[ale] OT: the Penny Black anti-spam proposal

[Geoffrey]

ChangingLINKS.com wrote:
>> You're willing to continue to let all that bandwidth be wasted?
> 
> Yes. For some time (see below). Oh, by the way, exactly how much
> "bandwidth" is being wasted?

Estimates indicate that it's over 70% of all email.

> How (and how much) does it impact your
> ability to surf or use the Internet?

That's not the issue.  Wouldn't you like to have a $10 dsl connection? 
Don't you understand that the infrastructure of the internet must 
support the wasted bandwidth, and is in turn showing up in the costs of 
services?

> How much bandwidth does spam use as compared to illegal downloads?

A much greater amount I assure you.  I completely understand that 
'illegal downloads' are generally binary and larger then the average 
spam email.  But, the spam volume greatly exceeds 'illegal downloads' 
when it comes to bandwidth.

>> It could be put to such good use.
> 
> Like? (I am not being a smart *ss I am really curious as to whether
> spam email is "using bandwidth" to a degree that has kept the
> bandwidth from being used to do the more productive X - WHILE there
> is not enough bandwidth to go around. From my chair, I have not
> observed it - while I have observed DDoS attacks and the like, and
> can clearly see the damage inflicted.).

The issue is, YOU AND I are paying for spam whether you realize it or 
not.  Would you like to start paying for US mail you receive, even 
though you have absolutely no interest in it?

> 
> 
>> The solution should be at the other end of the pipe, not at the
>> receiving end.
> 
> 
> No. The solution should be at both ends (see below).

No, if you have a working solution at the beginning of the pipe, there's 
no need for one at the receiving end.
> 
>>> For example, some of my members have email accounts that make me
>>> (as a human) verify that I sent the email. It is not too much
>>> trouble to fill out the form. There are other solutions as well
>>> (like my personal method is just to simply change email addresses
>>> after my box starts to get overwhelmed by spammers that spider
>>> the ALE list). Others use spamassasin, etc.
>> 
>> None of these address the wasted resources, which is my primary
>> concern.
> 
> 
> Your solution wastes the resources of the ISP (giving them the task
> for billing for email) and possibly the resources of the receiver,
> but NOT the spammer. A spammer (or capitalist) will simply raise
> prices to offset the cost of sending the spam. Simple.

And you don't think the ISP is paying for the bandwidth usage now?  ISPs 
already bill their customers, further, they track bandwidth.  It's not 
that difficult for them to start billing by usage.

> 
> That in and of itself blows the pay-to-send model out the window -
> especially considering those NON-commercial interests (that are using
> the bandwidth :) for "good") that will be harmed in the process.
> Still, not well thought out.
> 
> Contrarily, if "everyone" (the type of everyone M$FT is proposing and
> likewise that YOU are proposing with a pay-to-send model) were to use
> "spamarrest" the results would be completely different.

All I've got to say about spamarrest is:

http://static.samspade.org/spamarrest.html

> 
> How, you ask?
> 
> What fuels spam is $ and volume. If "everyone" started using
> spamarrest, the spammers would have to verify each email they send BY
> HAND. Wouldn't that reduce the effectiveness of spam in general? 
> Next, once the "verified" spam got through, the receiver could easily
> ban the sender, and even set more criteria, thus effectively closing
> the pipe line. Wouldn't that reduce the effectiveness and volume able
> to be received?

I prefer a solution that does not impact the spammed.  I shouldn't have 
to tell you to stop sending crap I don't want.

> 
> Once you reduce the effectiveness of spam enough, you can raise the
> cost beyond what is profitable. You have recognized earlier that the
> solution I have supported works at the receiving end. Now, hopefully
> you can see how it works effectively at the sending end.

See my previous comments regarding spamarrest.

> 
> If that weren't good enough reason, there are other benefits: 1. The
> system that I support is ALREADY in use. No new research or guessing
>  needed.
> 
> 2. The system is IMMEDIATELY effective for the receiver. Set up
> spamarrest today, and by tomorrow, your inbox will be virtually
> spamless. Charging a dime to send an email won't necessarily do that
> - because that is a matter of ROI.
> 
> 3. While some of these "bandwidth" resources you are trying to
> protect will be wasted for some time, it is clear that MORE effort
> and resources will be wasted overall while the ISP scrambles to count
> and charge for each email sent. (By the way, where does that money
> go? To the ISP? To some Great Email God in the Sky? If not to the God
> - what keeps an ISP from simply marketing/ saying "Oh yeah, and we
> don't charge to send email like those other ISPs").

To the ISP, who in turn, rewards the REAL customer with lower rates.

> 
> 4. Regardless of the product being sold and it's margin or ROI, a
> spamarrest type of system will strangle the lifeblood of spam -
> volume AND reduce profit for the spammer simultaniously.
> 
> 5.  Lists like the ALE, and even my websites can continue
> correspondance regardless of how big they get (how much email is
> sent) - without incurring undue cost on good Netizens - while using
> the same verfication infrastructure already in place.
> 
> 6. a. While M$FT's solution focuses on processing power as a
> weakness, hardware (and software) is getting faster - which will make
> M$FT's solution weaker over time. b. While your solution focuses on
> cash reserves as a weakness, and heaps more responsibility on ISPs
> (and ignores viruses that could be set up to send spam from a
> victim's computer)

You deserve what you get.

-- 
Until later, Geoffrey	esoteric at 3times25.net

Building secure systems inspite of Microsoft