What happened was, I was at a table with Jeremy Zawodny, Dave Sifry, and Doug Cutting, which is probably around fifty aggregate years of big-iron experience. So as usual we were bitching about spam, and we had an idea that would shut it down for sure. [Updates: Prior art and an improvement.]
Prior Art · Michael Davidson pointed out that Joel Spolsky proposed essentially this same idea in November 2002. Then again, Joel’s recent Unicode essay is remarkably parallel to my Intro and deep-dive, so clearly we think alike.
Other Updates · Since I published this on Oct. I got a lot of feedback and there was a lot of discussion in other blogs. Bottom line, I’ve thought about all the technical gripes that have been raised and I think none of ’em are show-stoppers; this proposal could be built and would work.
Also, I had the idea of bringing in the Post Office, see below.
We Can’t Go On Like This · We can’t go on like just trying to live with and filter spam. The volume has been going up and up and up monotonically and steadily as long as I’ve been using email, and this is just anecdotal, but lately it feels like the rate of increase has itself increased.
Yes, the Bayesian filtering that I’ve written about before has helped immensely, but the spammers are going to increasingly bizarre lengths to get around it, and a few percent are getting through, which in my case is starting to mean upwards of a couple of dozen a day.
An American Foo Camper was telling me that he was setting up a trip to Sweden, and some layer of spam filtering was persistently junking one half of the email correspondence, so he had to do it by phone, which was expensive and (given the time-zone issues) very inconvenient.
This little incident is just the first trickle of water through the hull after the ship hit the iceberg. Strong measures are required, and now.
Anonymous and Free is the Problem ·
Sending an email is relatively anonymous and very close to free; thus
The technology for reliably signing an email is out there and works; although
I don’t sign them myself Mozilla regularly shows me that little
glyph that says you can really believe the
Every email client has filtering already, and if you can’t already set it up to filter on the digital signature, adding that couldn’t be rocket science. Then you could of course just reject unsigned messages. The trouble is that it would be awfully complicated and expensive to get digital-signing machinery out there to everybody, and they shouldn’t have to put up with the fuss and bother; most people would rather not and that includes me.
The solution is straightforward: create a new kind of business, a relayer.
SMTP4All, Inc. · This (imaginary) company has a simple business model. It operates a really big password-protected SMTP relay. It sends email from anybody to anybody for 1¢ ($0.01) each. You open an account with them, drop in say $10 and you’ve bought the rights to send 1,000 emails. Or you could set up a monthly billing with your credit card, or whatever. You can’t send more than 100 emails in a day without an (email) exchange to verify that everything’s all right.
Every email that it sends it signs digitally. Then, you set up your email client to send all email that hasn’t been signed by SMTP4All or one of its competitors (there couldn’t be more than a couple of hundred) to the junk folder. Then you tell your friends to go and sign up with one of these guys if they want you to get their mail.
In the interests of facilitating commerce, governments might want to certify some of these relay operators and maintain a registry of them, it seems like a lot of public benefit for a really modest investment. Or ISPs could provide a list of generally-known-to-be-good relayers as part of their service.
Does That Do It? · It seems to me that this simultaneously solves all the problems, at a cost of a penny an email. I’d pay that in a flash to castrate the spammers, and I think most others would as well.
There’s no loss of anonymity: even if the forces of law & order require the US version of SMTP4All to make its customers identify themselves to facilitate DMCA subpoenas and the like, Amnesty International or some other public-spirited organization could decide to operate an ethical but anonymous service from offshore. Most people would be happy to add that to their list of approved relayers.
And it preserves the vital feature of email: a stranger can communicate with me. But we’re going to lose that ability for sure if we don’t break the back of the spam vermin.
Of course, the spammers are dead, because their business model can’t afford to pay a penny for each email. They’ll try to work out ways around the relayer service, but a couple of simple measures ought to make it very tough for them. First of all, there’s that hundred-messages-a-day limit, and secondly, it would be reasonable to require a short waiting period between the time you sign up with a relayer and the time you’re allowed to start using it.
From time to time, a spammer will figure out a way to scam a relayer and get a few million messages through. If that happens to some relayer more than once or twice, I’d say that relayer is going to be out of business.
Exceptions · There is going to have to be wiggle room for exceptions: the obvious example is a popular one-to-many email newsletter. The sender will have to negotiate a wholesale relationship with a retailer, but they’ll still have to pay. That means that some formerly-free list subscriptions are now going to cost you a penny a message. Deal with it; it’s the price of killing spam.
As for co-operative mailing lists such as those that drive the W3C and other talking shops, they could be a service offered by the relayers and only costing a penny per input message, but the relayer would be required to enforce the request/confirmation protocol to join the list.
Candidate Relayers · You don’t want there to be too many relayers, because that adds to the number of signatures you have to white-list. They need to be fairly hefty organizations, daily emails number in the billions, even with spam deleted. It would be nice if they already were used to the idea of charging small amounts of money for messaging services, and since we’re defending a common good here, it would be nice if they weren’t either accounting-driven corporate empires or cash-hungry struggling startups.
An obvious candidate comes to mind: the world’s Post Offices. They are big enough to build this infrastructure without excessive pain, they are all about providing a public service in a regulated environment, and there’s only one per country, more or less. They have a reputation for a certain amount of complacency and inefficiency, but let’s face it, running a big honking SMTP relay and collecting pennies is not, these days, rocket science.
I’m neither a “the public sector is inherently evil” right-winger nor a “public ownership of the means of production” Marxist, so having the Post Office do this gives me no heartburn; but I also see no reason why potentially well-qualified operators like Fedex or UPS or some of the larger phone companies shouldn’t be allowed in. It doesn’t matter, this is the Internet, once you define the protocols it’s going to be hard to keep market forces from operating.
Not Too Hard · The nice thing about this system is that everything works about the way it does now. You send mail with SMTP and you read it with whatever you read it with. Building the server infrastructure and making the client modifications to get this working could be the work of weeks, not months.