Pay Per Send--Friction in the Frictionless World of E-Mail

• By Phillip D. Long
• 02/27/04

We continue to suffer from the onslaught of unsolicited e-mail. Heuristic SPAM filters are getting better. The arms race between mass e-mailers and anti-spammers marches on. Today 56 percent of all e-mail is SPAM, according to Brightmail. Is our life better by virtue of this expression of First Amendment rights to communicate? According to the Pew Internet and American Life poll, 70 percent of e-mail users complain that SPAM makes our online experience unpleasant.

Economics is stacked against us. Sending 1,000 e-mail messages costs no more to the sender than sending 10. How do we increase the cost to the sender of e-mail messages that are bombarding your mailbox?

Ask Bill Gates. At the World Economic Forum in Davos, Switzerland, Mr. Gates predicted that SPAM would not be a problem in two years. The basis of his optimism is electronic postage. A small startup company called Goodmail has patented a form of electronic postage. The goal is to make sending mass e-mailings cost something to the sender, finally add a numerator to the cost/benefit ratio of mass e-mailing.

Goodmail’s system requires senders of mass e-mailings to affix an electronic stamp on their messages. ISPs inspect messages flowing through their systems bound for their customers and pass e-mail with Goodmail’s e-stamp. The e-mail is passed only after the ISP decrypts the stamp (an encrypted ID number) and sends it back to Goodmail for verification. If verification is received, the message is passed along by the ISP to the end user. If the e-mail d'esn’t have a valid stamp it’s routed to the bit bucket. End users can subscribe to mailing lists from which they wish to receive mail. The Goodmail e-stamp guarantees that the wanted mail arrives.

Large ISPs like Yahoo! are looking carefully at electronic stamp systems. They see them as potential alternatives that shield their subscribers from the unwanted barrage of e-junk. More attractive still is that the revenue generated from the sale of e-stamps would be passed along to the ISP, minus a small surcharge by the e-stamp company. Mass e-mailers pay whether the end user reads the e-mail or not, but e-stamps are franked only if they are correctly decrypted, validated, and the message delivered. The days of freely distributed mass e-mailings may be numbered if this model for regulating e-mail traffic gains ground.

Where’s the rub? First, it could work better than expected. Mass e-mailers may well be willing to pay for the privilege of sending their precious SPAM to you. The end result: large, well-heeled mass e-mailers could dominate the e-mail landscape.

Second, there are many mass mailers who are not spammers, strictly speaking. Faculty and students who run their own listservs are doing mass mailings to their subscribers. Some of these lists are large. Either these individuals will be required to pay for e-stamps to send their digests to their subscribers, or some mechanism to exclude certain classes of mass e-mailers will have to be devised. Alternately, a technological solution must be devised to identify different categories of mass e-mailers. This is a nontrivial problem.

A technique of many spammers is to spoof e-mail addresses for the return-to field, putting in legitimate addresses in their place. Preventing spammers from doing this lets users gain confidence that an e-mail coming from AOL, for example, is really from that ISP. The example is not randomly chosen.

AOL is indeed looking at a new Request for Comments (RFC) called “Sender Permitted From” developed by the Internet Research Task Force (IRTF). This implements the opposite of the MX records used by domain name servers to identify the machines that receive mail for the domain. These “reverse MX” records tell the world which machines send mail from the domain.

So what happens? A spammer sends you mail and forges Hotmail as the return address. You check Hotmail for an Sender Permitted Form (SPF) record and on finding it you follow the instructions provided there to determine if the IP address of the sender really belongs to Hotmail. You execute the command provided in the SPF record to look up the e-mail addresses of Hotmail users and check the hostname to see if it is hotmail.com— if it is, it’s legit, if not it’s a forgery.

Like most changes in basic services such as e-mail, the result of pursuing any of these strategies will require changes in practice as well as procedures. SPF, for example, causes e-mail forwarding to break. Why? Forwarding e-mail preserves the original sender of the message in the mail header. SPF sees the mail with the original sender coming from a different address (the forwarding person’s account) and blocks it. The fix for this is simple: instead of forwarding, you re-mail the message. The fix for other circumstances may not be.

The most promising solution to curtailing SPAM: increase the cost of sending mass e-mails. As in physics, without friction objects in motion tend to remain in motion.

If these anti-spam technologies apply some friction to the distribution of SPAM, mass e-mailing may begin to slow down. Mr. Gates may be on to something!