diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-01-26 07:58:25 +0000 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-01-26 07:58:25 +0000 |
commit | ca055b859d22f584221885c5c4dc0ce01dba8986 (patch) | |
tree | f72826e0299c52bdb65225fe694d61812ee2d5b2 | |
parent | 5b6f1e55ba9d7493bebeb0e5dc24cd9ef234a7d4 (diff) | |
parent | 819e56e1ea91c1f7a46d86c0220416197d0df3d5 (diff) | |
download | ideas-ca055b859d22f584221885c5c4dc0ce01dba8986.tar.gz |
Merge branch 'giving-stamps-to-strangers' into 'master'
refactor: clarify how stamps may be given to strangers
See merge request larswirzenius/ideas!4
-rw-r--r-- | rethinking-email.md | 84 |
1 files changed, 59 insertions, 25 deletions
diff --git a/rethinking-email.md b/rethinking-email.md index d8fe968..a930697 100644 --- a/rethinking-email.md +++ b/rethinking-email.md @@ -292,35 +292,69 @@ An employer runs their own email server, and that server determines which stamps it accepts. This lets an employer issue stamps on behalf of each of their employees. -Email servers could also, if so configured, issue stamps to senders -with no previous connection to the recipient. This might be done by the -sender having to produce some proof of work, which can be made -arbitrarily costly in terms of computing resources. For example, the -proof of work might require using five seconds of CPU time. This is -costly enough that it makes large-scale spamming infeasible. (See -[@hashcash] for an early suggestion.) - -This makes the stamp system vulnerable to attackers who have enormous -amounts of computing power, perhaps by using a botnet. It would be -good to replace proof-of-work with something that's not vulnerable to -a botnet. - -Alternatively, the email server could require the person sending the -email to solve a [CAPTCHA][]-like puzzle, which can be made -sufficiently varied to make it difficult to solve automatically. The -actual puzzle does not need be standardized, only the mechanism by -which the user is pointed at it, and how the result is communicated -back to the mail server. There could, and should, be a very large -number of different puzzles. + +## Receiving email from strangers + +In some cases it's important to be able to receive email from +strangers. A stranger here is someone to whom you've not given given a +digital stamp. Some examples of when this might be important: + +* you're an open source developer and you wish to receive bug reports + from strangers +* you work in a customer-facing role in a company and your customers + need to be able to reach you +* you've saved a dog from a tree and journalists need to be able to + reach to set up interviews +* someone you went to school with wants to congratulate you on your + marriage, birthday, newborn child, or other life event +* a former co-worker wants to ask if you want a new job with their new + employer + +Some of these cases can be handled by not using email: bug reports can +go into a web-based ticketing system; customers can get a single-use +stamp whenever they pay their invoice; etc. However, there will always +be cases when you want email from people to whom you've not yet given +a stamp. + +A mail server can, optionally, have a feature where it gives anyone a +single-use stamp tied to a specific sender identity. Unfortunately, +this could easily be abused by spammers: they'll automate the step of +requesting a stamp before sending the email. To counter that, the mail +server can impose conditions on giving out stamps: + +* In the simplest case, the server might never give out stamps; this + prevents spam at the cost of all desired email from strangers. + Whether that's an acceptable compromise is up to each recipient. + +* The server might require the putative sender to solve a [CAPTCHA][] + of some kind. The CAPTCHA might be a puzzle that is infeasible to + solve automatically. + +* The server might require the sender to write a short sentence of why + they want to reach the recipient. If that contains keywords chosen + by the recipient, the server issues the stamp. + +* The server might require some sort of [proof of work][]. This can be + cheap enough that it doesn't matter for rare occasions, but + expensive enough that a spammer would need to expend so much + computing resources it becomes infeasible. (See also [@hashcash] for + an early suggestion.) + +* The server could require a very small payment. (This is troublesome + in international communication, when "very small" is a irrelevant to + someone working in a rich country, but a sizable fraction of the + annual earnings of someone living in a poor country.) [CAPTCHA]: https://en.wikipedia.org/wiki/CAPTCHA +[proof of work]: https://en.wikipedia.org/wiki/Proof_of_work -Email servers could also sell stamps for real money. Even at trivial -costs, such as one US/EURO cent, this would be too costly for spammers. +The issuing of stamps to strangers is optional, and is meant to be an +interactive process. There doesn't need to be a standard way to do +that, or even an enumerated set of standard ways. Each mail server, +even each recipient, can invent their own. Flexibility here is +important, as spammers will evolve ways to circumvent any common +methods. -I emphasise that the recipient decides what stamps are valid. Their mail -server does not have to issue stamps to anyone who asks, if the -recipient doesn't want email from strangers. # What next? |