On Sat, 5 Jul 2025, bzs@theworld.com wrote:
It's a fine paper but it has one problem which is it sets up a strawman: It proposes a particular architecture for e-postage (ok, granted, more than one, but similar) and proceeds to knock it down.
1. Professional spammers send O(1B) msgs per day per each.
In the aggregate, sure, but there are plenty of spammers who send a lot less than that. The B2B spam I get from throwaway accounts at large mail providers is probably only 1000 or less at a time since that's all you can send that way. I do not think there is one master criminal with a million throwaway Gmail accounts.
3. We only need to increase the costs to the sort of people who send O(1B) messages per day to introduce some sanity into the system.
Beyond the fact that the underlying assumption is wrong, that's extremely unlikely to work unless you envision a world where you have to show ID and get a license to send mail. It is certainly true that a large flow of mail from an unfamilar place is suspicious, so spammers have lots of ways of making their stuff look like lots of little flows. It even has a name, snowshoe spamming. At this point I get a whole lot of mail from Salesforce and Sendgrid. I would love to block them but unfortunately they also send a lot of mail my users want, so I have to do hacks that try to recognize the customer and let through the less bad ones. It is painfully clear that they have made business decisions not to spend enough money on abuse management to clean this up. The mail gets through, why should they? Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly