From 819e56e1ea91c1f7a46d86c0220416197d0df3d5 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 26 Jan 2021 09:57:40 +0200 Subject: refactor: clarify how stamps may be given to strangers --- rethinking-email.md | 84 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 59 insertions(+), 25 deletions(-) diff --git a/rethinking-email.md b/rethinking-email.md index d8fe968..a930697 100644 --- a/rethinking-email.md +++ b/rethinking-email.md @@ -292,35 +292,69 @@ An employer runs their own email server, and that server determines which stamps it accepts. This lets an employer issue stamps on behalf of each of their employees. -Email servers could also, if so configured, issue stamps to senders -with no previous connection to the recipient. This might be done by the -sender having to produce some proof of work, which can be made -arbitrarily costly in terms of computing resources. For example, the -proof of work might require using five seconds of CPU time. This is -costly enough that it makes large-scale spamming infeasible. (See -[@hashcash] for an early suggestion.) - -This makes the stamp system vulnerable to attackers who have enormous -amounts of computing power, perhaps by using a botnet. It would be -good to replace proof-of-work with something that's not vulnerable to -a botnet. - -Alternatively, the email server could require the person sending the -email to solve a [CAPTCHA][]-like puzzle, which can be made -sufficiently varied to make it difficult to solve automatically. The -actual puzzle does not need be standardized, only the mechanism by -which the user is pointed at it, and how the result is communicated -back to the mail server. There could, and should, be a very large -number of different puzzles. + +## Receiving email from strangers + +In some cases it's important to be able to receive email from +strangers. A stranger here is someone to whom you've not given given a +digital stamp. Some examples of when this might be important: + +* you're an open source developer and you wish to receive bug reports + from strangers +* you work in a customer-facing role in a company and your customers + need to be able to reach you +* you've saved a dog from a tree and journalists need to be able to + reach to set up interviews +* someone you went to school with wants to congratulate you on your + marriage, birthday, newborn child, or other life event +* a former co-worker wants to ask if you want a new job with their new + employer + +Some of these cases can be handled by not using email: bug reports can +go into a web-based ticketing system; customers can get a single-use +stamp whenever they pay their invoice; etc. However, there will always +be cases when you want email from people to whom you've not yet given +a stamp. + +A mail server can, optionally, have a feature where it gives anyone a +single-use stamp tied to a specific sender identity. Unfortunately, +this could easily be abused by spammers: they'll automate the step of +requesting a stamp before sending the email. To counter that, the mail +server can impose conditions on giving out stamps: + +* In the simplest case, the server might never give out stamps; this + prevents spam at the cost of all desired email from strangers. + Whether that's an acceptable compromise is up to each recipient. + +* The server might require the putative sender to solve a [CAPTCHA][] + of some kind. The CAPTCHA might be a puzzle that is infeasible to + solve automatically. + +* The server might require the sender to write a short sentence of why + they want to reach the recipient. If that contains keywords chosen + by the recipient, the server issues the stamp. + +* The server might require some sort of [proof of work][]. This can be + cheap enough that it doesn't matter for rare occasions, but + expensive enough that a spammer would need to expend so much + computing resources it becomes infeasible. (See also [@hashcash] for + an early suggestion.) + +* The server could require a very small payment. (This is troublesome + in international communication, when "very small" is a irrelevant to + someone working in a rich country, but a sizable fraction of the + annual earnings of someone living in a poor country.) [CAPTCHA]: https://en.wikipedia.org/wiki/CAPTCHA +[proof of work]: https://en.wikipedia.org/wiki/Proof_of_work -Email servers could also sell stamps for real money. Even at trivial -costs, such as one US/EURO cent, this would be too costly for spammers. +The issuing of stamps to strangers is optional, and is meant to be an +interactive process. There doesn't need to be a standard way to do +that, or even an enumerated set of standard ways. Each mail server, +even each recipient, can invent their own. Flexibility here is +important, as spammers will evolve ways to circumvent any common +methods. -I emphasise that the recipient decides what stamps are valid. Their mail -server does not have to issue stamps to anyone who asks, if the -recipient doesn't want email from strangers. # What next? -- cgit v1.2.1