Re: [ietf-smtp] epostage is still a bad idea, the inedible parts of IETF dogfood consumption - SMTP version

[Phillip Hallam-Baker <phill@hallambaker.com>]

If we knew how to deploy such a radical change as sender pays, we would
surely also know how to do the much easier task of replacing SMTP with a
protocol that is secure by default.

* Every message is signed by the sending client.
* Every message is signed by the originating mail service.
* Every mail receiving service performs access control on inbound messages
* Every mail client performs access control on messages

Messaging abuse isn't entirely absent on Facebook, Skype, Signal, etc. but
it is virtually non-existent compared to telephone and email. We are
rapidly reaching the point where a large number of customers are going to
start unplugging from POTS and only use it for voice mail because the level
of abuse is utterly insane.

Subjecting every message to access control is pretty straightforward when
you can start with the principle that every message is authenticated by the
sender. Defining a set of access control rules that work for me is pretty
straightforward.

1) I will accept a contact request of 200 characters or less from anyone

2) I will accept requests from anyone in my contact book that are
compatible with the authorizations specified there (e.g. Alice can send me
mail or voice, Bob only voice, Carol can send me code, etc).

3) I will accept messages from anyone who has attended an IETF meeting or
is a member of an an affinity group I am a member of (school, university,
etc. etc.)

4) Reject everything else

Trying to shoehorn this into the legacy SMTP environment is tough because
the default is insecure. But there are plenty of closed environments that
don't use SMTP which could switch to another messaging protocol.

While I was writing this, I was interrupted by the Nest telling me
something I didn't need to know. There is also a 'secure' messaging center
on the Nest site and I have the same for each of my banks, brokers, etc.
Wouldn't it be nice if all of those could send me messages using a protocol
they know is secure and meets their HIPPA, GDPR, MMQF, etc. requirements?

As John points out the telephone system is collapsing. Most of the
complexity goes into collecting payments at the per call level that are
irrelevant in a world that is moving to flat rate.



On Wed, Dec 18, 2019 at 9:21 AM John R Levine <johnl@taugh.com> wrote:

> On Wed, 18 Dec 2019, George Michaelson wrote:
> > IF we had implemented sender-pays, the SPAM problem would be radically
> > different. It would still be there, and the existence proof is SMS
> > spam.
>
> I wrote a white paper on e-postage in 2004.  Nothing has changed since
> then other than that some of the numbers would have a few more zeros.
>
> https://www.taugh.com/epostage.pdf
>
> tl;dr:
>
> Nobody knows how to run a payment system for billions of messages a day
>
> Nobody knows how to pay for a payment system for billions of messages a day
>
> Nobody knows how to manage a payment system for billions of messages a day
>
> Typical problem: botnet takes over Grandma's computer and sends a spam
> blast.  Does she pay the postage?  If not, who does?  If the answer is
> nobody does, how is that an e-postage system?  Keep in mind that every
> spammer in the world will claim to be a botted grandmother (many already
> do.)
>
> R's,
> John
>
> PS: The current STIR/SHAKEN mess reminds us that settlements in the phone
> system no longer work either.
>
>