summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2021-01-26 07:58:25 +0000
committerLars Wirzenius <liw@liw.fi>2021-01-26 07:58:25 +0000
commitca055b859d22f584221885c5c4dc0ce01dba8986 (patch)
treef72826e0299c52bdb65225fe694d61812ee2d5b2
parent5b6f1e55ba9d7493bebeb0e5dc24cd9ef234a7d4 (diff)
parent819e56e1ea91c1f7a46d86c0220416197d0df3d5 (diff)
downloadideas-ca055b859d22f584221885c5c4dc0ce01dba8986.tar.gz
Merge branch 'giving-stamps-to-strangers' into 'master'
refactor: clarify how stamps may be given to strangers See merge request larswirzenius/ideas!4
-rw-r--r--rethinking-email.md84
1 files changed, 59 insertions, 25 deletions
diff --git a/rethinking-email.md b/rethinking-email.md
index d8fe968..a930697 100644
--- a/rethinking-email.md
+++ b/rethinking-email.md
@@ -292,35 +292,69 @@ An employer runs their own email server, and that server determines
which stamps it accepts. This lets an employer issue stamps on behalf of
each of their employees.
-Email servers could also, if so configured, issue stamps to senders
-with no previous connection to the recipient. This might be done by the
-sender having to produce some proof of work, which can be made
-arbitrarily costly in terms of computing resources. For example, the
-proof of work might require using five seconds of CPU time. This is
-costly enough that it makes large-scale spamming infeasible. (See
-[@hashcash] for an early suggestion.)
-
-This makes the stamp system vulnerable to attackers who have enormous
-amounts of computing power, perhaps by using a botnet. It would be
-good to replace proof-of-work with something that's not vulnerable to
-a botnet.
-
-Alternatively, the email server could require the person sending the
-email to solve a [CAPTCHA][]-like puzzle, which can be made
-sufficiently varied to make it difficult to solve automatically. The
-actual puzzle does not need be standardized, only the mechanism by
-which the user is pointed at it, and how the result is communicated
-back to the mail server. There could, and should, be a very large
-number of different puzzles.
+
+## Receiving email from strangers
+
+In some cases it's important to be able to receive email from
+strangers. A stranger here is someone to whom you've not given given a
+digital stamp. Some examples of when this might be important:
+
+* you're an open source developer and you wish to receive bug reports
+ from strangers
+* you work in a customer-facing role in a company and your customers
+ need to be able to reach you
+* you've saved a dog from a tree and journalists need to be able to
+ reach to set up interviews
+* someone you went to school with wants to congratulate you on your
+ marriage, birthday, newborn child, or other life event
+* a former co-worker wants to ask if you want a new job with their new
+ employer
+
+Some of these cases can be handled by not using email: bug reports can
+go into a web-based ticketing system; customers can get a single-use
+stamp whenever they pay their invoice; etc. However, there will always
+be cases when you want email from people to whom you've not yet given
+a stamp.
+
+A mail server can, optionally, have a feature where it gives anyone a
+single-use stamp tied to a specific sender identity. Unfortunately,
+this could easily be abused by spammers: they'll automate the step of
+requesting a stamp before sending the email. To counter that, the mail
+server can impose conditions on giving out stamps:
+
+* In the simplest case, the server might never give out stamps; this
+ prevents spam at the cost of all desired email from strangers.
+ Whether that's an acceptable compromise is up to each recipient.
+
+* The server might require the putative sender to solve a [CAPTCHA][]
+ of some kind. The CAPTCHA might be a puzzle that is infeasible to
+ solve automatically.
+
+* The server might require the sender to write a short sentence of why
+ they want to reach the recipient. If that contains keywords chosen
+ by the recipient, the server issues the stamp.
+
+* The server might require some sort of [proof of work][]. This can be
+ cheap enough that it doesn't matter for rare occasions, but
+ expensive enough that a spammer would need to expend so much
+ computing resources it becomes infeasible. (See also [@hashcash] for
+ an early suggestion.)
+
+* The server could require a very small payment. (This is troublesome
+ in international communication, when "very small" is a irrelevant to
+ someone working in a rich country, but a sizable fraction of the
+ annual earnings of someone living in a poor country.)
[CAPTCHA]: https://en.wikipedia.org/wiki/CAPTCHA
+[proof of work]: https://en.wikipedia.org/wiki/Proof_of_work
-Email servers could also sell stamps for real money. Even at trivial
-costs, such as one US/EURO cent, this would be too costly for spammers.
+The issuing of stamps to strangers is optional, and is meant to be an
+interactive process. There doesn't need to be a standard way to do
+that, or even an enumerated set of standard ways. Each mail server,
+even each recipient, can invent their own. Flexibility here is
+important, as spammers will evolve ways to circumvent any common
+methods.
-I emphasise that the recipient decides what stamps are valid. Their mail
-server does not have to issue stamps to anyone who asks, if the
-recipient doesn't want email from strangers.
# What next?