Yahoo Revives Pay-Per-Email, With Charitable Twist 287
holy_calamity writes "Yahoo research have started a private beta of a scheme that resurrects the idea of charging people to send email to cut spam. Centmail users pay $0.01 for each message they send, with the money going to a charity of their choice. The hope is that the feel good effect of donating to charity will reduce the perceived cost of paying for mail and encourage mass adoption, making it possible for mail filters to build in recognition of Centmail stamps."
How Exactly Does This Fight Spam? (Score:5, Interesting)
Do Good. Fight Spam.
So it sounds like an 'opt-in' program for doing otherwise would be suicide by a mail provider. And since it's opt-in, I highly doubt the spammers will be doing the opting. So unless your penny is going to an anti-spam organization, how are you fighting Spam?
Also, I'm not too clear on how this would work. Wouldn't it require a certificate-like central authentication server? And wouldn't this increase in traffic just exacerbate the situation of too much traffic? Especially if all Spam starts to come with fake 'stamps.'
Re:How Exactly Does This Fight Spam? (Score:4, Interesting)
Re: (Score:3, Insightful)
Oh right, the only foolproof way is to rely on HUMANS.
You must manage an IT dept or something, I take it?
Re:(almost) spam-free (Score:2)
Nah. There are several strategies unused. I'd like to start by not getting any foreign email. (I did accept some French spam on humor's sake, but any other language, forget it.)
Spellcheck. 80% of spam has beautifully awful spelling.
Re: (Score:2, Funny)
Spellcheck. 80% of spam has beautifully awful spelling.
Which leaves about 95% of legitimate email with beautifully awful spelling
Re:How Exactly Does This Fight Spam? (Score:5, Insightful)
In theory, great. In practice, I predict it spiraling out of control as different parties try to "get in on the action" and see a chance to turn a profit instead of just giving the money to charity.
Re:How Exactly Does This Fight Spam? (Score:5, Insightful)
It's essentially a way to guarantee to recipients of my email that it is not spam.
Also, when customers with zombiefied computers get a six figure bill from their ISP, maybe they'll spend a few bucks to get their system cleaned up and secured, which benefits everyone.
Re:How Exactly Does This Fight Spam? (Score:4, Insightful)
Re: (Score:2, Informative)
Except that SSL was never intended as a way of establishing identity, even though it is a feature of it. Its purpose is and always has been a means of encrypting communication. As your valid reasons indicate, anyone using it to identify is absolutely peanuts.
Re:How Exactly Does This Fight Spam? (Score:4, Informative)
Re: (Score:2)
1) Encryption without identification is like locking your message in an unbreakable safe then handing the key to the first stranger you see along with the box and asking him to give it to your friend Bob.
2) SSL is full of TONS of complicated shit related to authentication but not encryption. Its purpose is both, or it is poorly designed. Perhaps both.
Re: (Score:3, Insightful)
SSL is a flawed system that was built on pure greed.
Why should I have to pay someone just so Firefox will not chase my users away.
SSL is nothing more than extortion and it has stopped encryption from becoming standard.
Re: (Score:2)
If the average corporate worker sends 20 emails a day and copies 3 people on each, and works for a company that has 1,000 employees, that's 60,000 emails per day, or about $150k per year. Tha
Re: (Score:2)
Re:How Exactly Does This Fight Spam? (Score:4, Insightful)
Re: (Score:3, Interesting)
Re: (Score:2)
Wanna bet?
If I was a spammer and this system was a way to get past spam filters, sure as hell I'd find every compromised box with an account on it and relay a few million messages straight through the yahoo mailserver.
Re:How Exactly Does This Fight Spam? (Score:4, Insightful)
The idea is that a Centmail signature attached to a message would automatically reduce the message's spam likelihood; if enough people adopt Centmail, then receivers would be increasingly able to require a Centmail signature on mail, and killfile mail that lacks such a signature. In theory, great. In practice, I predict it spiraling out of control as different parties try to "get in on the action" and see a chance to turn a profit instead of just giving the money to charity.
Besides, this doesn't address the ultimate cause (or depending on viewpoint, the ultimate enabler) of spam. Spam exists for one reason and one reason only: someone, somewhere is willing to buy from spammers or otherwise to give them money. Any solution which doesn't address that has entirely failed to learn why Prohibition didn't stop people from drinking or why the War on Drugs hasn't made illicit substances go away. It doesn't matter how sophisticated or underhanded the spammers are, if no one gives them money anymore they WILL go out of business. This is probably a matter of education, though it's possible that credit card companies could be part of the solution since many of these transactions could not occur without their services.
Re:How Exactly Does This Fight Spam? (Score:5, Insightful)
Spam exists for one reason and one reason only: someone, somewhere is willing to buy from spammers or otherwise to give them money.
I recently read a theory that challenged the (afaict, completely factless, unproven) idea that the advertisers make money off of spam. It's P. T. Barnum's "There's a sucker born every minute", as seen in get-rich-quick schemes, applied to spam.
You have two parties - advertiser, and spammer. Advertiser pays spammer $10k to send a million spams. Spammer sends those million spams. The advertiser sits around, counting his imaginary sales. But nobody shows up. A couple of days pass, he sells $1k of stuff, and is $9k in the hole due to his spamming efforts. Does he spam again? Quite possibly not.
But who learned from that? Only that individual advertiser. Even if each advertiser never makes money, as long as there is another sucker in line, there will be no end to spam.
There's nothing I've seen that indicates the individual advertisers make good money off of spam. The spammers, sure. But they're just taking money from one sucker after another.
Re: (Score:2)
Continuing the analogy to various forms of prohibition, look at cigarette smokers. Cigarettes have remained legal yet the number of people who choose to smoke has steadily and significantly declined since the mid 20th century. Why? Because the dangers of using them have been thoroughly publicised and have
Re:How Exactly Does This Fight Spam? (Score:5, Insightful)
Problem is this: if you blindly trust Centmail, then it'll be worth it for spammers to pay to send email. Don't believe it? Check your physical mailbox.
Re:How Exactly Does This Fight Spam? (Score:4, Funny)
mail come in physical form?
Re: (Score:2)
In theory, great. In practice, I predict it spiraling out of control as different parties try to "get in on the action" and see a chance to turn a profit instead of just giving the money to charity.
Well to me, the bigger problem is that if everyone did adopt this (which is what would need to happen in order for it to really stop spam) and no one else was "in on the action", then we'd essentially have centralized control over email. Scary.
On the other hand, if anyone can get "in on the action" and use their own signature, then I'm not sure how paying for email helps. Spammers would just get their own signatures, and the system wouldn't be any better than if everyone signed their email.
I do think ev
Re: (Score:3, Interesting)
I predict it spiraling out of control as different parties try to "get in on the action" and see a chance to turn a profit instead of just giving the money to charity.
Yahoo is betting on that. The steps they'll take:
Re: (Score:2)
Just like that haiku idea that was tried a few years back, which rapidly became a near 100% reliable spam sign as it was too easy to forge.
Re: (Score:2)
Re: (Score:2)
And so spammers will simply attach a Centmail signature to their messages. Cut-n-paste is still free.
Re: (Score:2)
The spam-fighting method is to build a sufficient number of email accounts that work that way and start black-listing every email that does NOT work that way and/or is not on your contact list. Not that hard to do.
Re:How Exactly Does This Fight Spam? (Score:4, Informative)
The spam-fighting method is to build a sufficient number of email accounts that work that way and start black-listing every email that does NOT work that way and/or is not on your contact list. Not that hard to do.
Yeah, maybe you can afford to send new customers to /dev/null, but I sure can't.
Re: (Score:3, Interesting)
So it sounds like an 'opt-in' program for doing otherwise would be suicide by a mail provider
I read this with alarm; I have a yahoo (actuallt rocketmail) account and I use it for slashdot. If this becomes popular I can see yahoo charging for all their mail services.
Re: (Score:3, Insightful)
If this becomes popular I can see yahoo charging for all their mail services.
Don't worry. It won't become popular.
Re: (Score:3, Funny)
Re: (Score:2)
Not as much as you'd think. Apparently once you get up to a certain amount of Karma level you get 15 mod points at a time to play with. Ironically enough, posting anon to prevent from undoing moderation. I'm not the troll-modder though. I swear. -dyingtolive
My karma is "Excellent" and has been for a long time now. I've never, ever seen more than five mod points at a time. Please explain this discrepency.
Re: (Score:2, Insightful)
Re:How Exactly Does This Fight Spam? (Score:4, Interesting)
And also this will create problems with students/poor people who while they can afford the "stamps" might not have a credit card to buy them. And finally, this is unethical because the cost of a single message is -far- less than one cent, similar to how US carriers charge 10 cents or more per text message when it costs them nothing to send.
Re:How Exactly Does This Fight Spam? (Score:4, Insightful)
That's my main problem with it. The "logic" seems to go like this: "well, we couldn't come up with a way to make spammers pay, so instead we'll try to make everyone else pay to prove they're not a spammer." I can't support that.
Re: (Score:2)
And of course, it won't actually affect the spammers in the slightest. In fact, they'll be laughing their asses of at it.
Sure sending an email costs a cent. Why, I guess the spammer will have to pay for all of those emails he sends from his home comp- oh, wait... we forgot about the MILLIONS OF BOTNET COMPUTERS that send the spam, not the spammer's home computer.
So now he's not only still sending spam, but he's ruining the financial records of millions of individuals. Profit AND entertainment. Hell, this
Re: (Score:2)
Similarly, the day after this becomes widespread the linux kernel mailing list would have to declare itself bankcrupt. It wouldn't surprise me at all if that shifts a million emails a day.
Re: (Score:2, Funny)
Ohh... someone like Yahoo will do that for us. Got it. Just pay my monthly dues or licensing fees and then a low $.01 per email and it's all good. Glad this is such a humanitarian effort aimed at cleaning up our interwebs and not a huge cock-up out for profit, because
Re: (Score:3, Insightful)
I have never understood the concept. Forget for a moment that spammers don't follow the rules, and generally work pretty hard to circumvent anti-spam measures, how are we all going to implement and maintain good measures on the receiving end? Ohh... someone like Yahoo will do that for us. Got it. Just pay my monthly dues or licensing fees and then a low $.01 per email and it's all good. Glad this is such a humanitarian effort aimed at cleaning up our interwebs and not a huge cock-up out for profit, because then it would just be unethical...
Also, why should I have to pay a new fee of any sort merely because someone else wants to send spam? The whole problem with spam is that everyone but the spammer has to bear its costs. This only increases the costs that all the rest of us have to bear because of spam. For that reason the ethics of this solution are already questionable despite its presumably good intentions.
Re: (Score:3, Insightful)
Well, you see, the best way to make it work is to make the "charity" a special fund. The biggest spammers are only a few hundred peopl
Re: (Score:2)
The whole problem with spam is that everyone but the spammer has to bear its costs. This only increases the costs that all the rest of us have to bear because of spam.
The point is that once Centmail gets off of the ground, spammers will have a choice--bear the costs of sending millions of messages per day (eating into their bottom line) or accepting the rejection/increased spam classification of not having Centmail-signed messages. This means that the ultimate goal will either increase the cost to spammers, or effectively eliminate spam. Unfortunately, the short-term effects are not as useful, and you end up with people thinking that it only adds a cost to legitimate m
Re: (Score:3, Insightful)
Or the third option, they alter their botnets to sniff out centmail registered users and send the spam through that.. 80 year old grannies suddenly get hit with $100,000 email bills and lots of bad publicity ensues.
You're forgetting that most spammers do *not* send email. They have botnets for that.. and the botnets are just naive Windows users. Much as I like the concept of taxing people for not securing their computers it's not exactly fair.
Re: (Score:2)
Re: (Score:3, Insightful)
I thought a lot of spam came through zombie / infected computers. So, it's just going to be other people who pay for it anyways.
Re: (Score:2)
Once they get hit with that bill, they'll clean up their computers. Multiple positive effects here.
Re: (Score:2)
Theyre not going to register with centmail. Heck, theyre just running a little program that is connecting to smtp servers. That sidesteps all of this.
Re: (Score:2)
YHBT
$10 for guaranteed delivery to 1,000 users? (Score:5, Interesting)
Re:$10 for guaranteed delivery to 1,000 users? (Score:5, Insightful)
Re: (Score:2)
I bet that a pretty big chunk of those filters relies on people pressing the "report spam" button. It'd be really nice if Google would offer a spam-checking service so that non-Gmail users could check messages against Google's spam corpus.
Re: (Score:2)
Re: (Score:2)
But greatly reduces the likelihood the spam will reach the potential "costumer" and therefore it's profits, making "spamming" a less attractive business.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
Re:$10 for guaranteed delivery to 1,000 users? (Score:5, Insightful)
Well, the best part for the spammers is when they don't pay the 10$ because the owners of the zombie PCs do... This objection was raised years ago already for other "payment" schemes like for instance the computation payment (you do a computation that takes a lot of CPU to sign the message. So you "paid" for your stamp).
It does not sound like a very well thought plan. Maybe the idea is that people will be more careful not to get pwned?
Re: (Score:3, Insightful)
"when they don't pay the 10$ because the owners of the zombie PCs do.."
Gives them one more to give a fuck about security does it not?
Re: (Score:2)
And the problem with that? maybe ISPs will actually start giving a damn when it comes down to spam.
Re:$10 for guaranteed delivery to 1,000 users? (Score:5, Insightful)
From the paper, section 3.2 http://centmail.net/centmail.pdf [centmail.net] :
A related scenario is when a user attempts to reuse a single legitimately obtained stamp to validate a single message sent to thousands of people. This is in fact considered to be acceptable behavior from the perspective of CentMail, similar to the use of blind carbon copy (bcc) for emails.
That sounds like exactly what spammers do - send the same message to thousands of people. So, really, that's $10 for delivery of 1,000 unique messages to unlimited millions of recipients. Good deal!
Re: (Score:2)
Wow. So what this does is *encourage* spam, but yahoo get a cut of the profits.
Re: (Score:2)
what about pwned accounts? (Score:4, Insightful)
How will this discourage spam if the spammers are just using pwned accounts?
Gosh. (Score:5, Interesting)
I assume, because of this problem, that they'll either be billing you when your tab reaches some worthwhile value, and trusting you in the meantime, or forcing you to buy in large blocks ahead of time(which would be super annoying, goodwill or no).
How stupid.... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3, Insightful)
Someone probably misapplied the Troll mod for "Shill". The guy sounded a bit like a shill for GMail, don't you think? Either that or a genuine noob: "...Gmail has been so good I really haven't used any other mail provider". Jeez, he's NEVER used ANY ISP e-mail account? I find that rather hard to swallow, unless he's really fresh off the boat. So yeah, if I were modding his post I'd be inclined to mod it something other than favorably myself. He's just not that believable.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
I've used GMail since its inception. To this day I still despise its MANDATORY antispam system, which continues to vex me with false positives that I'm hard-pressed to find in the deluge of actual spam in the Spam "folder".
This is compounded by the well-known bug in GMail that causes the system to ignore periods in addresses when it is delivering mail... in other words, any mail addressed to blahblahblah@gmail.com winds up being delivered to blah.blah.blah@gmail.com instead (perhaps only if there's no actu
Oh well (Score:5, Funny)
Your post advocates a
( ) technical ( ) legislative ( ) market-based ( ) vigilante (x) charitable
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( X ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re: (Score:3)
Well I knew that was only a matter of time. Anybody know the actual origin of the template above? Always wondered about that.....
Re: (Score:2)
Re:Oh well (Score:4, Informative)
Re: (Score:3, Interesting)
( ) Spammers pass all your Turing Tests
or something like that.
Re: (Score:2)
Summary for the tl;dr crowd: x xx x xx xx x xx x x x x xxx
Re: (Score:3, Informative)
Re:Oh well (Score:5, Insightful)
1) An increase in use of Centmail points could be flagged as suspicious
2) If a user gets hacked, he just ends up donating more money to charity
Which is wonderful and all, but doesn't really solve the problem.
3) Hackers are more likely to be interested in other aspects of the user's computer
Spammers have demonstrably took over swathes of Windows machines exclusively to send out spam. Even if they didn't, centmail offers the chance to send a mail that is practically verified as genuine, which is very rare, and worth hacking a computer for.
Re: (Score:2, Insightful)
Missed a few:
(x) Many email users cannot afford to lose business or alienate potential employers.
(x) Joe jobs and/or identity theft.
(x) Countermeasures must work if phased in gradually.
(x) Feel-good measures do nothing to solve the problem.
Cost TOO MUCH! (Score:2, Flamebait)
Re:Cost TOO MUCH! (Score:5, Funny)
I'd rather it was $1 per email. That might cut down on all those forwarded chain emails my relatives keep sending me.
Re: (Score:3, Insightful)
Re: (Score:2)
Call Me Crazy, But I Would Participate (Score:2)
If I could use any email client, I would participate in this.
I mean, why not? I give money to charity anyway. What difference does it make to me if I go through "Centmail" or any other intermediary, as long as "Centmail" doesn't charge a fee?
around we go (Score:3, Interesting)
Either the authentication traffic kills us, or the spammers clone any sort of component embedded in email to lend credibility. If you can fake an email as spam, you can fake a stamp.
If Centmail stamps are auto-verified, then either an API must authenticate the key and authorize the action - which is a lot of traffic - at a single server/authority, or we disperse it. With dispersal, possibly for abuse goes up, and then we have new keys arriving which means more traffic. We of course can't use keys per mail, but perhaps per-sender. This is still a huge number of keys to be managed.
Filters work as a form of decentralized authentication, where the proper "key" is passing the filter, which is slowly morphing from user feedback. This seems to me to degrade over time, as the filters cannot change quick enough, still weighing-in prior exclusions while accepting new ones. There's a fair amount of noise to ignore while people mark email they don't like as SPAM and similarities are extracted.
Blacklists and Whitelists are just filters with a central authority, but open to more abuse and too coarse-grained to remove much, as spammers hop or spoof origins quickly.
Overall, I don't feel like bolt-on public systems can categorize the messages other than how we're doing it today. If we had a re-do on email, it might involve some encryption for senders, certificate stamps, and a trust level of pathways and a distributed authorization system with feedback to violators. But we're a long ways off from that.
This has all been discussed for years.
Okay, I'll play this game. (Score:5, Interesting)
Re: (Score:2)
Re: (Score:3, Insightful)
Cute, but wouldn't work.
Any unclaimed amounts would be confiscated as unclaimed property. The "owners" would then need to try to claim it from the government. (yes, they really do this.) As this would be a net income, they would love you. (not sure if it's the IRS or the State, but someone would pocket it for you.)
time to delivery not longer that important (Score:2)
Email is already used to deliver messages that have lower immediacy expectations than IM or Cellular. Authentication may slow down delivery even further, but this usage pattern is putting email behind-the-times on the technology ladder.
Right now it's still good for mixed-media and longer messages, but mostly its a holdover from an earlier era. Eventually, users will simply a document and then share it with a target audience, not actually clone content to inboxes.
Re: (Score:2)
Re: (Score:2)
>I don't mind the death of email.
The business world would. Maybe in your little social circle of IM and twitter addicts you can do without email, but not in the real world where money exchanges hands. Guess which world hires all the email admins?
Please forward this (Score:5, Funny)
This message is to raise money for a litte girl with cancer.
Every time someone forwards this email it's tracked, and AOL, Microsoft, Yahoo, and Disney will donate $0.01.
The more people you forward to, the more money we can raise! So please...look into your heart and just take a few seconds to forward this message to everyone in your address book.
If you choose to be a meany, and not forward this email, you will die in 5 years, and so will everyone in your family.
Something's missing (Score:2)
Wow, that's really amazing. Neither the article nor the actual CentMail website has a single shred of technical information on how this will actually be implemented. I'm sure it has something to do with the evil bit.
Does Yahoo declare itself guilty for SPAM? (Score:2)
And if Yahoo is not guilty for all the SPAM, then that move would work only if all free email services would follow.
And then you would need to force all ISPs to block TCP port 25.
And only then, maybe, you would be starting limiting the amount of spam!
nt (Score:2)
I'll have my email fees donated to BigSpamCompany, my employer.
Nice in theory but this is too easy to get around.
ok (Score:2)
you pay one cent for the privilege of Y! adding a their cryptographic signature to your message. filters everywhere learn that the aforementioned mail is less likely to be spam.
sounds like a worthy experiment to me.
Finally (Score:2)
After all this time of me saying this from previous posts, I always said that pay per email no matter how small the cost, would atleast
let most people know their infected machines are spewing out mail...and that enabling SMTP by default is not a good thing.
So for those not able to understand what this means, it means look forward to your ISP sending you a bill next time you have a virus and are too cheap to take care of the problem.
You spend on the emails or on the maintenance of your machine...and 5million
Instead of a charity... (Score:3, Interesting)
Instead of sending the 1c to a charity, why not send it to the receiver? I receive some x number of mail's per day and send y , but the number is small and the x-y is even smaller. However for the spammer x is probably similar, where y is 8+ orders of magnitude higher resulting in a financial disincentive to spam. Commercial email is incentivized to reduce its mailing lists and target more accurately, yet is not significantly punished for its high output to input ratio.
Re:Forged headers? (Score:4, Insightful)
The real issue is that it will not remain charitable for long. If it becomes popular, rival for-profit services will start cropping up, and we will wind up with a situation similar to SSL, where there are dozens of different authorities competing with each other, some with different levels of trustworthiness, some charging different amounts, etc.
Re: (Score:2)
I'd like to see the US Government try to tax me.. they can swivel for it.