Pay Per Send--Friction in the Frictionless World of E-Mail
We continue to suffer from the onslaught of unsolicited e-mail. Heuristic SPAM
filters are getting better. The arms race between mass e-mailers and anti-spammers
marches on. Today 56 percent of all e-mail is SPAM, according to Brightmail.
Is our life better by virtue of this expression of First Amendment rights to
communicate? According to the Pew Internet and American Life poll, 70 percent
of e-mail users complain that SPAM makes our online experience unpleasant.
Economics is stacked against us. Sending 1,000 e-mail messages costs no more
to the sender than sending 10. How do we increase the cost to the sender of
e-mail messages that are bombarding your mailbox?
Ask Bill Gates. At the World Economic Forum in Davos, Switzerland, Mr. Gates
predicted that SPAM would not be a problem in two years. The basis of his optimism
is electronic postage. A small startup company called Goodmail has patented
a form of electronic postage. The goal is to make sending mass e-mailings cost
something to the sender, finally add a numerator to the cost/benefit ratio of
mass e-mailing.
Goodmail’s system requires senders of mass e-mailings to affix an electronic
stamp on their messages. ISPs inspect messages flowing through their systems
bound for their customers and pass e-mail with Goodmail’s e-stamp. The
e-mail is passed only after the ISP decrypts the stamp (an encrypted ID number)
and sends it back to Goodmail for verification. If verification is received,
the message is passed along by the ISP to the end user. If the e-mail d'esn’t
have a valid stamp it’s routed to the bit bucket. End users can subscribe
to mailing lists from which they wish to receive mail. The Goodmail e-stamp
guarantees that the wanted mail arrives.
Large ISPs like Yahoo! are looking carefully at electronic stamp systems.
They see them as potential alternatives that shield their subscribers from the
unwanted barrage of e-junk. More attractive still is that the revenue generated
from the sale of e-stamps would be passed along to the ISP, minus a small surcharge
by the e-stamp company. Mass e-mailers pay whether the end user reads the e-mail
or not, but e-stamps are franked only if they are correctly decrypted, validated,
and the message delivered. The days of freely distributed mass e-mailings may
be numbered if this model for regulating e-mail traffic gains ground.
Where’s the rub? First, it could work better than expected. Mass e-mailers
may well be willing to pay for the privilege of sending their precious SPAM
to you. The end result: large, well-heeled mass e-mailers could dominate the
e-mail landscape.
Second, there are many mass mailers who are not spammers, strictly speaking.
Faculty and students who run their own listservs are doing mass mailings to
their subscribers. Some of these lists are large. Either these individuals will
be required to pay for e-stamps to send their digests to their subscribers,
or some mechanism to exclude certain classes of mass e-mailers will have to
be devised. Alternately, a technological solution must be devised to identify
different categories of mass e-mailers. This is a nontrivial problem.
A technique of many spammers is to spoof e-mail addresses for the return-to
field, putting in legitimate addresses in their place. Preventing spammers from
doing this lets users gain confidence that an e-mail coming from AOL, for example,
is really from that ISP. The example is not randomly chosen.
AOL is indeed looking at a new Request for Comments (RFC) called “Sender
Permitted From” developed by the Internet Research Task Force (IRTF).
This implements the opposite of the MX records used by domain name servers to
identify the machines that receive mail for the domain. These “reverse
MX” records tell the world which machines send mail from the domain.
So what happens? A spammer sends you mail and forges Hotmail as the return
address. You check Hotmail for an Sender Permitted Form (SPF) record and on
finding it you follow the instructions provided there to determine if the IP
address of the sender really belongs to Hotmail. You execute the command provided
in the SPF record to look up the e-mail addresses of Hotmail users and check
the hostname to see if it is hotmail.com— if it is, it’s legit,
if not it’s a forgery.
Like most changes in basic services such as e-mail, the result of pursuing
any of these strategies will require changes in practice as well as procedures.
SPF, for example, causes e-mail forwarding to break. Why? Forwarding e-mail
preserves the original sender of the message in the mail header. SPF sees the
mail with the original sender coming from a different address (the forwarding
person’s account) and blocks it. The fix for this is simple: instead of
forwarding, you re-mail the message. The fix for other circumstances may not
be.
The most promising solution to curtailing SPAM: increase the cost of sending
mass e-mails. As in physics, without friction objects in motion tend to remain
in motion.
If these anti-spam technologies apply some friction to the distribution of
SPAM, mass e-mailing may begin to slow down. Mr. Gates may be on to something!
