Selling Your Attention to Spammers 307
Dotnaught writes "Can the free market stop spam where technology has failed? As described in InformationWeek, Professor Marshall Van Alstyne of Boston University School of Management has co-authored a soon-to-be-published paper that proposes an "attention bond" -- money put up by email senders that recipients collect only if they consider the message a waste of time. Supposedly, this market-based filter performs better than a perfect technology-based solution, with no false positives or negatives. A company called Vanquish already has a working model. Is selling one's attention the answer to spam?"
Automated Spam Response (Score:4, Funny)
(*) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:Automated Spam Response (Score:2, Informative)
Wait... the article's
... against your
A "Sorry dude, but I don't think you were reading" is definitely in order.
Re:Automated Spam Response (Score:3, Insightful)
Re:Automated Spam Response (Score:3, Informative)
From the article:
Imposing a cost on spammers isn't exactly unheard of. Return Path Inc. uses financial bonds to improve message delivery and deter spamming. The difference is where the money goes. If a parti
Re:Automated Spam Response (Score:5, Funny)
So it performs better than perfect? How does that work?
Re:Automated Spam Response (Score:4, Funny)
Re:Automated Spam Response (Score:2)
Re:Automated Spam Response (Score:2, Insightful)
Re:Automated Spam Response (Score:5, Funny)
Re:Automated Spam Response (Score:2)
Dupes aren't so bad. Because believe it or not, not everyone has the time to read every article that appears on /. every day for months on end, and read every visible comment in every thread.
At least, that's what I heard.
Re:Automated Spam Response (Score:5, Informative)
Your post advocates a
( ) technical ( ) legislative (*) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(*) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
( ) Jurisdictional problems
(*) Unpopularity of weird new taxes
(*) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(*) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(*) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(*) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(*) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:Automated Spam Response (Score:3, Funny)
Re:Automated Spam Response (Score:3, Insightful)
Either way has anyone noticed that this list seems to have changed over the years. I swear it has, I'll have to go find some achieves of old versions.
Re:Automated Spam Response (Score:4, Interesting)
"Mailing lists and other legitimate email uses would be affected"
Under this plan, I could just subscribe to a bunch of mailing lists and get paid (by mailing list admin) for declaring the emails as spam.
RTFA - You're incorrect too. Here's why (Score:4, Insightful)
() Lack of centrally controlling authority for email
-- it doesn't appear to use this - it appears to be recipient's-end charging, which can be deployed in a decentralized manner
() Open relays in foreign countries
-- those don't matter here - if they sender doesn't pay, the recipient doesn't read it, and relays only make it harder to pay.
(*) Mailing lists and other legitimate email uses would be affected
-- you correctly marked "whitelists suck", which is part of why it's hard to implement this one correctly.
(*) Users of email will not put up with it
-- this is the big problem with TMDA, hashcash, and many similar systems
(*) Many email users cannot afford to lose business or alienate potential employers
-- you missed this one too. See previous.
() Requires too much cooperation from spammers
-- not a problem. This one requires cooperation from non-spammers.
() Unpopularity of weird new taxes
-- unless I grossly misread the article, this doesn't apply here - the sender pays the recipient or recipient's ISP, not some third party.
(*) Public reluctance to accept weird new forms of money
-- Yup. Either you need weird new money or old-fashioned real money, and the latter is usually too expensive per transaction.
(??) Armies of worm riddled broadband-connected Windows boxes
-- Maybe. If enough people start using this, and there's a convenient mail-sender interface so senders don't need to pay attention very often, then worms will start to abuse it. Otherwise they won't care, and the five people who still use it will have whitelisted each other.
() Dishonesty on the part of spammers themselves
-- Doesn't hurt the recipient, who sets the price high enough that he's willing to read an occasional Nigerian Herbal Fake Vi***a ad and keep their $5 just to annoy them. This proposal suffers from dishonest recipients, who convince legitimate that they should be willing to pay the money to get the recipient's attention. It's a serious enough problem that it can even lead to "Make Money Fast By Reading Email At Home" spammers inviting you to become a recipient
() Why should we have to trust you and your servers?
-- Because you want me to read your mail. Don't care? Don't send money, and I'll ignore you. If I'm a sufficiently interesting public figure, like Rush Limbaugh or Daily Kos or the Editor of the New York Times or Britney Spears, maybe you'll pay to get my attention. Alternatively, maybe the fact that I'm charging for my attention will make you think I'm some over-inflated ego who's not worth the effort, and my 15 minutes of fame will time out faster.
(*) Sorry dude, but I don't think it would work.
-- My conclusions's a bit more positive than yours
Re:Automated Spam Response (Score:3, Informative)
Haven't I heard this idea before? (Score:2, Informative)
Re: (Score:2)
Re:Haven't I heard this idea before? (Score:2)
How is this a solution again? (Score:4, Insightful)
I must be missing something...it seems like the same tactics spammers use to evade law enforcement today could be used to evade the imposition of this "attention bond mechanism".
Re:How is this a solution again? (Score:3, Insightful)
To answer your question, the reason spammers can't hide from this is that they have to pay money to send messages via this mechanism.
In the limit case, you can choose to receive messages ONLY from people who send mail this way. Even your friends would pay money to send you email, but since you'd mark all of their messages as "worthwhile" it wouldn't cost them anything.
You'd get no spam, but you'd los
Re:How is this a solution again? (Score:3, Informative)
Old news... (Score:3, Funny)
money put up by email senders that recipients collect only if they consider the message a waste of time
I get that already, it's called "my salary".
Can they really afford my time? (Score:5, Interesting)
They can afford me! (Score:3, Funny)
A rhetorical question (Score:2, Insightful)
Re:A rhetorical question (Score:2)
Re:A rhetorical question (Score:4, Funny)
I bill four digits an hour while reading Slashdot.
Unfortunately, there's a decimal point involved....
^_^
Re:Can they really afford my time? (Score:2, Insightful)
An attention market would even be useful in a non-commercial context. An executive like Bill Gates could price access to his inbox to reflect the value of his time. And those who had legitimate reasons to correspond with Microsoft's chairman could rest easy, knowing that he wouldn't cash in the substantial bond required to get his attention.
In other words, the more you make per hour, the less spam you will recieve - in the true nature of the new corporate owned and controlled Internet(t
Ironically, Bill Gates proposed this very scheme.. (Score:4, Informative)
Walt
It comes from way before Gates. (Score:3, Interesting)
And don't forget... (Score:2)
Sounds dumb (Score:3, Interesting)
Re:Sounds dumb (Score:2, Informative)
When your friends send you email or when you join mailinglists you can of course whitelist them; and if a friend sends you a stamped email you don't have to collect.
The system makes some sense; but it's too complicated. The right answer to stop spam is to not give your email address to spammers.
Re:Sounds dumb (Score:2)
tax? (Score:2, Insightful)
Sounds like a fancy way of taxing the internet...
Re:tax? (Score:2)
Car insurance, for instance, is really just a bond. Government can't prohibit your right to travel, so they use liability to require a bond that is effectively a tax.
Looks like freedom of speech is going the same way. You put up a bond to be able to talk. If you say something people don't like, you lose money. If they make the bond high enough, normal people will have to lease their bonds through insurance companies, e
The one big problem... (Score:3, Insightful)
The other thing that can happend is that it is so hard to cash out this money, that noone will bother, since it'll be likely to take twice the time of hitting delete, or the sum has to be big enough to be worth the hassle ($1?) which agains brings us to the first point, people will cash out on every email.
Re:The one big problem... (Score:2)
Human Greed... (Score:3, Insightful)
Re:Human Greed... (Score:2)
Yet another misguided solution (Score:5, Insightful)
It's similar to the argument that gun rights advocates make - stricter gun control laws or programs will hurt legitimate owners, but the real problems will still lie with the criminals who don't abide by those laws anyway.
Crack down on spammers. Make spam outright illegal and make penalties for ISPs that fail to comply.
Re:Yet another misguided solution (Score:2)
Re:Yet another misguided solution (Score:2)
I still think the best solution overall is to starve spammers - don't ever respond to unsolicited emails, even if it's a really great deal.
Re:Yet another misguided solution (Score:2)
I don't think that makes it a bad idea. I mean, maybe you want to warn ISPs first in order to give them a chance to rectify things, or maybe you want to make it easy for them to get access again when they do cut off the spam, but the GP is right, there isn't much in the way of legal action you can take to shut down foreign spammers. If it hurts legitimate businesses, hopefully those businesse
Re:Yet another misguided solution (Score:2)
Moreover... while the gun owners just want their toys, spammers and advertisers in general want you. 'Coca-cola' would be writ large on your windshield ...except that you'd crash before reaching the mini-mart.
Different financial cost (Score:4, Insightful)
Third world countries will find that sort of money a huge barrier to entry for sending email.
Similarly this will be open to google ad type exploitation. People will set up email addresses and sign up to all sorts of solicited and unsolicited email just to collect the cash. Again for people in poorer countries this might be a practical job.
Re:Different financial cost (Score:2)
it'd be inconsequential to me to put up 10c to send each message
Good for you. I run a few mailing lists, some of which have thousands of members. A 10c charge is most certainly *not* inconsequential. Up with that I would not put.
Besides which, I must have missed the part where it was explained how spammers would be forced to play along with the system. Another system that only keeps the honest people honest. File under bee one en.
Re:Different financial cost (Score:2)
So if someone claims your message as spam, you can be informed, you can remove their address from your list and get off without paying.
But that's now a new way to abuse the system.
Also spammers can put up bonds with stolen credit cards...
Perfect (Score:2)
We would need someone to police this system, and that someone would need legal power in every country from which email is sent. No one has such legal authority. And we're back at square one...
Should be a money-maker (Score:4, Interesting)
Re:Should be a money-maker (Score:4, Insightful)
RTFA. The premise is that once you mark an address as spam, the sender will no longer send you messages because it's against his economic interest to pay you again. Therefore, you only receive payment once per mailing list, which will be too small to make it a feasible source of income.
Unfortunately, this system will only work if you only allow incoming mail from a server that supports it. This reduces the whole setup to a glorified whitelist, and dooms it to failure. Spam can't be stopped because the current infrastructure allows spammers to send mail without reprimand, and no alternative will work until the current infrastructure is still in place.
Re:Should be a money-maker (Score:3, Interesting)
Re:Should be a money-maker (Score:3, Insightful)
I did reread his comment, before posting, and I read it to mean receiving multiple messages from one list. I thought he might have meant what you said too, but I was sure he meant what I addressed. Hence the clarification.
But for what it's worth, the alternative that you tried to explain doesn't work either. What exactly makes you think that you're only on the receiving end of this system? If I ran a mailing list, I would make damn sure that you can only sign up for it using email, and not through a web
Re:Should be a money-maker (Score:2)
Not again... (Score:2)
It's a simple concept really... the only solution that will be accepted is one which requires the masses to do nothing different than what they do now. People will not change their ways, even if it meant a spam-free environment. When it comes to computers, most users are lucky to remember one way to do t
typical of economics (Score:3, Funny)
Re:typical of economics (Score:2, Insightful)
Let's try it out on Slashdot (Score:5, Funny)
Re:Let's try it out on Slashdot (Score:5, Funny)
Why not just make them pay? (Score:3, Insightful)
This is pretty basic stuff. The problem with spam is that spammers are continually finding ways to pay nothing to advertise. If one person in a thousand replies to a message you paid nothing for and sends you $50, you've made almost double the profits vs. if you had to pay 2 cents per recipient. That's always going to be an attractive market for people with useless crap to sell, because the real rate of return on crap might be considerably less than one in a thousand.
This plan gives people the warm fuzzies because it sounds like each individual will be able to profit from unwanted advertising, but in reality it would never work that way. On the other hand, you'd get the same "punitive" effect on spammers if you just found a way to force them to pay to send spam.
Re:Why not just make them pay? (Score:3, Insightful)
But should I have to pay to send you an e-mail you just asked for (i.e., "I forgot my password")? Or should my brother's e-mail of a link to pictures of my niece's birthday party cost him money to send? And, who's collecting? The point is that you'll be unable to make the distinction between commercial and private messages. It's not the same as buying an ad in the yellow pages.
Re:Why not just make them pay? (Score:2)
The problem, of course, with any kind of law about spam is enforcing it. A law that doesn't get enforced is
Re:Why not just make them pay? (Score:2)
But I've built systems for my customers that send out 10-20,000 messages at a time, and each one is substantially different (different subject, altered body, different reply-to). Totally legit, completely solicited by the recipients, but definately marketing-related and sales driven (invitations to an event sent to all the members of a trade association, for example, o
Possible way to cash in... (Score:2)
Re:Possible way to cash in... (Score:4, Funny)
Great...three people managed to post this bright idea before me.
Last time I answer the phone at work!
YAPTSMS (Score:2)
These show up on /. like clockwork. They all have the same problem: unless everyone uses them, they hurt the ones who do more than the ones who don't (network effect).
Go ahead -- demand a bond before you accept mail. Yes, you won't get any spam. You also won't hear from Hotmail, GMail, Yahoo, or your (ex-) customers.
All of these schemes depend on every government on Earth legislating them into existence, simultaneously, and somehow miraculously not adding enough
Lots of Problems (Score:2)
And how do you handle international transactions?
I think I'd need to be able to specify a lower or higher cost to specific individuals as well
What is it with the money-for-email idea? (Score:5, Insightful)
But what amazes me is that like clockwork, somebody will publish an article on this "great new idea" for dealing with spam, several times a year it seems. They have clearly read none of the spam literature, nor done a search. And on top of that, journals and magazines also think it's new and publish the items, even slashdot publishes them.
What gives?
Ah! (Score:4, Insightful)
Professor Marshall Van Alstyne of Boston University School of Management
That pretty much explains it.
What about this idea? (Score:2)
Re:What about this idea? (Score:2)
Or maybe it would already help if you just copnosider the following questions:
* Who's the spammer? And how do you find out?
* Where's the spammer? And how will an US law affect him?
* And what if the spammer truthfully writes "Your e-mail address foo@bar.xy was obtained from a list of e-mail addresses bought from an e-mail address trader"?
Re:What about this idea? (Score:2)
Let the system break down (Score:2)
2) Angry lynch mobs wielding torches and pitchforks will take care of the rest.
3) Rebuild a spam-proof email infrastructure.
Re:Let the system break down (Score:2, Funny)
PDF of paper available online (Score:2, Informative)
$.02 (Score:2)
The problem with spam is weak enforcement (Score:5, Interesting)
The US Federal Trade Commission says that over 80% of spam involves some violation of Federal law. Not just the CAN-SPAM act, but mail fraud, false advertising, money laundering, computer crime, drug counterfeiting, and racketeering. There should be no problem filing charges.
If we had an FBI director who made this a priority, most spam could be eliminated in a year. Just divert some of the FBI Baltimore people who do child pornography [fbi.gov], who are already experienced at tracking people on the Internet, off that job and onto tracking down the major spam operators.
In a sense, CAN-SPAM has been effective. Spamming by even vaguely legitimate companies is down. Almost all spamming now involves felony criminal activity of one kind or another.
Re:The problem with spam is weak enforcement (Score:5, Interesting)
why does the casual observer allow objectivity and reasonable thought to fall by the wayside when dealing with the very things that require them the most?
I was a sexual abuse victim when I was young, and I dont see whats so bad about the parent post. Child pornography department just fills in the vacant slot or two and the experts train the newbies. Thats how it should be done
There doesn't seem to be much motivation to put that kind of knowledge on spam enforcement, but I think the parent poster is right: why isn't there? Obviously spam isn't nearly as bad as child pornography, but judging by some of the porn sites they advertise via unsolicited spam, the industries certainly intertwine. Its not like a potential victim becomes a stupid slut who made her own decision to sell her body the second she goes from non-legal to legal age. I've seen enough stuff in my lifetime to know that claiming you're a consentual adult isn't exactly 100% true if somebody is pulling your strings.
This has already been done (Score:3, Informative)
Identity Theft 2.0 (Score:2)
Fraud Potential (Score:2, Interesting)
What's to stop me from biting the cost of a large mailing, collecting all those notices, and reselling them to other spammers as a list of verified active addresses? My customers could use the lists in a country not on board with the idea, since this will require legislation to enact (which is a problem too obvious t
Robert Heinlein invented this (Score:5, Informative)
Robert Heinlein in one of his stories required that telephone callers post a bond before the hero would answer the phone. If the hero agreed that the phone call was worth it, he'd reverse the charges.
On selling eyeballs... (Score:2)
My email address is un-obfuscated for a rea
Final Ultimate Solution to the Spam Problem (Score:3, Interesting)
Right.
People flag list traffic for which they subscribed as spam all the time. What is so special about putting up a financial bond that will cause people not to flag mail they requested in March as spam in May, or accidently marking mail from aunt Mildred as spam. I just don't see it.
This fails every test of an anti-spam proposal I can think of, including the most important: It doesn't stop spam.
--OgWe've already covered this - attention bonds fail (Score:2, Informative)
* Creates opportunity for traffic monitoring by people we'd rather not have doing that
* Creates money trail alongside email trail, making legitimate anonymity almost impossible
* Makes trolling a profitable business model
* Participants who are poor, or not allowed to form legally binding contracts (such as children) can't have email anymore
* If only applied to email, moves the spam problem to other media without solving it
* Creates obligation
Right direction, but I want more control (Score:2)
That said, the ultimate system I want would involve auctions for my time. I would specify how much advertising I'm willing to see, say 15 minutes worth per day. I would provide some personal information to a
Why is it so difficult to stop spam? (Score:2)
USER user
PASSWORD password
AUTHENTICATE user@emaildomain.com
Before the SMTP server responds to the authenticate, it contacts emaildomain.com (as part of version + 1 protocol) and inquires about the sender user. From there, several interesting thing can happen. The server at emaildomain.com can do an email name query cache to determine if a user is being used abnormally. Hundreds, thousands of hits per second, e
Re:Why is it so difficult to stop spam? (Score:3, Insightful)
Not to mention privacy issues...would I want an ex-boyfriend/girlfriend with a grudge being able to query this info on mass etc etc
Also most spam-ware has it's own SMTP engine and sends direct to the MX address (or secondary is quite popular too).
Forget it... (Score:2)
I have better things to do with my time than click through a pile of crap in my E-mail. Outlaw spamming, period, no matter how much the asshats at the DMA [the-dma.org] may scream about it (they screamed about the Do-Not-Call list as well, if I recall). It would be easy enough to do simply by extending the reach of the existing Junk FAX law. [cornell.edu]
In
The answer tp the spam problem is... (Score:3, Insightful)
If we educate the users/unwashed masses(what every you want to call them) that BUYING from the SPAMMERS is A BAD IDEA(TM) and only makes the problem worse, the users might not buy cheap tobacco/blue pills/radio controlled cars/fake rolexes from the adverts.
Would the small minority please stop supporting this crud, then maybe I wouldn't stop one week fighting trojans nd the next fight the spam they've started spawning (Sober.o/p and sober.q).
The Only Solution (Score:3, Interesting)
SMTP is an outdated, insecure protocol which is ill-suited to modern email.
We need to replace it with a protocol which is authenticated at both ends. A friend and I came up with the following; which although not perfect and probably subject to a few tweaks is a step in the right direction.
J Random Hacker/Company/Joe Sixpack leases a domain name from J Random Registrar. Let's call it jrh.com
That registrar provides a private key and a public key pair based on the domain name.
The CMTP (or Complex Mail Transport Protocol - I made that up) server on jrh.com wants to send an email to target.com. It signs the outgoing message with the private key (ie puts a hash in the header - and you could base it on time and date or other arbitrary data to make sure there's no forgery) and then connects to target.com. target.com then asks jrh.com's registrar for jrh.com's public key (either that or it's propagated over DNS). If the pair match up, the email is accepted. If not it's dropped at the door. No questions asked.
During the phase in period, SMTP traffic could be configured for a 15 minute delay on each target server, whereas CMTP traffic is dealt with immediately. I compare it to how Telnet was slowly phased out in favour of its more secure replacement, SSH.
So, if a spam zombie Windows box is spewing out SMTP traffic in a CMTP world, most servers would drop it at the door. The spammers can't go to CMTP because:
1) They can't use a private key they made up because it's checked against the public key held at the registrar.
2) If they use the private key of a domain they hold (ie install it as part of the worm infection) when people get even 1 spam from them (yes 1 spam - it would be that unusual) the server just ignores mail sent with that signature.
The solution works because the motivation would be there for companies to prevent spam on their networks. As soon as they switch to CMTP, they get no spam over it. And eventually they will get no SMTP email at all. Just as nobody uses Telnet anymore, SMTP will die out if replaced with something better. You can make all the laws you like but at the end of the day, the SPAM solution is a technical one.
Re:The Only Solution (Score:3, Informative)
If you get spam from user1@gmail.com you most likely won't block the whole gmail.com domain, just user1. If you get spam from abcdef-1032@uber-leet-viagra.com, you'll want to block the whole domain.
If honest Joe Bloggs mail client can send email via his ISP, so can any malware installed on his PC. So what happens when you start getting 1000's of emails from [randomuser]@gmail.com. You can't block the whole domain without impacting legitimate mail. You can block each of the aliase
Your idea is so 1996 (Score:3, Insightful)
Bill Gates put this idea in The Road Ahead back in 1996. Basically, in order to send an unsolicited message, you have to attach some e-cash to it. If it's just a message from some long lost friend presumably you won't actually redeem the attached e-cash.
Anyway, like a million other ideas about solving spam, it'd work if you could just convince everyone in the world to adopt it. Convincing everyone in the world to switch over to the new system is left as an exercise for the reader.
I am an open proxy, ban me!!! (Score:3, Funny)
(I hope I didn't just sign a death-wish for my karma...)
I'm game (Score:3, Funny)
Re:pay-click ads (Score:2)
Re:No, this will not work. (Score:2)
Re:brilliant, but complicated (Score:4, Insightful)
Overly complex, ineffective, and useless.
Who collects and distributes these (micro)payments?
Who enforces that the mailserver supports this?
In the event of someone getting zombied, who is liable? Especially in the event that the zombied box is fully patched.
How does a 13 year old from a dirt poor country send an email from the shared village PC to a uni professor in London or NYC? Where is his escrow acct?
What about anon email accts? How is my bank/paypal/whatever tied to that? (Not that I want it that way)
How does a free, but popular mailing list afford the escrow acct needed to cover new recipients?
There are a host of other problems that we haven't even begun to consider.
Re:Obligatory (Score:3, Insightful)
Spammers aren't going to pay money. Spammers profit by stealing resources. It's a tremendous leap of faith to assume that any significant percentage of spammers would buy into such a boneheaded idea, but then again, coming from a college professor (who likely has very little real world business experience), it's not surprising.