[170460] in North American Network Operators' Group
Re: why IPv6 isn't ready for prime time, SMTP edition
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Mar 27 15:21:10 2014
From: Owen DeLong <owen@delong.com>
In-Reply-To: <21300.27326.575281.57423@world.std.com>
Date: Thu, 27 Mar 2014 12:14:23 -0700
To: Barry Shein <bzs@world.std.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 27, 2014, at 11:15 AM, Barry Shein <bzs@world.std.com> wrote:
>=20
> On March 26, 2014 at 22:25 owen@delong.com (Owen DeLong) wrote:
>>=20
>> Actually, a variant on that that might be acceptable=85 Make =
e-postage a deposit-based thing. If the recipient has previously =
white-listed you or marks your particular message as =93desired=94, then =
you get your postage back. If not, then your postage is put into the =
recipients e-postage account to offset the cost of their emails.
>>=20
>> Thoughts?
>=20
> It's a fine idea but too complicated.
>=20
> Look, the (paper) post office doesn't say "oh, you WANTED that mail,
> ok, then we'll return the cost of postage to the sender!"
>=20
> Why? Because if they did that people would game the system, THEY'D
> SPAM!
How would they benefit from that?
SPAM =97 Pay, say $0.10/message.
Then Claim you wanted the SPAM, get your $0.10/message back for each =
SPAM you sent to yourself.
Or, claim you didn=92t want the SPAM and get $0.05/message for each =
message you received while the
original provider keeps the other $0.05.
> And it would take way too much bookkeeping and fraud identification =
etc.
Please explain in detail where the fraud potential comes in.
By my interpretation, you=92d have to somehow get more back than you =
deposited (not really possible) in order to profit from sending SPAM =
this way.
> Let's take a deep breath and re-examine the assumptions:
>=20
> Full scale spammers send on the order of one billion msgs per day.
>=20
> Which means if I gave your account 1M free msgs/day and could
> reasonably assure that you can't set up 1,000 such accts then you
> could not operate as a spammer.
Not sure how you enforce these user account requirements or how you =
avoid duplicative accounts.
> Who can't operate with 1M msgs/day?
>=20
> Well, maybe Amazon or similar.
>=20
> But as I said earlier MAYBE THEY SHOULD PAY ALSO!
I, for one, don=92t want my Amazon prices increased by a pseudo-tax on =
the fact that they do a large volume of email communications with their =
customers. They have enough problems trying to get IPv6 deployed without =
adding this to their list of problems.
> We really need to get over the moral component of spam content (and
> senders' intentions) and see it for what it is: A free ride anyone
> would take if available.
I disagree. I see it as a form of theft of service that only immoral =
thieves would take if available.
> Ok, a million free per acct might be too high but whatever, we can all
> go into committee and do studies and determine what the right number
> should be.
>=20
> I'd tend towards some sort of sliding scale myself, 100K/day free,
> 1M/day for $1, 10M/day for $100, 100M/day for $10K, etc. Something =
like
> that.
>=20
> Why would it work?
>=20
> Because that's how human society works.
>=20
> People who are willing to pay their $10K/mo will demand something be
> done about freeloaders, enforcement has to be part of the cost
> overhead.
But who charges these fees and how do they enforce those charges against =
miscreants that are sending from stolen hosts, bots, fraudulent IP =
addresses, etc.?
> And it'd create an economy for hunting down miscreants.
So you=92ve got a set of thieves who are stealing services to send vast =
volumes of email and you want to solve that problem by charging them =
more for those services that they are stealing (and, by the way, also =
charging some legitimate users as well).
My guess is that the spammers are going to keep stealing and the people =
now being taxed for something that used to be free are going to object.
> P.S. And in my vision accepting only email with valid e-postage would
> be voluntary though I suppose that might be "voluntary" at the
> provider level. For example someone like gmail at some point (of
> successful implementation of this scheme) might decide to just block
> invalid e-postage because hey your gmail acct is free! Let someone
> else sell you rules you prefer like controlling acceptance of invalid
> e-postage yourself.
Well, here we get a hint at how you envision this working. There are =
lots of details that need to be solved in the implementation of such a =
scheme and I think the devil is prevalent among them.
Owen
