On Sat, Aug 16, 2025 at 4:10 PM John R. Levine via NANOG < nanog@lists.nanog.org> wrote:
On Sat, 16 Aug 2025, bzs@theworld.com wrote:
"Electronic postage stamps" are one possible approach and might become the general term for whatever resource management is adopted.
But as a phrase it's too limiting and evokes certain counter-arguments as people stand up straw men and knock them down just based on those three words.
It's a great idea if you wave away all of the practical questions like who's going to issue the postage, who's going to collect it, who's going to pay for the infrastructure to do the checking, and who's going to settle the claims when a crook breaks into your ISP and sends $10,000 worth of spam using your stamps.
My preferred solution is a mandatory button in each e-mail message that administers a small electric shock to the sender. Each individual shock would be no big deal but when thousands of people hit the button the cumulative effect would be painful or for big time spammers, fatal. It's sort of like the old Bonded Sender idea but with electricity. I have no idea how to implement that either, but people who claim it can't work are just opposed to creative, innovative ideas.
"Electronic Postage Stamps" conjures up visions of a centralized Post Office type entity that issues postage. I think we should take a cue from cryptocurrencies, and have a "proof of stake" type of challenge for email messages sent out. The recipient machine doesn't accept a message until the sender has demonstrated they have put some skin in the game as well. I avoid the term "proof of work", because I'd like it to be broader than simply "please jump through these mathematical calculations for me" -- imagine a combination of either proof you've accepted a certain number of email messages from me (a tit-for-tat type of proof of skin in the game, where the sender can pass along a cryptographic hash of message-IDs that it accepted for its users from the domain to which it is now trying to send a message), or a recaptcha type "do some work for the good of the internet first, and then I'll accept your message" computational challenge. The idea would be to have a distributed challenge, one in which each connection between servers brings with it a "prove to me you bring value to the email ecosystem" from the receiver to the sender. For "white hat" types of sites, it should be easy to show that they accept mail for their users from the domain to which they are now sending a message. For sites which have not yet received any mail, the challenge might be to classify the contents of three images sent back from the receiving server to the sender. Or even just hold the connection open for three minutes, and make the sender wait on the connection for three minutes before the message will be accepted. Once a site has started to receive inbound mail, it can use the faster "here's a hash of message-IDs I've accepted from you in the past X time interval, please accept this new message from me", so the 3 minute cooldown would only be used for suspicious sites that haven't received email previously. This is completely off-the-cuff, and clearly needs much smarter people than me to turn it into something more workable; but the idea is to have a distributed "proof of stake" model, where senders have either shown that they are also participants in the global back-and-forth flow of email messages, and have a reason to work towards the improvement of the overall system, or that they are willing to hold a connection open for a long period of time to get their message accepted, because it really is that meaningful for their user. That way, the determination doesn't require any centralized "Post Office" type entity that everyone trusts, and it could be rolled out on an incremental basis. A receiving site can request proof-of-stake validation from the sender; if it has no idea what that is, the receiver can treat it as an unknown site, and put it in the three minute penalty box. Senders would have an incentive then to update their software to be able to answer the request for proof-of-stake with a valid answer, to reduce the wait times on their outbound message queues. For spammers, who don't accept mail, and have no good way to answer a proof-of-stake request, it puts a throttle on how many messages they can send out at a time, drastically reducing (but not eliminating) the spam volume they can send out. In short; I think John's right, but I also don't think Barry's entirely wrong either. ^_^; Thanks! Matt