Monday, October 13, 2003
Gold from the Captain's Chest
Last night I was reading to my six-year old boy, Franklin, from Treasure Island. He had seen Treasure Planet, then the 1950 Disney live-action Treasure Island and then he wanted me to read the book to him. We were up to Chapter Four, The Sea-Chest, right after Captain Billy Bones dies and Jim and his mother try to get help from the nearby village to fend off Blind Pew and his mates, who are going to return at ten o'clock for the Captain.
Franklin has a tremendous vocabulary for a six year-old, but the Nineteenth Century language is a bit tough. Even I have to guess at some words: gully? lugger? So I stop every page or so to make sure that he's understood what's gone before. We were just about this paragraph, where Jim's mother declares her determination to get the money from the Captain's chest that he owed her for unpaid room and board:
They say cowardice is infectious; but then argument is, on the other hand, a great emboldener; and so when each had said his say, my mother made them a speech. She would not, she declared, lose money that belonged to her fatherless boy; "If none of the rest of you dare," she said, "Jim and I dare. Back we will go, the way we came, and small thanks to you big, hulking, chicken- hearted men. We'll have that chest open, if we die for it. And I'll thank you for that bag, Mrs. Crossley, to bring back our lawful money in."So I'm explaining about infectious and emboldener when Franklin asks "Did the Captain swallow the gold pieces?"
"Huh??? What do you mean swallow..." I say, perplexed.
Franklin: "Well how did the gold get into his chest?"
At this point I almost fell to the floor laughing!
Transition to Authenticated E-mailTim Bray proposes having people pay 1 cent per email. It's not much, but it would make some many non-profit email lists unworkable. Most other proposals like this charge only for the first email from an unknown sender, and usually a lot more than one cent. This does require the recipient (perhaps at the ISP level) to keep track of who is already authorized to send free mail.
There are actually quite a few workable schemes for preventing spam. Tim Bray is right that any system where sending is both free and anonymous will always be open to spam, but it's not necessary to charge on a per-message basis. One system that is beta-testing right now is Bonded Sender. With this system, the owner of an outgoing mail-sending server puts up money to guarantee that his system won't be sending spam (on the order of $1000 per server, with $500/year renewal). There's a contract that specifies what is spam and a third-party arbitrator for handling disputes. Existing mail-filtering software can easily check the BondedSender status via the DNS system, as they generally already check the DNS status of senders.
There are a couple of drawbacks to this. First, the IP verification won't work with dynamically-assigned addresses. Second, some smaller email senders may not want to spend as much as $1000 on this. Third, it doesn't help you if your ISP is not participating. All of these can be overcome by using a paid relayer, as Tim Bray suggests. It would be up to the relayer to determine how to prevent abuse of its own system.
Other systems work by verifying a digital signature and certificate of the sender, either on a per-message basis (S/MIME or PGP) or on a per connection-basis (using SMTP over TLS). This doesn't require a static IP address to verify identity.
Although it may seem complex and even chaotic, more than one mechanism will exist to prevent spam, even in the long-term. For a variety of legal, political, and financial reasons, no one solution will please everyone. We need to have some sort of meta-email system for allowing these to co-exist effectively.
What I propose is that an independent group be established which will provide a framework for interoperability. What needs to be done?
- A description of anti-spam policies. For example, Tim Bray's
proposed SMTP4ALL charges $.01 per message. Or FirstClassEmail may
charge $1 per message. BondedSender contractually forbids spam and
requires a cash bond up front, as well as identity verification.
There are a lot of possible policies. It should be up to the recipient to specify what policy is acceptable, but there needs to be a concise list so that the decision can be coded in a program.
- There also needs to be a way for the recipient to find the policy. For certificate-based systems, the policy can be encoded directly into the certificate, but the exact syntax needs to be defined. For other systems, something else needs to be devised.
- A way to describe the properties of an individual sender or message. It may be part of the sender's anti-spam policy that unsolicited mailings are allowed, but that each mail will be labeled with what type of mail it is, e.g. commercial, personal, political, charitable soliciting, etc. Similarly, a system such as Hotmail may want to label each user as to whether they are a verified, paying customer, or an anonymous, free customer.
- Some sort of meta-enforcement scheme. There needs to be a way of
knowing if SMTP4ALL is really charging $.01 per message or if it's
letting spammers send through at 1/1000 of that price. Is a CA
shirking its duties?
We don't want the chaos of the current RBL system. This is not something that should be checked on each message. This meta-enforcement system won't vouch for hundreds of thousands or millions of individual mail servers, but only for (hopefully) a few dozen parties that are responsible for enforcement.
In addition, we need a way to transition to authenticated email. I have proposed that each recipient use a challenge-response system (such as TMDA, but a prepaid system like SMTP4ALL could also serve in that role.
kenhirsch at myself dot com