« Beckett vs. Duchamp | Main | Let the Dog Out! »
Private spam regulation?
What if Google decided to make a Gmail account cost $1 a year instead of giving it away for free? And what if you had to use a valid credit card to pay for it?
And further, what if your Google e-mail address had to include your real name?
And what if a violation of Google's anti-spam rules (I'm assuming they'd have some) would cost $20 per incident?
Suddenly Google would become the gold standard. People would happily let it through the spam filters. You could trust it. People would become suspicious of anyone who used any other online e-mail service.
That is from Seth Godin's Small is the New Big. Being a naive economist, I would sooner conclude that spam isn't so big a problem any more. It is at least a smaller problem than the costs of forcing everyone to use a single credit card-based email service. Of course we can imagine less monopolistic versions of this idea but we return to the notion that the open-access provision of the Internet seems more valuable than avoiding spam.
Posted by Tyler Cowen on September 17, 2006 at 08:40 AM in Web/Tech | Permalink
Comments
Gmail's spam filters are very good. Only one or two pieces of spam per month make it through to my inbox.
This means that other services either have something comparible now, or will have something comparible soon, or Gmail will drive them out of business.
Since Gmail is a free service, the marginal cost of blocking spam must be approaching zero.
Conclusion: Email spam is no longer a serious problem.
Posted by: The Other Brock at Sep 17, 2006 9:19:20 AM
Damn americano-centrists! ;-)
This plan would imply that everyone living in countries where they don't have access to international credit cards in USD are blocked out.
A similar system was proposed a while ago, following the model of the domain registry system: you wouldn't be able to email someone unless you'd digitally sign your email and to get a signature you'd have to comply with the regulations of your local registral. But this is also centralized.
Posted by: Gabriel Mihalache at Sep 17, 2006 9:36:24 AM
To the extent there is a problem, the market has already solved it by providing people with whatever level of protection they want to pay for. A free service brings little (but surprisingly good) protection. Those who want more protection can pay for it.
Also, FWIW, my various yahoo email addresses have garnered almost no spam over the past year or so.
Posted by: Guest 15 at Sep 17, 2006 10:10:08 AM
Anyone who thinks spam isn't a problem doesn't run a network, and doesn't realize that they're paying a hefty premium because of it. The cost is hidden in access fees, but it is there.
I run a relatively small network - about 3K users. We have 8 spam filtering machines for the mail cluster, and that's going to have to expand soon. About 80% of our mail traffic is spam. Put another way, if there were no spam, our bandwidth bill could go down by about 9%. Of course, that is passed on, so consider that the spam-tax on your bandwidth. (I am, of course, in contact with other network operators, and while it varies, this is about typical-to-low - the big operators attract proportionately more spam than the small fish like me.)
Posted by: fishbane at Sep 17, 2006 10:37:51 AM
fishbane, a very small part of the world bandwith is used by email so your numbers are misleading.
Also if property rights were properly enforced, the SPAM bill would go to Microsoft and its defective proprietary software (most of the world SPAM is sent by DSL machines running infected proprietary software).
And Microsoft rise is due to government intervention in the free market in the form of intellectual property monopolies...
Posted by: Laurent GUERBY at Sep 17, 2006 11:32:28 AM
Seth Goodin might should stick to what he knows. I doubt there is one spam shop running from a gmail account. There may be spam sent out with gmail reply-to addresses, but Google probably prevents individuals from mass mailing in the way spammers need to.
Spammers are running their own mail servers so that they can blast out as much email as possible.. It's trivial for google to detect a spammer using gmail to spam.
Also, spam is a large problem. It causes massive delays for sending and receiving emails on many corporate networks.
I know the ad hominum style isn't favored among learned types, but Mr. Goodin sounds like a doofus who is long opinion and short knowledge.
e
Posted by: eli at Sep 17, 2006 1:50:49 PM
Eli, you are detracting from the pleasure and usefulness of this
blog, to say nothing of your own credibility, with your name calling.
Please refrain.
Posted by: Dan at Sep 17, 2006 2:36:30 PM
A much better solution to the spam problem was proposed years ago, but its implementation suffers from a coordination problem.
The idea is that, every time a client wants to send an email to a server, the server gives it a large iteger nunber to factor. When the client returns the correct factors, the server accepts the email. This imposes a small cost (in computing power) on the sender. It imposes essentially no cost on the server, because multiplication is exponentially faster than factorization.
The increased time to send an email (perhaps ~1 second) would be trivial for normal users, but would impose a massive cost on spammers who spew out millions of emails a day.
Users who subscribe to legimitate mass mailers could waive the cost by adding the sender to a white-list. Increasing computing power could be accomodated by making the size and number of factors confgurable. (This would also allow differnet reciepients to impose differnent costs, reflecting their differing thresholds for reading unsolicited email.) There are a few other corner-cases to worry about, but I have yet to see an insurmountable objection.
It is possible to impose this system in a backwards-compatible manner. One introduces new signals into the email protocol (this has already been done several times) but makes them optional. When enough big players have signed on, one makes them mandatory. The difficulty is getting the big players to agree on whoose version of the protocol wins.
Posted by: David Wright at Sep 17, 2006 3:27:17 PM
I'm also going to question whether gmail accounts are used for spam reponse reception.
You've also got the problem of intentional spoofing of gmail accounts to burn a paying member. Spam wouldn't go out from the gmail servers (spammers use a variety methods to send out emails, including open mail servers, bot nets, sometimes even their own servers.) So, if a malicious person knew a persons gmail account name, which in your scenario would be based on their real name, they could send out a bunch of spam "originating" from that gmail users. Yadda, yadda, yadda, suddenly a legitimate gmail user sees a $10,000 bill on their credit card.
The problem with anti-spam measure, such as the "calculate the integer" option above, is you are then opening the mail server to new and exciting denial-of-service attack.
Really, the only cure for spam is to change recipients behaviour. The spammer (or phisher) only needs 1 person out of every 10,000 to respond to the email to make mass emailings worthwhile. How to do that is an excercise left to better social engineers than myself.
Posted by: Xmas at Sep 17, 2006 5:31:28 PM
Xmas: The DOS problem you cite (a client calls a server, says it wants to deliver an email, then disconnents and repeats) is already a problem without a factorization scheme. (The extra multiply that the factorization scheme adds to the server workload is a trival cost compared with the what the server has already done to build up and tear down the connection. Remember, it is the client that does the hard factorization work.) It is also a solved problem. All email servers already monitor traffic for signs of "rogue" clients and will refuse or give low priority to a connection request from a client that has recently behaved badly.
Posted by: David Wright at Sep 17, 2006 6:08:03 PM
My gmail account is dying of spam, and Gmail's spam filter is blocking my own messages to myself. It's a disaster, and Gmail's role at the hub of Google's digital identity strategy means the collapse of Gmail threatens the entire suite of Google services I rely on.
More here:
http://jfaughnan.blogspot.com/2006/09/be-evil-gmail-spam-data-lock-and.html
Posted by: John Faughnan at Sep 17, 2006 7:07:33 PM
"what is a violation" --> "what if a violation"
"Seth Goodin's" --> "Seth Godin's"
Posted by: Aaron Brown at Sep 17, 2006 7:17:39 PM
The problem's a little more complicated the Mr. Godin imagines. Essntially no spam actually orginates from Gmail now. (I'm quite sure that if I use Gmail to attempt to mail a really great offer to 5000 of my nearest and dearest friends, Gmail wouldn't let it go through.) So why is a fee and credit card needed?
On a lighter note, here's the checklist that explains why your spam-fighting solution won't work.
Posted by: scarhill at Sep 17, 2006 9:26:23 PM
Mr. Godin's idea reminds me of the idea that requiring centralized registration and licensing of all guns will eliminate all criminal uses of guns. How did that one work out?
Someone should let Mr. Godin know that for at least the last 4 years, almost all spam has used forged email addresses. This should be a pretty good sign that gmail and other ISP's already have sufficient protection against spammers using their accounts, and that stopping spam is going to require completely different approaches.
Posted by: DK at Sep 17, 2006 10:17:53 PM
That plan will simply cost riot! They couldn't simply cut down this free gmail accounts now that it giving us the pleasure.
Posted by: kat20 at Sep 17, 2006 10:34:12 PM
Most spam does originate from Gmail or other mail hosting services. Mostof it is sent from botnets.
Posted by: purpleslog at Sep 17, 2006 11:44:08 PM
I don't quite understand the difficulty of a "hash-cash" implementation just taking off immediately. The only coordination problem is getting someone to write a sorting plugin. If sender provides the cash, the message is instantly elevated. Standardize the number of bits required at the mailserver or societally:
"In other news, the cost of email has increased by one hash-bit. The EPostal Service says it has been forced to raise the price in response to lower volume, targeted junk mail and faster computers".
Server-lists can be whiteballed personally.
Posted by: mayonaise at Sep 18, 2006 5:38:29 AM
Laurent GUERBY:
Users of (proprietary) Microsoft software accept something called a license. I expect it contains a provision which makes it impossible to sue Microsoft for spam sent from infected PCs. A government could regulate that such a provision is illegal, though.
Posted by: A Tykhyy at Sep 18, 2006 12:10:47 PM
Don't bayesian spam filters basically solve the spam problem? I think I've gotten less than one spam per month since installing SpamBayes for outlook, and every single spam that's gotten through has been tagged as suspected spam. I'm sure something similar is avaiable for every major email client.
Posted by: dan at Sep 18, 2006 12:34:41 PM
Repeated claims that google isn't the source of spam miss the point. This scheme simply strengthens that (google is not the source of spam because of their fines) to the point that it becomes a strong filter rule.
There are several problems: how does google determine that something is spam? Legitimate mailing lists already have to deal with users reporting them as spam rather than simply unsubscribing. How does google deal with users that are joe-jobbed? How do they prevent it from happening in the first place? How does google know the credit card is still valid? Do they check that prior to every email?
What about work and academic email addresses? Is google really more trustworthy than mit.edu?
Posted by: Justus at Sep 18, 2006 1:29:18 PM
The factoring plan doesn't really work because it fails to take account for "Open relays in foreign countries" and "Armies of worm riddled broadband-connected Windows boxes" from the list linked above.
Godin's plan doesn't work, because not everyone wants to use Google. What if you don't want them to store all of your email? What if your account got suspended because you wanted to advertise your gun store and Google doesn't let you do that?
Contrary to popular belief, the people waging the anti-spam war are not idiots, or even particularly unimaginative. E-mail is useful because it's very cheap and easy to send, enough people will order herbal penis enlargement pills from spam to make it worthwhile to send, and Microsoft will not voluntarily give up its domination of the corporate productivity software market.
Posted by: Jake at Sep 18, 2006 2:40:52 PM
Jake: It looks like I have become the factorization answer-man, so I'll answer this objection as well. The factorization fee is levied by the receiving server (the one that's going to store the email for the receipient). That means that an open relay would have to pay the fee (do the factorization) in order to forward the email, which would make it cost-prohibitive (in terms of computing power) to run an open relay.
To anticipate some more objections: "But that means that AOL would have to pay for massive computing power just to be able to send its users' emails to Google users!" Large players would likely enter into trust relationships, in which each party agrees to levy the factorization fee directly on the sending user's machine and not levy the fee on their cross-server communications. "But that shuts out small players!" Small players sending few unsolicited emails already have the computing power to easily cover the cost. Small players sending large numbers of unsolicited emails are spammers, precisely the people we want to shut out.
Posted by: David Wright at Sep 18, 2006 3:36:36 PM
There is still a lot of ignorance about how spam works and how the internet works here. The entire point of the internet is to allow easy connectivity for everyone -- people with old systems, people in foreign countries, people at major companies, and people on homebrew systems in their garage. Once you create a system for trusted/paying customers only and exclude everyone else, you aren't on the Internet anymore. You're on the Excludernet, and your Excludernet will lack the Internet's combination of economies of scale and low barriers to entry, as well as alienating your friends and customers. No one with any business sense would switch over.
What's really annoying about Godin's proposal is that of all major companies, Google benefits the most from the Internet's current culture of openness, and they have the most to lose from a switch to closed/trusted systems. Anyone who suggests "Google should do this" is engaging in pure fantasy. Verizon might do this, AOL might try this, and Microsoft might think about it. But Google would be more likely to announce that they're giving up on computers and switching to publishing a big yellow book of directory listings once a year.
In another post, Tyler mentions that it sometimes helps to convexify your choice set by adding intermediate choices. This is a case where that doesn't apply. The two solutions of "open, risky Internet" and "stick to snail mail" dominate all the choices in between. Your cost to send mail is always going to be either 0 or 39-cents + postal commission approved increases.
Posted by: DK at Sep 18, 2006 4:22:43 PM
First - mass hordes of worm-infested windows machines are used today for their DSL uplinks. No reason they couldn't be used for their CPU power.
Second - consider eBay. They probably send out millions of emails a day. The email message does not originate from the computer of the user sending the message - it is generated from a server based on their action. The email is also generated asynchronously, so even if you briefly thought of putting a javascript on the web page to make the client PC do the factoring, you wouldn't know the number the receiving server wanted to factor.
Third - mailing lists. Through these beasties, I've probably created 200k messages in the inboxes of people who at least theoretically wanted to receive them. If you take away this functionality, I will be upset.
Posted by: Jake at Sep 18, 2006 4:25:36 PM
First - Factorization won't make hordes of bots go away, but it will reduce the damage they can do (fewer spams/bot/day) and it will make life much more difficult for their owners (from "not so snappy" to "unable to even play solitare").
Second - Many ISPs would likely choose to "trust" automated emails from eBay and Amazon without requiring factorization anywhere along the line. Of course, they wouldn't have to, which is precisely the point: that a receipient can name a "price" to accept an email and a sender can choose whether or not to "pay" it.
Third - The problem of legitimate mass mailings was already addressed earlier. Subscribers can white-list the senders of mailing lists to which they wish to subscribe. In effect, this forces mailing lists to become "opt-in", which is a good thing.
Posted by: David Wright at Sep 18, 2006 4:36:04 PM
