Re: Antispam strategies



Reading a book on antispam strategies, I wonder whether one effective
and practical way wouldn't be imposing certain fees for emails, e.g.
0.5 cent for an email to a single recipient, with the fees

0.5 cents might not be a lot to a middle class American, but much of
Africa lives off a dollar a day.

Even this tiny price is too high!

proportionally increasing with the number of simultaneous recipients
according to some exponential curve (with an asymptotic upper limit
to render emails with regular commercial purposes practical).

Who decides what the curve is? How you verify that someone paid the
toll? Who administers the system that you use to check the the toll?

One option would be to go down the certificate authority route.
However, I think we've sort of proved that big PKI doesn't really
work. Do I really _trust_ the 100 or so root certificates in my
browser?

I picked up an SSL certificate for one of my little projects for £8
from GoDaddy. How can you possibly run a competent validation process
for such a low price? The sad thing, Verisign are just as bad they
just charge 20x as much.

The situation got so bad they made Extended Validation certificates to
mitigate some of these issues. However, there will be a race to the
bottom on those certificates too. Give it ten years and I'll be able
to pick up a Extended Validation certificate for £4.50 and they'll be
10,000 certificate authorities in my browser.

And of course, if you went down that route it only takes one "Mailing
Authority" to hand a signature to a spammer and we're back to square
one.

The money
collected could be given to e.g. UNICEF.


This is probably the wrongest part of your post. What if I don't agree
with your charity?

People in Palestine might want the money to go the Hamas!

The most credible solution to this problem is hash cash [1]. Under
that model everyone can set their own hash cash rules and it doesn't
require everyone, everywhere to adopt the system over night.

Cheers,

Simon

[1] - http://www.hashcash.org/
.



Relevant Pages

  • Re: OWA + Loading ...
    ... To get rid of that security alert, you need to add the certificate to you ... > within the corp. network which is great news. ... > complete with emails and no loading... ...
    (microsoft.public.exchange2000.general)
  • Security Failure: Data Decryption Error (Error: 2020)
    ... I have been running Entourage X on panther for quite some time. ... Strange thing about it retrieves emails fine on the 1st run after ... The email account I'm accessing is using SSL. ... suspect there's an issue with this particular certificate and how IE's ...
    (microsoft.public.mac.office.entourage)
  • Re: Your digital ID name cannot be found by the underlying security system
    ... I just received an email from Verisign providing a "digital id ... Uninstall the personal certificate you have now. ... and whether or not it has the private key. ... Because I could not send digitally signed emails ...
    (microsoft.public.outlook)
  • RE: Harassment by SSL Provider?
    ... That may be correct, Tim, but does it justify 2-3 emails a day to ... Doesn't sound like they put a lot of 'thawte' into it. ... > The certificate in question runs out soon, ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • (USA) Some States Are Raising Their Fees For Vital Records
    ... Several states have announced they recently raised or will be raising their vital records fees. ... death, marriage, divorce), heirloom birth and marriage certificate fees, ... certificate of birth resulting in stillbirth fee, affidavit of paternity, ...
    (soc.genealogy.jewish)