about Bill Gates being one of the featured individuals of the above CNN link.

This sort of mechanism would probably not be instantiated on an individual's computer (i.e. on a computer set up with Outlook). I would imagine that something this large-scale would have to be handled on a basis of ISPs and their hardware. (Just a side note-- there are many ISPs out there besides MSN. So, even if Gates were to bring any money in off of this, so would all of his competitor-- like AOL.)

I think people are imagining scenarios like what Tentacle Monster described, and not realizing how far off base those kind of ideas are. Yeah, I will agree that Gates is a shady character, but c'mon people, he's not an idiot.

I think 4 years of having GW in office has made everyone super paranoid.

LilShieste

Ok, everyone needs to stop freaking out about Bill Gates being one of the featured individuals of the above CNN link.
I think 4 years of having GW in office has made everyone super paranoid.

LilShieste

Oh, yeah?

How many versions of the Windows OS have you purchased?

Check for yourself how many 'help me with this XP problem' threads have been posted in GQ.




Bill Gates is the reincarnation of P.T. Barnum.

I do have to say that his hair is looking better on the CNN link. Not good, but better.

It just looks like the bowl they use to cut around it now has a large jagged edge.

I wish my head was as clear as his. Just walk out looking like a poster-boy for dorks with no concern for style, etc. We all should be that ignorantly bliss.

gluteus maximus said:
Oh, yeah?

How many versions of the Windows OS have you purchased?

Check for yourself how many 'help me with this XP problem' threads have been posted in GQ.

I've been using Windows OSs for as long as I have worked with computers (with the exception of my Commodore 64). I am quite aware of the many problems existing in these operating systems (I even <gasp> develop applications for these "horrid" operating systems). I still fail to see how or why Gates would try to corner this type of "market" with Windows (or an application, or whatever). Yeah, I'll agree that he would like to see some kind of profit from this, but doing what you're thinking he would do would fail more miserably than Windows ME.

I don't have any problems with people calling Gates names, pitting Windows, etc... I do have a problem with people trying to believe he knows nothing about computers, and their role in our society.

LilShieste

1. Tie it into MS email programs. Sounds good, but even for Windows, there are approximately eight billion e-mail programs. Spammers don't use Outlook, there are mass-mail programs that simply read from a list of emails and spew forth the penis enlargement offers.
Yeah, but the point is that the proof of computation is included in the email itself, and is not trivially forgeable. So regardless of what email client you use, you still can't get your email through if you don't do the computation. Given the diversity of the email world, it's difficult to see how Gates can force a closed standard on the world without a concerted mass hari-kiri on the part of the other email vendors, not to mention the sysadmins of non-Exchange networks. Bill doesn't have the power in the internet world that he does on the desktop; witness Microsoft's relative failure thus far with smartphones and set-top boxes.

2. Tie it into Windows. Now, there are other OSes out there, as all of you should know. How eager would Mr. G be to give all competing systems a black eye by claiming it's impossible to spam from a Windows machine? (Well, except for 3.1-XP, assuming that this feature gets built into Longhorn)
Again, it's difficult to see how this makes technical sense. The proposed system is an infrastructural "herd" type of thing, much like immunisation. It's not about what you're allowed to send, it's about what you expect to ever get read. There's no mechanism to stop you sending plain ol' email, it's just that by moving to a system where readers require some sort of authenticated mail, senders need to move to this scheme too.

3. Make a new e-mail standard. So, then, there'd be e-mail and MS-mail. I'd like to continue sending mail to my Windows-using friends, thank you very much. Not to mention that traditional computers aren't even the only thing that can send e-mail these days. My cell phone just doesn't have the cycles to loan out to Folding@Home. This could also potentially cripple web-based mail systems that are running at high load already.
See my earlier point about MS' ability to force a new standard on the market. This isn't something they can get out there by bundling; it will have to offer a genuine advantage if people are to adopt it. If it does, then it deserves to be adopted, and if it doesn't it won't.

My personal opinion is that this isn't the ideal solution, purely from a technical standpoint. The other options, such as small-currency stamps worth a cent or two, and simple certification combined with blacklists both have their problems. The former suffer from a lack of decent micropayment technologies at the moment, and the latter would probably end up over-centralised, giving some organisation too much power. However, it's easy to ascribe sinister motives to any solution that is proposed, be it payment , computational or certificate based. The argument that company X is trying to get everyone to use their own system is the weakest of all - of course they are, that is the reason they are in business. Shaky ground is reached when it is presumed that they have some magical ability to force us to use it. IE and Office aren't comparable examples, since these are standalone programs, not infrastructure replacements. Each arrived on a user's computer from the get-go, with the user unaware anything else was necessary. Email is so utterly embedded that to say Bill Gates is going to somehow force us all to pay him tribute to use it is just unrealistic.

Oh, yeah?

How many versions of the Windows OS have you purchased?

Check for yourself how many 'help me with this XP problem' threads have been posted in GQ.




Bill Gates is the reincarnation of P.T. Barnum.


And could you imagine the carnage if tomorrow, the unwashed masses went out and installed Linux on their desktops? All those open Sendmail relays , so little time... (Because I sorta doubt Joe User, who cannot be bothered to click 'update now', will secure their alternative OS properly)

I was on the admin team for the world's largest private email system, and believe you me, spam costs. Unfortunately, I don't think we will ever have a perfect solution, barring accepting only trusted emails. But then, email won't really be email. Capital punishement for spammers, say I.

As for the haircut, Gates probably figures "On the internet, nobody knows if you look like a dork." ;)

As for the haircut, Gates probably figures "On the internet, nobody knows if you look like a dork." ;)

Your secret is safe. :)

Ya know what, Ian Fan? Fuck you!

If you don't like reading Bill Gates bashing, then don't read it, and go post somewhere else.
Oh, nice coding, BTW. :rolleyes:



I don't use hotmail, or yahoo, or AOL, or any other web-based email, and you know what? I don't get any spam, either. So, no, I don't want to spend another 10 seconds playing footsie with my ISP to fucking use the service that I already have paid for, and I don't want to have to pay an extra fee for every email I send, either. If the email service providers really wanted to get rid of spam, they'd have done it already, just like if the USPS hated junk mail as much as the people who receive it do, it would stop delivering it.

Why should the individual, private, innocent emailers have to pay in time or money to fix a problem that they haven't contributed to (except by having an email address)? Why should I have to prove that my email to my parents on the other side of the globe, or to my friend (via cell phone) across town is legitimate when I've already paid for the fucking connection?My elite coding skills are necessary so that your thick head has a chance of actually interpreting the article. I suggest you look past your hate for Gates and actually start thinking objectively. You started out with the notion that Gates is going to try to get a penny from you every time you send e-mail, which is not the case. Now you're just ranting over your annoyance with the system, which is fine. Two completely different things. I have no problem with reasonable debate, but tainting a topic with incorrect information because of your bias is absurd.

I do a newsletter for my neighborhood, which I then distribute via e-mail to my neighbors. The last time I sent the newsletter out, one bounced back to me with a note requesting more information. It said I wasn't on Mr. Jones' list of people whom he would accept e-mail from, and did I want to request permission? There was a short questionnaire where I could tell him my name and purpose. Mr. Jones then presumably got an e-mail with my response and he could decide whether to accept it.

Sounds like a reasonable plan to me. Painful at first, but once spammers got the idea that virtually no one was going to be reading their request for Nigerian funds, they'd (we hope) find a new occupation.

Again, it's difficult to see how this makes technical sense. The proposed system is an infrastructural "herd" type of thing, much like immunisation. It's not about what you're allowed to send, it's about what you expect to ever get read. There's no mechanism to stop you sending plain ol' email, it's just that by moving to a system where readers require some sort of authenticated mail, senders need to move to this scheme too.


So you're saying that if authenticated mail becomes the standard, and it is tied to Windows, that means that no other OS's will be able to send authenticated mail, and that's okay?

I'm confused.

So you're saying that if authenticated mail becomes the standard, and it is tied to Windows, that means that no other OS's will be able to send authenticated mail, and that's okay?

I'm confused.
No; sorry, the second sentence was a bit of a non sequitur. I'm saying that I see no way that Microsoft can tie this to Windows. I'm saying that it is a group choice that needs to be made, and even Microsoft do not have the power to make that decision for everyone. Because it is such a fundamental infrastructure shift, it simply cannot be forced on the world from the client end. If sysadmins can not be persuaded of the system's benefits, they won't roll it out. If not enough people use the new system, people will continue to use Olde Email.

Essentially, if they make this system proprietary, it's not going to work with most of the world's systems, and thus it will fail because who in their right mind is going to block half of their friends from emailing them? If they make it open, then there won't be a problem because any old Joe can implement a compliant client. Like I say, I dislike this system from a technical point of view (for example on account of the bona fide mass mailing and webmail issues raised above). I favour a trusted certification scheme, although this is also a paranoiac's wet dream. What I'm trying to point out is that absolutely any technical solution to spam can be twisted to make it look like someone is trying to screw us. It's beginning to get on my tits, and I'd like there to be a spam solution in the near future without too much hysteria.

Hmm, well, let's open my E-mail inbox...

You Have 400 New Messages.

Oh yeah... and BILL is the bad guy...

No-one is talking about making a user crack out a pencil to convolve a gaussian by hand; this is a suggestion for a transparent system whereby the email client would, say, factor a largeish number for a second or so for each email sent.

Causing my computer to use its processor to do work for someone else constitutes theft of services, since I already have a use for my 'extra' processor cycles. I use them to solve problems that, in the background either make me money or are used for scientific research purposes.

Don't get the idea that by using my electricity, and my processor, without my consent isn't 'payment'. However minute the amount, I'm being forced to pay for something again that I have already paid my ISP for: the bandwidth my traffic uses. I buy bandwidth from my ISP. The nature of the packets traveling over it is of no concern to the ISP or Bill Gates.

Because it is such a fundamental infrastructure shift, it simply cannot be forced on the world from the client end. If sysadmins can not be persuaded of the system's benefits, they won't roll it out. If not enough people use the new system, people will continue to use Olde Email.

There is also the problem that not many spammers use outlook, hotmail, yahoo, or other "popular" ways of sending e-mail. They use Massmail, Atomic Mail or some other software designed to mail in bulk.

As long as the standard e-mail protocol stands, you can't stop it.

So, they invent a new process. A server that requires something be done before the mail is sent (math problem, some verification, whatever) it STILL has to be backwards compatible to receive e-mail on the old system. So you're still getting stuff sent out through Massmail. The only difference I see under a newer system is less e-mail from my mother who has a hard enough time figuring out e-mail.

Let's say the entire system changes overnight. There is nothing from stopping Spammy Sam from getting a domain, setting up his own server, writing a script that sends data out on the new systems protocols and mass mailing a billion users about the wonders of OTC Viagra.

The only way to stop spam is to create better client end software to ignore it and train users to no longer respond to it and NEVER EVER buy anything because of spam. The entire business end of spam needs to dry up before it goes away.

ISP have to take matters into their own hands as well. While spammers can (and do) set up their own servers, ISP's have to make sure they can not use theirs. I kept watch over mine. I required users to verify username/password before sending mail -which is a setting most clients have these days. I also denied bulk mailing at the server level. The server simply would not mail out more then 50 messages from a single user in one session -unless of course that users name was "root" ;)

Yeah, but the point is that the proof of computation is included in the email itself, and is not trivially forgeable.

Okay, so let's say I use something like this to send a mail. I click Send, and the mail client contacts a distributed computation service (let's say Folding@Home). Folding@Home sends my computer a chunk to work out, which it runs through and sends back. Now, how do we authenticate this email on the remote end? We can send the chunk and the solution along with the mail. This would be trivial to forge, as there's no way to check to see if that particular chunk has been solved already. In fact, a "chunk generator" could be written by one of the spam-meisters to create a chunk, solve it itself, and then use that as forged authentication to spew forth the pork product.

The other solution I see to that is to have the remote end (or the remote end's ISP) contact Folding@Home to see if that particular chunk had been solved before. That would mean for every email sent, Folding@Home would have to check through all processed chunks to see if that particular one had been solved recently, as opposed to one solved last month or last year (which a spammer had saved or downloaded elsewhere). I am not a computer scientist, but I can see how this could quickly become more trouble than it is worth for Folding@Home, or any distributed computing project for that matter. It only becomes worse for them as the spammers try their forged chunks, old chunks, etc.

Essentially, if they make this system proprietary, it's not going to work with most of the world's systems, and thus it will fail because who in their right mind is going to block half of their friends from emailing them? If they make it open, then there won't be a problem because any old Joe can implement a compliant client. Like I say, I dislike this system from a technical point of view (for example on account of the bona fide mass mailing and webmail issues raised above).

I definitely agree with disliking the technical aspects of it. However, when has Microsoft ever made anything open? Seriously, I'd like to know.

I was on the admin team for the world's largest private email system, and believe you me, spam costs. Unfortunately, I don't think we will ever have a perfect solution, barring accepting only trusted emails. But then, email won't really be email. Capital punishement for spammers, say I.

Holy fucking shit. I actually agree with Brutus.

Ok, maybe not the "capitol" part, but everything else. ;)

I think spamming is currently at relatively low levels.

Can you imagine if email was organised, structured, financed, etc more than it is? As others have said, suddenly "interest groups" and "marketing ventures" would be granted the equivalent of 1/100th of the charges that the average person would pay for an email.

Judging by the amount of crap I get in my street letterbox, as soon as email is a more structured environment, I'm going to get gazillions more than the odd one or two pieces of spam I currently get per month. And companies will be overcome with it.

If my physical letterbox, telephone and fax machine can be raped, why on earth do people think the online version will be any different?

As for the haircut, Gates probably figures "On the internet, nobody knows if you look like a dork." ;)


It's probably more like "I have more money than you can even conceive of, so I don't care if I look like a dork."

Yeah, but the point is that the proof of computation is included in the email itself, and is not trivially forgeable.

And how do you propose that can be accomplished? Do you need every e-mail server to be able to check the "proof of computation" against whatever that needs to be computed? That would be idiocy if not lunacy.


So regardless of what email client you use, you still can't get your email through if you don't do the computation.

Hm. You mean each node on the relay path will have to do all the verifications?

I change my characterisation of this scheme. This is complete and utter lunacy, there's no other way to describe it.


Given the diversity of the email world, it's difficult to see how Gates can force a closed standard on the world without a concerted mass hari-kiri on the part of the other email vendors, not to mention the sysadmins of non-Exchange networks.

What on earth are you talking about? That's only one e-mail standard right now, that's how all these various servers can operate together.

Causing my computer to use its processor to do work for someone else constitutes theft of services, since I already have a use for my 'extra' processor cycles. I use them to solve problems that, in the background either make me money or are used for scientific research purposes.
Theft? This is what I mean by an overreaction. No-one's "stealing" your cycles, just in the same way that when you post a letter no-one's "stealing" your money. You are paying a small cost to create a system with less spam. There's not even a suggestion that you'd be doing work for Bill; the computation is intended as a proof of motive, no more, no less. If you're really that up-tight about your precious cycles, then you can continue to use a system overrun by Viagra spam. It's your choice.

Seven, the point is that spammers on the old system can be ignored because if someone is not providing proof-of-motive, then they are likely to be a spammer. Obviously this assumption can only be made when most of the world is using the new system. So what you do is have a system which accepts both, but encourage people to filter out what doesn't have a proof with it, and check it for real email periodically. I don't see why you think that the spammers can spam just as much on the new system - the whole point is that the task of sending many emails becomes much harder due to the increased overheads.

Tentacle Monster, while this isn't yet a concrete proposal, my understanding is that the task is negotiated between the email endpoints in some manner, not that the sender says "oh, yeah, I did some work, honest". Task negotiation is obviously a major component of the system, and it's wrong to assume that it's left to the sender to make up a task. As for the trouble of verification:

And how do you propose that can be accomplished? Do you need every e-mail server to be able to check the "proof of computation" against whatever that needs to be computed? That would be idiocy if not lunacy.
I'm not aware of the precise technical details of the proposal, because I don't think they exist yet. However there are numerous problems which are non-trivial to solve but trivial to verify. For example, take the factorisation of large numbers. It's not easy to perform, but once the factors are obtained it's extremely easy to multiply them together to verify that they equal the original. I also don't know if every node needs to be able to check the computation, or who defines the task to be performed. Like I say, I'm not trying to argue that this is a marvellous technical solution, just that the mere mention of it shouldn't make everyone wet themselves with fear.

What on earth are you talking about? That's only one e-mail standard right now, that's how all these various servers can operate together.
Yes, one email standard, huge variety of email software. That's the entire point. Bill can not drag the entire world off an absolutely ubiquitous open standard by proposing a closed one, because of the vast variety of email infrastructure over which he has absolutely no control.

Seven, the point is that spammers on the old system can be ignored because if someone is not providing proof-of-motive, then they are likely to be a spammer. Obviously this assumption can only be made when most of the world is using the new system. So what you do is have a system which accepts both, but encourage people to filter out what doesn't have a proof with it, and check it for real email periodically. I don't see why you think that the spammers can spam just as much on the new system - the whole point is that the task of sending many emails becomes much harder due to the increased overheads.

Well,. considering we don't have a clue what the mechanics of the idea are at this point, I don't see a need to go too much into detail on speculations.

But, if the new system is sending a variation on the old system, and the client software and servers are just looking for a flagged field in the header, this method wouldn't last long. Massmail just creates a new client that automaticly flags the field as billion e-mail get sent out.

It's probably more like "I have more money than you can even conceive of, so I don't care if I look like a dork."

Which would be good, except that he always looked like a dork - Even among dorks.

No that there's anything wrong with that.

IDNHACSD (yet), but how will this keep backwards compatibility? I mean, I'm typing this reply on a very old Pentium III computer with roughly one tenth the computing power of my box at college. 100 seconds to send an email on this doesn't sound good to me, and that will only worsen as Moore's law marches onward. What kind of computation time / processor speed could we adopt to keep old fogies like this machine working while still keeping spammers from mass-mailing?

I think having email stamps is a bad idea, not least because it requires creating a new central bureau of some sort that collects postage and uses it for...what do they use it for? And what do we owe them, exactly?

I think the best solution I've heard (also proposed by Bill Gates, as far as I know, although I have no cite at the moment) is instead of having to buy postage to send emails, you would have to pay the recipient a small fee. However, as a recipient, you would be expected to send back any fees associated to legitimate emails, so it would cost nothing to send emails to your friends because they wouldn't make you pay. However, you would keep the fee paid to you for spam, so spammers sending millions of emails would quickly find their practice unmanageable.

Like the puzzle idea, that one doesn't require centralization, and I'm all for that. The puzzle idea doesn't seem too bad, but as people have brought up, there's a pretty large spread of processor speeds out there; it would be annoying or impossible to send emails from, say, a handheld or whatever. This would be okay if everyone using one of those had a fast "backup" computer they could access to solve the authentication puzzle, but that's far from ideal. Also this is a minor point, but although there are thousands of problems that seem nontrivial to solve but are trivial to verify, not one problem has actually been proved to have this property, so our belief in the validity of an authentication system based on such problems would would require some faith (unless someone were to come up with a proof!). Again, a very small point.

The advantage of puzzle-based authentication is that it probably wouldn't require as drastic a change as having to send payment with each email, but I think either one is preferable to doing nothing.

I'm all for paying on a per e-mail basis. I like the idea about paying the recipient. If you think about it, you would only need a penny per e-mail to have the intended effect of stopping mass spam in its tracks - I'd be happy to pay up to a nickel or more per message. On the business side, they are worth considerably more than that. On the personal side, you would have the option to refund payment. This could have even further reaching benefits - imagine message boards which were not free to post to - you would cut down considerably on the number of "me too" posts, leading to a higher quality of content. Legitimate business marketing via e-mail could still exist, but would be subject to the laws governing advertising by other methods - specifically, it would only be cost effective to market to a relevant audience, since you are paying for the privelege.

Just tell me where to sign up.

I'm not aware of the precise technical details of the proposal, because I don't think they exist yet. However there are numerous problems which are non-trivial to solve but trivial to verify. For example, take the factorisation of large numbers. It's not easy to perform, but once the factors are obtained it's extremely easy to multiply them together to verify that they equal the original.

It looks like the cure is worse than the disease. Sure, it is simple to do some multiplications for one message, but the work is in addition of everything else. Multiply the whole thing by a factor of a million (or more), and the overhead just completely stops the servers.


I also don't know if every node needs to be able to check the computation, or who defines the task to be performed.

You have to have every node do the computations, because each route is not a closed pipe. E-mail messages can be inserted at every point, and it is possible to hack into a server to upload tons of spam.


Yes, one email standard, huge variety of email software. That's the entire point. Bill can not drag the entire world off an absolutely ubiquitous open standard by proposing a closed one, because of the vast variety of email infrastructure over which he has absolutely no control.

Hm, to implement this idea, you need to get a new standard. Surely MIME wouldn't work. Since there is only one standard, MS can hijack it - or at least attempt to.

I think the best solution I've heard (also proposed by Bill Gates, as far as I know, although I have no cite at the moment) is instead of having to buy postage to send emails, you would have to pay the recipient a small fee. However, as a recipient, you would be expected to send back any fees associated to legitimate emails, so it would cost nothing to send emails to your friends because they wouldn't make you pay. However, you would keep the fee paid to you for spam, so spammers sending millions of emails would quickly find their practice unmanageable.

This is not going to work, either. You are assuming that spammers use their own servers, but they don't. They hijack other servers to do their work for them.

That doesn't mean it's not going to work; it's just an added incentive to have better security. It wouldn't even be a new problem; it's just another guise of Being Hacked. I guess it's not unheard of to be hacked, but when it's important not to be (for instance, when money is involved), people seem to manage all right by taking the appropriate precautions.

I actually don't know enough about the technical details of this hijacking business to state how to prevent it, but it seems absurd to me that it wouldn't be completely preventable by prudent design. If there were money involved, people would certainly be more careful about it. Actually, on reflection, I think a simple encryption scheme (e.g., RSA) could be used to make sure that the person sending the email matches the account being used to send it.

It looks like the cure is worse than the disease. Sure, it is simple to do some multiplications for one message, but the work is in addition of everything else. Multiply the whole thing by a factor of a million (or more), and the overhead just completely stops the servers.
Well, although we have no idea how this proposal scales, or how much load proportionally it will place on servers (remember that spam by some estimates constitutes a third of email traffic, so there's computational gains to be had as well), let's consider this. If true, then the system would have to be an end-to-end proposal and not something that relies on the nodes. It doesn't matter where email is inserted into the system; the email still needs to have a proof of computation if it is to be accepted by the client, which if properly designed will not be achievable without actually doing the computation. Certainly, this won't stop it actually being sent, but if the mail is never read then spammers will stop sending it; even spammers need margins.

E-mail messages can be inserted at every point, and it is possible to hack into a server to upload tons of spam.
I don't know if this is exactly what you mean, but you raise what is to my mind the crippler for this scheme; compromised PCs. If recent reports are true, and a large proportion of spam is now being sent by compromised home PCs, then why do spammers care what load they place on their hosts? Assuming they control sufficient desktops, they can send as much as before, complete with valid proofs, and Johnny Didntpatch will just wonder why his spanking new P4 is running like a dog. I don't particularly see any way around this, other than eliminating compromised machines, which is hardly a less difficult task than solving spam in the first place.

Hm, to implement this idea, you need to get a new standard. Surely MIME wouldn't work. Since there is only one standard, MS can hijack it - or at least attempt to.
Well, I just don't see how. It's clear to me how browser bundling worked, and how Office became the predominant work software, but I simply don't see how MS can force the entire world on to a closed system of their choosing without a concerted and vigorous act of mindblowing stupidity on the part of a) every other email vendor in the world and b) every user who presently doesn't use an MS client. It is very easy to say "MS will hijack X", but really, they don't have magical powers. Look at their notable failure to sew up the smartphone market, or the set-top-box market, or the games console market. In areas over which they have no obvious form of control, they are forced to win by supplying a superior product, and in all of the above examples, they have failed to date (Xbox maybe excluded). Like I say, not magic.

This could have even further reaching benefits - imagine message boards which were not free to post to - you would cut down considerably on the number of "me too" posts, leading to a higher quality of content. :(

Well, God knows how much I just luuuuuuvvvvv spammers :rolleyes: but this pay-per-email proposal sucks! I already pay for internet use each month, why should I have to pay extra to send emails? :mad: Somehow the idea of my hard-earned nickels and dimes going into Bill's pocket doesn't appeal much to me. Maybe the email stamp system could set up on an OPTIONAL basis, but my solution to spam has been the "delete" button.

Why should the individual, private, innocent emailers have to pay in time or money to fix a problem that they haven't contributed to (except by having an email address)?And therein is the rub.

We pay for the enterprises of criminals all the time. Higher prices, higher insurance premiums and time spent jumping through security hoops everywhere from airports to sporting events to office buildings, all of these tolls are taken on the average citizen because of those who abuse systems and trust and most importantly, their fellow man.

Anything that makes the regular folks do anything such as paying "postage" or giving up a processor cycle or identifying themselves as trustworthy to a third party, the onus for "cleaning up the spam problem" is put upon the entirely wrong people.

I should not have to do anything to make it harder for criminals in China and Russia -- or using servers there -- do not try to send me fake home mortgage offers so that they can steal my identity and sell it on the international criminal black market. I should not have to vett my children's e-mail (which I eventually will, no doubt) to be sure that some sick son of a bitch hasn't sent out an invitation for them to see the latest in teen beastiality with a few photographic "enticements" to sweeten the offer. My friends and colleagues shouldn't have to identify themselves to the satisfaction of some arbitrary system (at least one of which currently uses a system which is inaccessible to those with visual impairments) in order to reach me, nor I to them.

I have SpamAssasin running on my server. I automatically kill file e-mails before I ever seen them based upon their matches to some fairly stringent and frequently updated filters and/or the fact that they're addressed to compromised addresses on my domain. (The ones that people put up on websites before it became obvious that spambots would suck them up and then it was a done deal.) It's still more than I should have to do.

Not only should forging any portion of a header be a crime in every country in the world, running an open mail server ought to punishable with confiscation and massive fines. Then we might see some progress.

Not only should forging any portion of a header be a crime in every country in the world, running an open mail server ought to punishable with confiscation and massive fines. Then we might see some progress.

Define "open server". I can think of both objectionable and agreeable definitions to that.

Define "open server". I can think of both objectionable and agreeable definitions to that.
Well, in this context I think it's the open relays that allow spammers to ping out mail anonymously. Not really a good thing but I'd settle for them being disconnected until they sort themselves out. However, this (and more drastic measures like confiscation etc.) will never be enforceable since most of the spam I get comes from places like Korea and Mexico, neither of which seem to have particularly rigorous approaches to policing their networks. There's always going to be some network/ISP/country that won't play ball, so legislation seems to me to be doomed, unless the goal is merely to shift spam off-shore.

Anyway, for anyone still interested there's a very good summary of some infrastructural anti-spam options here (http://securityfocus.com/infocus/1766). As you can see, pretty much every potential solution has pros and cons. My personal preference is the cryptographic one, since multiple CAs would be forced to distinguish themselves in terms of the rigorousness with which they enforce their terms and conditions; CAs who certify spammers will rapidly and easily be blacklisted whilst those who go to the trouble of responding to behaviour complaints will gain a reputation and hence customers. Not only this, but ubiquitous certification would have a wide array of applications beyond spam prevention (not least virus avoidance, say). The worry that one CA will end up with too much power is probably the main concern, but if an open certification standard is used, this ought to be preventable. Incidentally, this is one area where we should be worried about Microsoft stealing a march. They've been slowly morphing their hotmail accounts into "passports" for some time now, and pushing the idea that they give you access to all sorts of services into the general consciousness. I certainly don't want MS holding a monopoly on certification; but then the same can be said of Verisign.