Suppose I want to send you an email and be sure that it will not be caught in your spam filter. What signal can I use to prove to you that my message is not spam? It must satisfy (at least) two requirements.
- It should be cheaper/easier for legitimate senders to use than for spammers.
- It should be cheap overall in absolute terms.
The first is necessary if the signal is going to effectively separate the spam from the ham. The second is necessary if the signal is going to be cheap enough for people to actually use it.
It is easy to think of systems that meet the first requirement but very hard to think of one that also satisfies the second. Now researchers at Yahoo! have an intriguing new idea that has received a great deal of attention, CentMail. According to this article, Yahoo! is planning to roll it out soon.
The sender pays a penny to have a trusted server to affix an electronic “stamp” to the message. Given that spammers could not afford to pay even one cent per message given the massive volume of spam, the receiver can safely accept any stamped message without running it through his spam filter.
Now here is the key idea. The penny is paid to charity. How could this matter? Because most people already make sizable donations to charity every year, they can simply route these donations through CentMail making the stamps effectively free. Thus, condition 2 is satisfied.
The first question that comes to mind is the titular one. (Settle down Beavis.) Remember, we still have to worry about condition 1 and whatever magic we use to make it cheap for legitimate email better not have the same effect on spam. But just like you, any spammer who makes donations to charity will be able to send a volume of spam for free. Apparently the assumption is that spam=evil and evildoers do not also contribute to charity. And we must also assume that Centmail doesn’t encourage entry into the spamming business by those marginal spammers for whom the gift to charity is enough to assuage their previous misgivings.
But these seem like reasonable assumptions. The more tricky issue is whether the 1 penny will actually deter spammers. It is certainly true that at current volume levels, the marginal piece of spam is not worth 1 penny. But for sure there is still a very large quantity of spam that is worth significantly more than 1 penny. For proof, just take a look in your snailbox. Even at bulk rates the cost of junk-mail advertising is several pennies per piece. With Centmail your Inbox would have at least as much stamped spam as the amount of junk mail in your snailbox.
This leads to the crucial questions. Any system of screening by monetary payments should be viewed with the following model in mind. First, ask how many pieces of spam you would expect to receive per day at the specified price. Next, ask how many spam you are willing to receive before you turn on your spam filter again. If the first number is larger than the second, then the system is not going to substitute for spam filtering and this undermines the reason to opt-in in the first place. For Centmail and me these numbers are 50 and 1.
Now continued spam filtering won’t necessarily destroy the system’s effectiveness. The stamp can be used in conjunction with standard filtering rules to reduce the chance your ham gets classified as spam. Then the question will be whether this reduction is enough to induce senders to adopt the setup costs of opting in.
Finally there is no reason theoretically that the total volume of spam would be reduced. Providing spammers with a second, higher class of service might only add to their demand.
Cheap Talk 
10 comments
Comments feed for this article
August 21, 2009 at 9:12 am
Divya
This idea is not new, http://www.clickgreen.com.au/engine.cfm does this by getting advertisers to send newsletters. For every newsletter you click on, clickgreen plants trees (not 1 per click, but a certain number listed in the footer of the homepage).
Though it is certainly novel that an email provider is doing this.
August 21, 2009 at 10:58 am
Noah Yetter
There are two major problems with your analysis.
One, junk mail and spam are of almost entirely different kinds. Most junk mail takes the form of advertisements from legitimate businesses. There are certainly scams and borderline-scams mixed in, but the average piece of junk mail is a credit card offer, or a flyer from a local roofer, or a take-out menu, and so on. Spam on the other hand is almost entirely composed of scams. Nigerian scams, foreign lottery scams, fake pharmaceuticals, et cetera. Which leads us to…
Two, spam is dramatically less effective per-unit than junk mail, and you are drastically overestimating how much spam would be sent at a cost of a penny each. Junk mail already costs a few cents per piece, so a certain response rate must be achieved to be profitable. Spammers must also achieve a certain response rate, at a minimum to overcome their opportunity costs, but that rate is several orders of magnitude lower because the cost of sending a unit of spam is very near to zero.
If a system such as you describe were universally adopted, spam in the sense we currently conceive would end. The hurdle is implementation and adoption, but that’s another issue.
August 21, 2009 at 11:54 am
Brij
I also don’t see spammers paying for using this service. Senders will have to provide some kind of identification (credit cards, bank account) to be able to pay for sending Email and get tax benefits. This in itself will be a major deterrent for spammers. Service provider will be able to detect and track spammers and take action (legal, ban).
August 21, 2009 at 12:29 pm
tylerh
I had basic idea over ten years ago. This particular scheme will fail, but a slight tweak will make it wildly successful.
First, the problem. This scheme only works if the stamps are *real*. You better believe the spammers will spend the resources to crack the authentication process.
However, the tweak to fix the authentication problem is easy: have the world’s Postal Services run the program.
The key here is Postal Services already have established enforcement mechanisms. In the US, those enforcers are the Postal Inspectors. Commit fraud by cracking a US Postal “e-stamps”, and you’ve committed a US Federal crime. The bureaucracy to hunt you down and lock you up is already staffed, which will greatly reduce the number of people willing to “fake” these stamps.
For those that don’t want to use US Postal stamps, I am sure Deutsche Post and the Royal Mail and plenty of others would like to join the fun. So competition to improve customer service is built it.
Moreover, the sender can vary the value of the “postage.” If I really want to make sure you read my email, I can buy a $10 e-stamp.
I wish them well: they are close to system that really could stomp most virtually all spam, and much junk mail.
August 21, 2009 at 4:29 pm
Daniel Reeves
Thanks for the CentMail plug!
One clarification: we do not see CentMail as ever replacing spam filters. Rather, the existence of a CentMail stamp is just one more feature that your spam filter can use in making the spam-or-ham decision. Perhaps an especially useful feature, for the reasons you give in the beginning of the post.
As your snailmail analogy proves, there certainly will be unsolicited messages that are worth well over a penny to the sender. But as Noah points out, those are currently a small minority of spam.
August 21, 2009 at 8:35 pm
el chief
Here’s a better system:
Case A
1. I send an email.
2. My ISP debits (charges) my account, say, 5 cents
3. Recipient receives email
4. Recipient appreciates my email and does not mark it as spam
5. My ISP credits my account 5 cents (after say 3 days)
Zero cost to me, recipient.
Case B
1. Spammer sends 100,000 emails
2. Spammer’s ISP debits his account 5 cents * 100,000 = $5000
3. Recipients receive email
4. 99% of recipients do not appreciate email, and mark it as spam (which notifies ISP)
5. Spammer owes $4950 to ISP
Caveats:
1. your friend could be a dick and mark your email as spam and see that you get charged 5 cents
2. charge would have to be sufficient to deter spamming
3. more accounting overhead for ISP, but less spamming detection
Thoughts?
August 24, 2009 at 12:37 am
jeff
The economics are spot-on (this is essentially posting a bond.) But I would guess there would be problems in practice. One way spammers operate is by hijacking unsecured computers and using them to send spam. Will an ISP take thousands of dollars from a customer who was the victim?
August 27, 2009 at 2:47 pm
allan
Charging for email to deter spam roughly dates the origin of email spam (I haven’t seen a similar solution for usenet). There’s even a very old and rather amusing form checklist, [that I haven’t tried to date]
The main problem is that spam comes from innocent user’s machines, sent without their consent. It’s hard to imagine a payment system that can’t be similarly subverted.
Those interested in learning more about the economics of spam and internet malware should check out the Workshop on Economics of Information Security. A survey of the field can be found here: http://www.cl.cam.ac.uk/~rja14/econsec.html
We’re hosting the next workshop at Harvard next June; a call for papers will be available soon. Perhaps Jeff would not mind posting a link (or perhaps he’ll consider it spam).
A postscript to tylerh – generating cryptographically secure scrip is fairly easy. It’s been well-explored (see the Financial Cryptography community: http://ifca.ai/) with a number of implementations for different reasons. The challenge is not in securing the data, it’s in securing the keys that protect the data.
August 28, 2009 at 1:31 am
el chief
It depends on the numbers.
An ISP could offer the pay for email service to certain customers, at a discount (based on the savings from less spam processing).
Imagine this. Your ISP charges say $40/month currently.
They offer a service at $30/month, but you have to run zombie-protection software on your computer.
The ISP would offer the discounted service in exchange for having access to your machine to protect it.
Barring that, there would be an incentive for people to protect their own computers.
Or they send you your massive bill but you get a month’s grace period if you de-zombify your computer.
There is nothing preventing an ISP from recognizing that Granma probably isn’t a spammer and could adjust her account after fixing her machine.
September 3, 2009 at 9:25 am
Bill Bartmann
Excellent site, keep up the good work