EFF Debate on Charging for E-mail Dyson v. O'Brien in SF

TONIGHT, April 20th, there will be a debate on the issue of per-message charges for E-mail, sparked by the recent debate over Goodmail and AOL.

The debate will feature former EFF Chair Esther Dyson, who has become a surprising supporter of pay-to-send E-mail, and EFF Activist Danny O'Brien, NTK author and coordinator of EFF's involvement in the efforts against Goodmail. Esther is also publisher of Release 1.0, host of the PC Forum conference and former chair of ICANN.

Alas, I won't be able to be there, as I am at a conference out of town, but those who followed the debate in my blog may wish to attend.

EFF will be fundraising, suggested donation $20 but donations are not mandatory.

You can get full details at the BayFF page

Comments

I find it more surprising that Danny and the EFF are against e-postage schemes, than that Esther is for them. Didn't she write about sender-charges hypothetically and favorably years ago? (For that matter, didn't you?)

Is that it's former EFF chair vs. EFF staffer, which is not actually all that surprising since we debate many issues internally all the time. Yes, Esther has been for these from the start.

I was for them in the sense of taking my first stabs at anti-spam as an engineering problem, I thought about these. When I thought more about the other consequences I decided they were a poor idea. It seems every month or so I see somebody come forward with the "original" idea of charging for e-mail to stop spam. (Even when I first proposed it a decade ago, others had already thought of it.)

The appeal is obvious, it would indeed impede spam. The question is, literally and figuratively, at what cost?

I look forward to the debate, but from my perspective...

The fact that so many smart people have been attracted to this idea over the years is a giant reason it deserves a fair try in real deployment. Finally, there are competing implementations and compelling commercial motivations for adoption.

To prejudge this approach before it can play out in the market -- as in the DearAOL campaign letter -- is a tactic more befitting the reactionary RIAA than the progressive EFF.

Without some novel and effective approaches, spam is killing email. Many alternatives -- whitelist-only acceptance, star chamber blacklists, and often arbitrary content filters -- can be far worse than a transparent, non-discriminatory delivery fee.

A spot in my inbox is not anyone else's entitlement, so a two-tiered Internet is *exactly* what I want: one cheap tier for small-volume mail from desired correspondents, and another costly tier for bulk and spam emailers.

I'd rather have my mailbox filled by the affluent than the effluent.

That mail is cheap and efficient is a feature, not a bug. It was designed that way, and the internet cost contract (I pay for my end, you pay for yours) defeated all the other networks, including the pay to send E-mail networks for very good reasons. We want to undo it because we can't think of anything better for spam?

There are lots of better solutions to spam than this. For example, the system I use is highly efficient and very close to 100% accurate. Namely, take the best available filters. Discard what they are very, very sure is spam. Pass what they are very sure is legit mail. Challenge the in-between with a simple turing test. In practice, the turing tests are very rare and vastly less annoying than having to talk to a secretary to reach somebody. In addition filter only public mailboxes, private addresses never revealed in public need no filters.

Point is, it works. Nobody's mail is lost as they get the chance to confirm. A little spam can cheat the filters, but it's nothing to lose sleep over. When there are solutions that work, why would we want to deliberately break E-mail?

Productize your approach, and drive GoodMail out of business -- if you've nailed it so well.

I'm not sure the net social cost of your filters plus Turing tests would be less than that of tiny e-postage micropayments. My two levels of client-side content-based spam filters already render my laptop nearly unusable for about a 15-minute period when catching up on a day or two's worth of spam. (That's in addition to some server-side prelabelling.) And all the oh-so-poor newsletters inconvenienced by e-postage would be similarly inconvenienced by all the Turing-challenge-bounces they'd get.

Only a competitive economic process can really weigh alternatives against each other as to what approach, or hybrid approach, offers the most benefits at least cost. Perhaps it's even like your approach, but with a postage-due-challenge rather than a Turing-challenge. (I'd rather pay a penny than spend even 30 seconds answering a challenge -- and anyone who can't afford a penny, could probably earn it, Mechanical Turk-style, if they they were willing to solve some other Turing challenge.)

I also suspect your solution only works well for you because so few people are using exactly it. Scale it up, and spammers will figure out ways to pass your Turing test. Or poison others' spam filters against your challenges, so that they never get through. Or a thousand other things to gum up the system.

A nice thing about e-postage is that it can neatly sidestep the red queen race of esclating countermeasures: it honestly declares "this is how much it costs a stranger to arrive in my inbox". Then the whole execrable rathole industries developing ever-more-sophisticated-filters and ever-more-sophisticated-trickery can just go away, redeploying their resources to more productive endeavors. Wanted mail will get through and unwanted mail dropped, due simply to a consensual economic transaction between sender and recipient. No byzantine layers of technological weaponry need be designed and deployed between them, sucking up communication-created value that rightly belongs to correspondents.

My solution doesn't get rid of the desire to buy protection from goodmail.

The problem with goodmail, and many other anti-spam solutions, is they are innovation killers, because they require e-mail sending apps to be money enabled, and worse, financially justifiable. With per-mail charges, you get no hotmail, no gmail, no apps that send mail on your behalf (including, I will point out, one I am building.) No evite. No social networking sites. Not just because they would need to pay money to send mail for people but because if they want to avoid that they need a way to have money accounts for users. Most innovations would be killed dead really, really fast. You may not realize what a killer having to add money to an app is. Or even permission.

But this is just one of many reasons the idea sucks.

Small costs like a penny would still have plenty of spam. Large costs screw up most of the dynamics of email. We really should be sure we've run out of other ideas before being tempted into this one.

I can't follow your implication that Gmail, Hotmail, Evite, and other services couldn't survive e-postage. The free mail sites are, I suspect, net receivers of bulk and spam mail, and handling such mail is a major expense for them. So anything which lowers or offsets those costs makes those businesses easier to run. Evite, for all its faults, has not to my knowledge sunk to sending spam unrelated to event invites & reminders -- so it would be on my personal whitelist, if not the overall whitelist of any inbox provider I use. As would some (but not all) social networking sites be on most whitelists.

Getting mail from new and marginal services can already be dicey with current filtering. Postage ensures the really valuable mail (like say a utilities-disconnect notice) can get through -- it can be a filter-error safety valve much like your preferred Turing challenge. And even without any sender-side infrastructure upgrade, or 'money accounts for users', the 'postage due' bounce could offer the sender an URL where they can pay out-of-band. That's no more cumbersome than your preferred Turing challenge for suspect emails. (Indeed, I think the option of either paying cash or answering a Turing challenge is a likely hybrid evolution.)

My intuition is that ultimately, a relatively volume-independent 'responsible sender' credentialing flat fee (or bond) would dominate rather than per-message fees. After all, the marginal cost of email delivery is inherently small, and the real aim here is to freeze out bad actors, not add friction at every step for every actor. (The anonymity-reducing aspects of such a system are left as a topic for another day.)

But to even find out what mix of filtering/challenges/fees works best, and which are the optimal entities to bear the costs and responsibilities, requires an iterative process of deployment, commerce, and user feedback. That market-learning process shouldn't be preempted by what -- in the DearAOL campaign -- look to me like reflexively anti-economic objections.

I fear, though, that I'm repeating myself and the main event debate is in a couple hours. Perhaps I'll better understand the objections afterwards...

Flat fees for certificates are much more acceptable, and would probably end up being pretty low.

But I think you're wrong about what innovations would be stopped. I'm building code that will send email on behalf of users. It will not receive mail. If I get lots of free users sending millions of mails, how do I pay the per-email fees? More to the point, why should I even have to worry about it?

Yes, hotmail receives mail, and if you take the goodmail model they might win on the balance (not sure that's good) but friendster and many other apps don't receive, they just send. Anonymous remailers, so important in the history of the net, also would never have been able to exist. If the prices are enough to scare spammers, they are enough to scare any legit app that dreams of success.

Everybody underestimates how much simple permissions and costs stomp on innovation. Look at crypto export regs to learn otherwise. You just had to do paperwork to export crypto, no regs if you just went domestic -- result was effectively no good crypto in software for 7 years. Apps should be judged on more than whether they are financially viable.

Brad: "I’m building code that will send email on behalf of users. It will not receive mail. If I get lots of free users sending millions of mails, how do I pay the per-email fees?"

You mean, like Plaxo? Or sms.ac? No, thanks. Every spammer can make a case their spew is wanted. If you want to build a new service sending millions of mails, I'm fine with the idea that you don't get to fill millions of inboxes unless you've earned the necessary trust -- with an impeccable reputation, or borrowed credentials from your users, or yes, payment of a credentialling fee or bond or per-message postage.

(I also prefer the Dysonesque system of postage refunds: if the recipient doesn't claim the payment with a complaint, you get your postage back. But we'll have to experiment with various payment systems to possibly get there.)

Barring a postage system, your innovation won't be facing evergreen meadows where every message effortlessly finds its delighted recipient. It will face a deteriorating paranoid mail exchange environment where your mere pattern of large-scale messaging or a few ornery user complaints could get you blacklisted with little recourse. At which point you'd have to expend cash-equivalent resources to try to get through, with no guarantees of success.

If the postage rate for an upstanding fellow like yourself works out to less than the effort you'd have to spend in its absence to get the same rate of delivery, then what's the complaint? The postage system would then be less burdensome on your speech and innovation than the alternative. Your objection should not be one of category, but of cost -- and let's see what the actual market prices turn out to be before condemning the "sometimes-senders-pay" mechanism.

(I wanted to table anonymity, but since you bring it up:

Anonymity is already under assault by the current regime of spam filters: the same people who would choose ISPs with postage-protected inboxes are likely to choose ISPs who blacklist anonymous remailers. So I don't see postage as making things any worse. And if you figure on anonymous cash of any sort -- Chaum-esque, or hashcash, or credits for anonymous Turing work, or credits for received mail -- then anonymous senders can pay postage, too. Perhaps net postage balance liquidity will bootstrap a golden age of anonymous commerce! I'm not holding my breath on that one, though.)

That's the system I proposed 10 years ago, to not use a stamp but a cheque that is not redeemed most of the time. (Back when I was one of the first advocates of this idea and before I figured it was wrong.)

And no, not like sms.ac or plaxo. Sending real individual email from real people who want to reach other real individuals. They would have sent the email from their own tool, but they want some software to generate it and send it. I guess they could cut and paste, that sounds like a great UI.

Anyway, once again you and others argue for e-mail postage by saying, "Spam is bad, spam is ruining email" -- which is true -- "so if we don't have email postage email is doomed" which simply doesn't follow. Yes, we need solutions -- that isn't the subject of debate. The question is, which solutions have the least collateral damage. You act as though there is no way to deal with spam but this. At least that's how I take the phrase "barring a postage s ystem..."

As I've said, there are other systems, and we've hardly explored the entire solution space either. I know we think in internet time, but spam is, on the grand scale, a very young problem.

Adapt a postage scheme, and it's hard to see it as anything but permanent. Even if better schemes come about, where are the incentives to strip out the postage scheme? Especially if the recipient or their ISP is getting they money. Why not just continue to run that pay system in addition to the new one?

Now mostly in the past I wasn't too worried, because I judged it to be too difficult, as I write in my main essay on this topic, to get this started. After all, you bounce my mail with a demand for money (and for me to install new software to offer the money) and I'm just not going to send you the mail unless I am desperate to reach you. One innovation to give to goodmail, they've found a way to get some people paying and get a foot in the door, which is the real thing that's scary about them.

Let's face it. Spam is a big problem. The main reason that it
is a big problem is that email is cheap to send. Yes, we don't want
to throw the baby out with the bathwater and "pay for the connection,
not for what is transmitted along it" is a good concept in general.
It works for the web. The problem with spam is that the user is forced
to look at it or hope that his anti-spam scheme works well enough so
that he doesn't miss anything he wants to see.

My ISP charges a small fee for the use of his SMTP relay server to
send mail through. He keeps it spam-free; that's what we are paying
for. Thus, other folks will not blacklist his SMTP relay server.
I can block most spam by not accepting email from any IP address
which has spammed me in the past. Thus, other folks are encouraged
to send email through a spam-free relay. It costs money to keep
it spam-free.

(Just to be clear, I send email through the SMTP relay server at
my ISP. Email is received directly at my IP address.)

Actually, I don't pay for each email sent, but rather a "reasonable
number" of emails are included as part of a package deal. If I
need to send more, as part of an automated mailing list or
whatever, I can choose that option as well.

I started looking at this in detail when my ISP complained to me
that I was sending too many emails. It turns out that these were
automatically sent rejection notices sent by my SMTP software. The
reason for the rejection was almost always "no such user". I changed
the strategy and now drop the connection with a permanent failure
(with notice in case someone really did just mis-type something).

I get a spam email every few seconds. Almost all are sent to
users which don't exist at my end, and never did. It's a dictionary
attack. However, these come mostly from open relays and dynamic IP
addresses. If I reject those already at the IP-address level, then
I reject almost all spam.

Would I prefer to send email directly from my IP address? Perhaps,
in an ideal world. However, it is a very small effort and a very
small cost to send it through a spam-free SMTP relay server.

This boils down to accepting email from a white list of trusted
SMTP relay servers and rejecting it from a black list. No payment
as such. However, the people who run the SMTP relay servers have
to cover not only the cost of the server, but also the cost of
making sure that no spam is sent through them. It's only fair to pay
them to do this.

Yes, from what I've read about the AOL Goodmail stuff it seems less
than ideal. But why not just encourage people who don't like it to
move away from AOL? Losing customers might convince AOL; arguments
probably won't. But I think it is wrong to come out against
"paying to send email in general". That seems to be throwing the
baby out with the bathwater.

Add new comment