Re: Antispam strategies



Reading a book on antispam strategies, I wonder whether one effective
and practical way wouldn't be imposing certain fees for emails, e.g.
0.5 cent for an email to a single recipient, with the fees

0.5 cents might not be a lot to a middle class American, but much of
Africa lives off a dollar a day.

Even this tiny price is too high!

proportionally increasing with the number of simultaneous recipients
according to some exponential curve (with an asymptotic upper limit
to render emails with regular commercial purposes practical).

Who decides what the curve is? How you verify that someone paid the
toll? Who administers the system that you use to check the the toll?

One option would be to go down the certificate authority route.
However, I think we've sort of proved that big PKI doesn't really
work. Do I really _trust_ the 100 or so root certificates in my
browser?

I picked up an SSL certificate for one of my little projects for £8
from GoDaddy. How can you possibly run a competent validation process
for such a low price? The sad thing, Verisign are just as bad they
just charge 20x as much.

The situation got so bad they made Extended Validation certificates to
mitigate some of these issues. However, there will be a race to the
bottom on those certificates too. Give it ten years and I'll be able
to pick up a Extended Validation certificate for £4.50 and they'll be
10,000 certificate authorities in my browser.

And of course, if you went down that route it only takes one "Mailing
Authority" to hand a signature to a spammer and we're back to square
one.

The money
collected could be given to e.g. UNICEF.


This is probably the wrongest part of your post. What if I don't agree
with your charity?

People in Palestine might want the money to go the Hamas!

The most credible solution to this problem is hash cash [1]. Under
that model everyone can set their own hash cash rules and it doesn't
require everyone, everywhere to adopt the system over night.

Cheers,

Simon

[1] - http://www.hashcash.org/
.