I run an email server for myself and family members.

I was recently looking through some mailer daemon log reports and noticed that during the particular 24 period covered, it rejected 292 messages and delivered 87. Keep in mind, my server is invisibly small compared to the big provider's, or even an active corporate server.

This doesn't even account for many times more connections probing for open relays and other vulnerabilities.

So much traffic being transported by the Internet and such a large percentage is just noise.

 

What is the alternative? Would it be preferable?

 

Spam emails exist so that you can check that your email server is receiving.

 

I remember hearing of a proposal that the sender of an email would be charged a small fee (not sure who would collect that fee).
It would be small enough not to not affect the casual sending of an email (say a few cents), but enough to discourage the sending of thousands (millions?) of spam emails.
Seems like a good plan to me.

 

I remember hearing of a proposal that the sender of an email would be charged a small fee (not sure who would collect that fee).
It would be small enough not to not affect the casual sending of an email (say a few cents), but enough to discourage the sending of thousands (millions?) of spam emails.
Seems like a good plan to me.

I thought it would be a idea if all emails were stored on the sender’s server not the recipient’s, then the senders would have to pay for the storage, and it would be easy to determine where the spam emails were coming from.

 

And it is not only e-mail.
Lately, I have been receiving a boatful of spam text messages.
I delete and report, but they keep coming, as sure as the sun will rise again tomorrow.

Like mosquitoes on an otherwise lovely summer evening, you can control them, sort of, but never fully eradicate them.

 

Gmail does a reasonable job of insulating me from the most intrusive spam e.g. increased size for things I don't have. At least what gets through is down to a dull roar.

 

What is the alternative? Would it be preferable?

A properly written protocol instead of the overloaded SMTP which was never intended to do what it is being using for and stinks on ice in this role. Every effort to improve reduce the ability to spoof identities and/or send unsolicited email has involved patching and layering.

We need a purpose built protocol, even if there will have to be a transitional arrangement as it is implemented. The adoption of IPv6 is an example of doing something similar, and despite the whinging it is now all be transparent.

 

I thought it would be a idea if all emails were stored on the sender’s server not the recipient’s, then the senders would have to pay for the storage, and it would be easy to determine where the spam emails were coming from.

While this probably couldn't work, a different approach with a similar underlying idea night.

Change email from push to pull.

Implement a solid identification scheme that would verify the sender was whoever they claimed to be, and allow only a notification that mail was waiting to the recipient. Then the recipient (or her agent/server) can decide where or not to collect the email.

It could also include a quick and certain blacklisting mechanism that would stop all future attempts to notify the user.

As always there are details to work out, but something radically different is needed.

I don't understand the logic of allowing unsolicited messaging in any case. Even in push is retained, permission to push should be required. I can think of a number of schemes that vary in desirability depending on how allergic one is to centralization.

 

I don't understand the logic of allowing unsolicited messaging in any case.

Because E-mail took its cue from regular mail. You may certainly remember 10 or 15 years ago, where the home’s mailbox would be literally flooded with unsolicited junk mail, and one had to carefully fish out the important correspondence. Otherwise one could throw away something important, like a credit card statement, to the trash.

 

You may certainly remember 10 or 15 years ago, where the home’s mailbox would be literally flooded with unsolicited junk mail,

My mailbox may not be "flooded" but I still receive several items of junk real mail every day.
The only good think about that is, it helps to finance the postal service.

 

Because E-mail took its cue from regular mail. You may certainly remember 10 or 15 years ago, where the home’s mailbox would be literally flooded with unsolicited junk mail, and one had to carefully fish out the important correspondence. Otherwise one could throw away something important, like a credit card statement, to the trash.

Email's origin—SMTP—was a system where no thought was given to the idea that someone would send an unwanted message since the context was a closed community. But once it was possible to receive mail from anyone, and not just people with whom you have a common interest, it should have been clear that privacy and integrity features need to be core, not brittle layers that tend to stifle legitimate communication because they are such blunt instruments.

 

While this probably couldn't work, a different approach with a similar underlying idea night.

Change email from push to pull.

Implement a solid identification scheme that would verify the sender was whoever they claimed to be, and allow only a notification that mail was waiting to the recipient. Then the recipient (or her agent/server) can decide where or not to collect the email.

It could also include a quick and certain blacklisting mechanism that would stop all future attempts to notify the user.

As always there are details to work out, but something radically different is needed.

I don't understand the logic of allowing unsolicited messaging in any case. Even in push is retained, permission to push should be required. I can think of a number of schemes that vary in desirability depending on how allergic one is to centralization.

It would be more difficult to fake the sender if the e-mail didn't come from the sender's server.
Doesn't the S in SMTP stand for "Simple"? Aren't we now beyond the era when "simple" is good enough?

 

It would be more difficult to fake the sender if the e-mail didn't come from the sender's server.
Doesn't the S in SMTP stand for "Simple"? Aren't we now beyond the era when "simple" is good enough?

It is my contention that the "S" in Internet protocols should be read "Stupid" because the RFCs for "S" protocols tend to start out with disclaimers along the lines of, "this protocol is in intended to do this one thing" and the subsequent inheritors of the protocol's lowest layers add feature after feature to a foundation never intended to support them.

Even a case like SNMP, which superseded its intentionally limited predecessor SMGP, failed to drop the "S" even as it became anything but "simple". In fact, the strangely complicated nature of many in-use protocols has always bothered me.

I know from experience that thing are generally much more complicated under the hood than we'd like, but the rush to adoption tends to cement insecure, brittle, and unnecessarily complex protocols in place, causing even more mess by requiring repeated application of patching and layering of new backwards compatible "improvements".

I believe, based on experience, that an investment in careful design of the lowest layers, and of the layer-to-layer interfaces got a great way to make future enhancements not only possible but in many cases trivial.

If the time is taken at the beginning to properly abstract the problem, and not throw an "S" onto the name to semantically inoculate the lack of such abstraction, the messes like SMTP need not happen*.

*Please note this is not a criticism of the pioneers who initially developed things like SMTP and SNMP. I have the advantage of 20/20 hindsight and can stand on the shoulders of giants to see further. (I just realized I may have missed the significance of "standing on each other's feet¹", and could use it to describe what I said above very nicely.)

1. "Once, when Sir Isaac Newton was asked how he made all of his discoveries, he replied 'If I have seen further than others, it is by standing on the shoulders of giants.' Today, in the programming field, we mostly stand on each other's feet." —Richard Wesley Hammond (yes, the same person who invented the window; if you don't know who he is, read about him.)

 

I remember hearing of a proposal that the sender of an email would be charged a small fee (not sure who would collect that fee).
It would be small enough not to not affect the casual sending of an email (say a few cents), but enough to discourage the sending of thousands (millions?) of spam emails.
Seems like a good plan to me.

While it sounds attractive at first blush, the problem with this is that spammers aren't the only ones that send out lots of e-mails.

How many e-mails are sent out from this forum every day? I don't know the numbers, but it's probably going to be pretty fair size since many members elect to receive an e-mail notification for a variety of things. Unlike AAC, lots of forums are the creation of single individuals who bear the entire financial burden of operating it. It wouldn't take much additional cost to make them throw in the towel. Even EETech would have to consider whether keeping AAC going would be worth the additional cost. There are also lots of organizations that function via e-mail lists and not just formal organizations. I'm on several informal e-mail lists and every time anyone replies to an e-mail, a new e-mail goes out to every person on the list. One of them that I used to be on had several thousand members and typically saw about twenty e-mails a day. Even a penny per hundred e-mails sent would have cost them a couple thousand dollars a year, which would have been more than their operating budget, which was almost entirely covered by five people.

Then consider all of the organizations and companies that have millions of members/customers/subscribers and rely on email for communication. Any level of fee that would be small enough to not significantly impact these legitimate senders because it could be absorbed into the cost of doing business, would likely not be large enough to really impact spammers for exactly the same reason.

 

While it sounds attractive at first blush, the problem with this is that spammers aren't the only ones that send out lots of e-mails.

How many e-mails are sent out from this forum every day? I don't know the numbers, but it's probably going to be pretty fair size since many members elect to receive an e-mail notification for a variety of things. Unlike AAC, lots of forums are the creation of single individuals who bear the entire financial burden of operating it. It wouldn't take much additional cost to make them throw in the towel. Even EETech would have to consider whether keeping AAC going would be worth the additional cost. There are also lots of organizations that function via e-mail lists and not just formal organizations. I'm on several informal e-mail lists and every time anyone replies to an e-mail, a new e-mail goes out to every person on the list. One of them that I used to be on had several thousand members and typically saw about twenty e-mails a day. Even a penny per hundred e-mails sent would have cost them a couple thousand dollars a year, which would have been more than their operating budget, which was almost entirely covered by five people.

Then consider all of the organizations and companies that have millions of members/customers/subscribers and rely on email for communication. Any level of fee that would be small enough to not significantly impact these legitimate senders because it could be absorbed into the cost of doing business, would likely not be large enough to really impact spammers for exactly the same reason.

While I don't think it stands much of a chance as a proposal in general, if you structured it such that you had to pay the recipient to send unsolicited email—thereby allowing correspondents and mailing lists to bypass the fees, there is possibly some merit to it.

Maybe more to the point is to standardize the opt-in process by government regulation, using a cryptographically signed token generated with the recipient's key and the sender's key.and if spam is sent (defined by bulk email in the absence of a valid token for that recipient), the bulk email provider is fined, and if a pattern of such mail can be shown for the sender, they are liable for criminal penalties (wire fraud?).