On July 5, 2025 at 20:59 johnl@iecc.com (John R. Levine) wrote:
It's a fine paper but it has one problem which is it sets up a strawman: It proposes a particular architecture for e-postage (ok, granted, more than one, but similar) and proceeds to knock it down. 1. Professional spammers send O(1B) msgs per day per each. I assume they need to send roughly that many to be economically viable. So if one could limit them significantly one hopes their endeavors become economically unviable and they disappear from the face of the earth. The big point is that we're in a statistical space, not an engineering space where a solution has to be mathematically perfect or nearly perfect to be acceptable. Like marketing in general, which is basically what most spam is (I'd call phishing a perverse form of marketing), it relies on statistical modeling. Sending a billion spam messages might yield .01% success rate which is roughly true of any mass marketing. Unfortunately we've made it essentially free. Internet behemoths (Google, Facebook, et al) make literally trillions per year selling marketing, but we give it away free. That's a problem. 2. Unfortunately the thundering "spam" hoofsteps we hear also include an increasing amount of "ham". Why not? It's free! Some of it one can block, some one can partially opt out of, but some you can't, practically. Block your utility company from sending you several promos per day and you also won't see your bills or actually important notices about outages etc, for example. What's their motivation to help you manage that? Not much. I know I seem to get sometimes dozens of such ham msgs per day, complete a survey! call before you dig! we're having a sale! new product! etc etc etc. That tide is rising as their marcom people are figuring out the fantastic leverage they have. 3. We only need to increase the costs to the sort of people who send O(1B) messages per day to introduce some sanity into the system. So, to explain my strawman comment, it's like a pruning problem in a chess program: You don't have to compute every single move, that would be computationally prohibitive as you detail. Only compute the moves likely to be productive. For example give everyone the ability to send, for argument's sake, 100,000 msgs/day free. Maybe 1M/day. Spammers can't live with that sort of limit. Neither of course can many "legitimate" bulk senders so there has to be some way to buy more. I know, but how? Without trying to architect the whole thing in this mail message that does open some more realistic possibilities by pruning the problem space significantly. And even if there's leakage, so what? That might offend some people's sense of fair play but if the net result is it puts the big spammers out of business we won, no? A big utility company or bank, for example, might be able to budget $100K/month for their overages, but I doubt the typical spammer can even come close to that. Many are probably what we used to call chicken-boners* on Usenet which meant losers sitting up to their knees in KFC chicken bones in a double-wide somewhere happy if they can get a coupla hundred bucks for a spam campaign. And the income generated could go towards enforcement. I realize there's this net culture that wants to see an algorithmic, preferably involving cryptography, solution to every problem but with money other means of enforcement become possible. And where jurisdictions won't cooperate, oh well, no more chicken bones for them! etc. It's a big conversation and this is way too long already but I think it calls for a sea change in thinking. That is, think in terms of the actual problem and what would put the actual miscreants out of commission rather than some utopian ideal. * https://www.netlingo.com/word/chicken-boner.php -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*