Spam is annoying, but I doubt this would work, and I don’t think I should be asked to pay money because other people are doing something wrong.
I’m ready to pay as soon as I get the $25 million from that Nigerian widow who I’ve been corresponding with.
Because they’d charge senders. If they charged recipients, no one would buy their services.
You raise a valid point; there are some downright evil email farming operations out there. However, I would like to note that merely opening an email doesn’t send out a signal to the spammer that you’re a real person, no matter what files the email contains (and that goes for viruses too!). But you’re right, sometimes an email address will fall into the wrong hands. It is partly for this reason that I have multiple email addresses, and I use them in different ways. I have one address that I will use if I need to enter an email address on a website that is not run by a large, established corporation (such as Amazon). I have a school address (I’m a grad student) that I use for almost everything else, and I have a gmail address that I share only with family and my closest friends for personal communication only. They have no reason to use it for anything else, and I trust them to not give it out indiscriminately online.
Between that stratification process and spam filters, I might see two pieces of spam in as many weeks in my real addresses, and that would be a lot. Of course, the throwaway address is full of it, but it doesn’t matter because there’s very rarely anything real there.
I’ve heard a suggestion that instead of a fee, every time you send an e-mail your computer has to perform some distributed computing-type task. (Think SETI@home.) A single e-mail probably wouldn’t even be noticed, a big legit e-mail list might require a minute or two of chugging along in the background, but a spammer’s megalist would require so much PC muscle that it couldn’t possibly be profitable.
>I don’t think I should be asked to pay money because other people are doing something wrong.
Gee, I kinda feel safer knowing we pay for police and jails.
Huge point which has been underlooked. How are you going to charge the normal emailer from Britain? Or Latvia? Or wherever?
This would require all SMTP servers and email clients to be upgraded at once to support the new protocol. That won’t happen. So the new protocol will still need to support older clients without the authentication/math routine/special token/etc to prevent complete breakage of email. And spammers will continue to use the older protocol, the new protocol won’t be enforced, and the status quo will continue. Plus we want to use less power, not add compute-intensive tasks to common operations.
SMTP is a co-operative agreement that allows anyone to send an email to anyone else with no prior knowledge apart from their email address. And it works. Any solution that attempts to deal with spam has to follow this model. Requiring authentication between mail servers requires an administrative overhead (setting up all the login details) that is just too great (there are millions of domains). There is no central email backbone or authority. Emails have a client generated header (for good reasons), so they can lie about their details. And clients can connect directly to recipient servers to send messages.
So how can spam be stopped?
Closing open relays: an SMTP server should only accept external email addressed to internal recipients, and not reroute arbitrary external emails to external addresses without authentication. In the old unreliable internet days, mail servers could be used to queue and route messages to unavailable or indirectly connected hosts. Spammers realised they could use this routing behaviour to handle their forged emails, and steal others resources to send messages. In the modern point to point, always on internet, this routing behaviour is not needed. Open SMTP relays should be closed, or added to blocklists until they are closed. If a user needs to send an email via SMTP on a remote server (say a company SMTP server from a home internet connection), they should be using a VPN or authenticated SMTP, which a spammer cannot use.
SMTP validation: an SMTP server should be able to verify if a sending client matches the details in the header. A reverse DNS lookup should indicate that the connecting client trying to send a message from abc@hotmail.com is actually on an ISP residential subnet, and is forged. More comprehensive host validation solutions include Sender Policy Framework, or DomainKeys. These suffer from implementation uptake issues.
Network Edge Filtering: An organisation should be responsible for the traffic they put on the internet. If an client within the network wishes to send SMTP traffic, it should pass via the organisation SMTP server (with appropriate authentication). ISPs should be enforcing this. This means they can identify (from SMTP logs) client PCs generating large amounts of SMTP traffic, probably as a result of botnet infection. Valid hosted domains and servers can be given appropriate pass-through rights. Dynamically hosted domains on ISP networks may need to use external authenticated SMTP routing servers. This is a small inconvenience, and easy to achieve technically.
Blocklists: If SMTP servers can be identified as providing resources for spammers, they can be identified and blocked. There are a number of blocklist schemes that SMTP administrators can utilize to reduce traffic from spam sources. ISPs and host providers that harbour spammers (profiting from spam) can also be identified and blocked. While some legitimate traffic may be impacted by overzealous and indiscriminate blocking, it is hoped that pressure on the ISPs will destroy the spammers ability to get network resources. These resources also cost the spammers significant money.
This is the combination of tools and strategies that can be used to reduce spam, without destroying the nature of email completely. All these measures are required to some extent, but they each can act in isolation with a measure of success. If all were implemented, spammers would have a considerably more difficult task.
Pursuing spammers and those who profit from their work is much harder - identifying those responsible for the spam and tying them to the person who profits from the spam is almost impossible. It is all very shadowy, and a deliberate attempt to profit via spam is indistinguishable from a malicious attempt to smear a reputable company.
Si
How do you prove that an email is paid email? beowulff and si_blakely have it.