Bounty proposal for a Bitcoin-based email to fight spam.

[Sukrim]

Maybe a few other questions:

* Who should get the money from emails anyways? The recipient? The mail hoster (gmail, hotmail, your own mailserver...)?
* How do you attach 1 Bitcent to an email if you don't know a payout address beforehand?
* How do you know a mail was properly paid for if you only get a transaction of 1 Bitcent from a Bitcoin address and 2 mails at the same time from different senders, both claiming to be from this payment? Do you then require to have a signed message in the header of the mail or so from the sending address?

All in all I think a non-monetary "proof of work" would already be enough, though maybe in the future anyways everyone of us has a unique ID + certificate, so we won't have to worry about such stuff at all?

[1714781693]

1714781693

[Meni Rosenfeld]

It is a joke.  And old, old, old joke.  You were supposed to laugh.

Oh, I get it. I get jokes

The problem with spam, as pointed out by others before me, is that spammers are already not paying the cost of sending mail.  What makes you think they will start paying for it when you make it more expensive?  Why wouldn't they just keep using stolen resources like they do now?

Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages.

* Who should get the money from emails anyways? The recipient? The mail hoster (gmail, hotmail, your own mailserver...)?
* How do you attach 1 Bitcent to an email if you don't know a payout address beforehand?
* How do you know a mail was properly paid for if you only get a transaction of 1 Bitcent from a Bitcoin address and 2 mails at the same time from different senders, both claiming to be from this payment? Do you then require to have a signed message in the header of the mail or so from the sending address?

* The recipient.
* There will be some sort of DNS system that resolves email addresses to Bitcoin addresses. This will be handled automatically by the mail client.
* The transaction will embed a hash of the message.

[paraipan]

It is a joke.  And old, old, old joke.  You were supposed to laugh.

Oh, I get it. I get jokes

Sometimes yeah, your mind is Like a Cray computer Meni

The problem with spam, as pointed out by others before me, is that spammers are already not paying the cost of sending mail.  What makes you think they will start paying for it when you make it more expensive?  Why wouldn't they just keep using stolen resources like they do now?

Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages.

So then if someday we decide to use digital "stamps" it will actually work, great

* Who should get the money from emails anyways? The recipient? The mail hoster (gmail, hotmail, your own mailserver...)?
* How do you attach 1 Bitcent to an email if you don't know a payout address beforehand?
* How do you know a mail was properly paid for if you only get a transaction of 1 Bitcent from a Bitcoin address and 2 mails at the same time from different senders, both claiming to be from this payment? Do you then require to have a signed message in the header of the mail or so from the sending address?

* The recipient.
* There will be some sort of DNS system that resolves email addresses to Bitcoin addresses. This will be handled automatically by the mail client.
* The transaction will embed a hash of the message.

*Why the recipient ? He gets the information contained in the e-mail already. This has to be addressed.

*The "DNS system" is already in place, is the blockchain. The MUA software would hash the message and output you a bitcoin address. You pay the fee and e-mail gets sent automatically when bitcoin tx is broadcasted. If the e-mail is relayed with 1 confirm or not depends on server you connect to. The market would self regulate.

If TLS is used to communicate with the service provider you know the "stamp" is protected. "Stamp" would be swept by the service provider, MTA, that gets to send the message. The receiving service provider doesn't have to trust the other end, there are only two interested MTA's in the whole process, because they would relay a fix amount of e-mails and wait for the payment or ask a payment in advance for a chunk of them. No coins, no e-mail relay to local user boxes. The remote MTA would even have the ability to check total postage paid with the blockchain.

*The message would be hashed until you get something like this 1CfauqxxHNDVkZTmcsDik1LB9Ka5gmWqRT. You can try buying some "stamps" if you want. Thanks

[2_Thumbs_Up]

The problem with spam, as pointed out by others before me, is that spammers are already not paying the cost of sending mail.  What makes you think they will start paying for it when you make it more expensive?  Why wouldn't they just keep using stolen resources like they do now?

They are paying the alternative cost of the resources they control though. So if the value of keeping bitcoins is higher than paying "anti-spam postage" they will be inclined to keep the bitcoins, regardless of how they aquired them.

Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages.

Even if they do get access to the bitcoins, why should they mail them to others rather than themself?

[Meni Rosenfeld]

Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages.

Even if they do get access to the bitcoins, why should they mail them to others rather than themself?

If they get access to the bitcoins and take them, it means the payment system just made things worse.

Maybe this can be more robust if we give up on the idea that anyone should receive the coins. For example, there could be an alt "Mailcoin" which has a built in mechanism to convert bitcoins -> mailcoins, and the mailcoins need to be destroyed to send mails. It should also be possible to tie the mailcoins to a specific sender (decided when the bitcoins are destroyed to generate the mailcoins), so they will have no trade value and the spammer can't gain anything by directly stealing them.

[CIYAM]

Perhaps rather than a micro transaction make the amount of BTC per email much higher (say 0.1 or even 1.0) and have that amount then be returned to the sender iff the recipient agrees to (could be combined with the current "send receipt").



BTW the Email package for my up and coming open source platform does allow you to use Hashcash (but I really only put that in for fun).

[DeathAndTaxes]

It should also be possible to tie the mailcoins to a specific sender (decided when the bitcoins are destroyed to generate the mailcoins), so they will have no trade value and the spammer can't gain anything by directly stealing them.

Except the ability to send spam.

[2_Thumbs_Up]

Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages.

Even if they do get access to the bitcoins, why should they mail them to others rather than themself?

If they get access to the bitcoins and take them, it means the payment system just made things worse.

Why? 1 victim is better than 2 victims. Stolen rescources is better than stolen resources + spam.

And if it were my account or computer that was hacked I would prefer if the hacker only got away with a miniscule amount of bitcoins, rather than using my computer/account to spam others.

[Meni Rosenfeld]

It should also be possible to tie the mailcoins to a specific sender (decided when the bitcoins are destroyed to generate the mailcoins), so they will have no trade value and the spammer can't gain anything by directly stealing them.

Except the ability to send spam.

Yes, that's what I said, if he compromises the mail account and the coins he can send spam (less than with a payless system), but he can't steal the coins, which are useless for anything except sending mail from this account.

If they get access to the bitcoins and take them, it means the payment system just made things worse.

Why? 1 victim is better than 2 victims. Stolen rescources is better than stolen resources + spam.

And if it were my account or computer that was hacked I would prefer if the hacker only got away with a miniscule amount of bitcoins, rather than using my computer/account to spam others.

The payment per mail should be less than the value of a legitimate mail, but more than the compute resources required to send mail, and more than the value of a spam mail.

This means that if users keep enough coins in their account to comfortably suffice for day-to-day mail usage, hackers suddenly have a greater incentive to compromise accounts. Or not, depending on the numbers. I guess maybe it can work with direct bitcoin payments after all.

[enquirer]

Maybe this is a wrong thread, but I would like to have access to a bitcoin-based SMTP server. I am one of those dinosaurs that don't want to use web-based email. I'd pay something like 0.01BTC per email sent, provided there is no minimum amount to deposit. 1 BTC will last me through a year.

[2_Thumbs_Up]

If they get access to the bitcoins and take them, it means the payment system just made things worse.

Why? 1 victim is better than 2 victims. Stolen rescources is better than stolen resources + spam.

And if it were my account or computer that was hacked I would prefer if the hacker only got away with a miniscule amount of bitcoins, rather than using my computer/account to spam others.

The payment per mail should be less than the value of a legitimate mail, but more than the compute resources required to send mail, and more than the value of a spam mail.

This means that if users keep enough coins in their account to comfortably suffice for day-to-day mail usage, hackers suddenly have a greater incentive to compromise accounts. Or not, depending on the numbers. I guess maybe it can work with direct bitcoin payments after all.

My estimate is that the value of one individual spam mail is probably so incredibly low (since the vast majority of them are filtered and a majority of the rest are ignored) that the postage required is nowhere near the value of legitimate e-mails. The profit for spammers come from the huge amounts of mails they can send.

If the postage fee is calculated by the formula "spam profit/number of spam mails sent", then you have essentially made spamming unprofitable. I can't imagine that number is anywhere near an amount of money you actually need to care about, but maybe my estimates are completely of base. I don't really know the GDP or the revenues of the internet spam economy.

[paraipan]

Maybe this is a wrong thread, but I would like to have access to a bitcoin-based SMTP server. I am one of those dinosaurs that don't want to use web-based email. I'd pay something like 0.01BTC per email sent, provided there is no minimum amount to deposit. 1 BTC will last me through a year.

that was exactly what i see it will happen, but your e-mail will be the same private key that carries the 0.01 btc postage
Bitcoins will get swept by the smtp server and shared with the destination server. Backwards compatible and signed with strong crypto.

[Mike Hearn]

it would only unblock incoming mail instead of rejecting stuff that didn't use it.

These are two sides of the same coin, surely? If you have an overly aggressive spam filter that regularly has false positives and you want to use Bitcoins/PoW as a whitelisting signal, it boils down to the same thing as rejecting mail that doesn't provide those PoWs. In practice there will still be FPs that don't provide Bitcoins, so you still have to review the contents of your spam folder, therefore you gain nothing.

It could sit mostly-usused until it is widespread enough that people could start scaling down their regular spam filters knowing that all their legit mail will have a PoW.

To repeat an earlier point, you can already make a spam filter that works well enough for most mail by relying on DKIM to segregate mail streams. DKIM involves signing your outbound mail with a key for which the public part is in DNS. So you can check the domain of the From header cryptographically. All big players authenticate their mail with DKIM. Most mail sent on the internet is DKIM signed these days (note: not the same as most senders).

When Facebook launched Facebook mail, this is the approach they used and it's probably worth reviewing their postmaster site. They have a very simple policy. They offer no guarantees they will try and accept unauthenticated mail. "Unauthenticated mail may be rejected or delivered at a slower rate than authenticated mail."

If you want to mail a Facebook user, and you haven't upgraded to 21st century mail standards, you're out of luck.

   http://postmaster.facebook.com/

This simplifies the implementation of their spam filter considerably.  If you don't care about receiving mail from older/broken mail sources (like open source mailing lists), this is a very workable policy. Spammers can easily sign their mail, but then you can easily calculate a reputation over that mail stream and share it with other people.

What might be more interesting than using PoWs to throttle mail sending is a P2P network for distributing mail reputation data. The big players (Gmail, Yahoo, Hotmail, Facebook) all have their own reputation databases. Systems like SpamHaus are very driven by spamtraps and work at the level of IP addresses.

[Meni Rosenfeld]

it would only unblock incoming mail instead of rejecting stuff that didn't use it.

These are two sides of the same coin, surely? If you have an overly aggressive spam filter that regularly has false positives and you want to use Bitcoins/PoW as a whitelisting signal, it boils down to the same thing as rejecting mail that doesn't provide those PoWs. In practice there will still be FPs that don't provide Bitcoins, so you still have to review the contents of your spam folder, therefore you gain nothing.

Not "overly aggressive". Slightly more aggressive than it could otherwise be.

It is a general rule of machine learning that if you have another feature whose information content outweighs the added model complexity, you can improve your precision and recall. This may be less relevant if spam filters generally deal with black-or-white situations.

The system will only be relevant for unsolicited mail from someone that isn't whitelisted. Ideally, wherever the sender got your email address from, he can also see a note "this receiver uses Mailcoin" (complete with links to easy-to-use instructions for the uninitiated). If the message is important, and he sends it once without getting a reply (or with an indication that the message was spam-filtered), he can try sending again with payment. This can significantly increase how aggressive the spam filter can afford to be without missing out on anything.

You speak of spam as if it's a solved problem. I get spam, I get legitimate mail into my spam folder, and I have some of my own messages classified as spam. The problem is real, and I believe this can go a long way towards fixing it.

[Mike Hearn]

Spam, for a lot of people, is a solved problem at this point. The stats from Gmail users look very good and are stable over long periods. The last time I got a spam to my personal account it was from the hacked account of somebody I knew, and it was still classified correctly.

The general trend towards messaging on social networks like Facebook instead of email just solidifies this state of affairs.

I'm all for improving spam filtering for non-big-3 users. I think it has a lot more to do with making a better SpamAssassin rather than trying to get people to change how they send mail. The two types of project aren't really related.

[Meni Rosenfeld]

Spam, for a lot of people, is a solved problem at this point. The stats from Gmail users look very good and are stable over long periods. The last time I got a spam to my personal account it was from the hacked account of somebody I knew, and it was still classified correctly.

The general trend towards messaging on social networks like Facebook instead of email just solidifies this state of affairs.

I'm all for improving spam filtering for non-big-3 users. I think it has a lot more to do with making a better SpamAssassin rather than trying to get people to change how they send mail. The two types of project aren't really related.

I'm happy for you, but I get spam to my Gmail accounts.

[Mike Hearn]

BTW, here's a timely article:

  http://gadgetwise.blogs.nytimes.com/2012/04/11/gmail-fires-back-in-the-war-on-spam/

It contains stats on the FP/FN rates of industrial-strength filters.

Can you beat that if you impose strange rules on people who send you mail? Sure. But you could also just bounce any mail that you would have requested Bitcoins for, with a URL to a CAPTCHA. It'd work just as well.

[randomproof]

I see the problem being that bitcoin values are to volatile.  It is the same problem with decided what is the best transaction fee.  One month 0.01 BTC could be equal to $0.01 but later in the year it could be closer to $1.00. 

[SgtSpike]

The problem of fighting spam is not an economic one, it's about segregating and classifying mail streams correctly.

I work on the Gmail abuse (outbound spam) team. Forcing people to pay with money or resources to send spam will not work. The bulk of spam leaving Gmail these days comes from compromised accounts that are being accessed from compromised computers. At no point does the spammer ever use their own resources. Your scheme would just push even more pain onto victims of poor security practices.

Despite that cold reality, "report spam" markings are at an all time low for our userbase because traditional approaches to fighting spam do work. Authenticate your mail to make separation of streams easier. Calculate reputations on those mail streams. If somebody clicks report spam degrade the reputation. If people receive mail and read it/don't report it, increase the reputation. The principle is straightforward enough and the implementation is easy.

99% of the rest of the Gmail spam filtering code is for what you might call backwards compatibility - how to handle mail streams that do not authenticate themselves properly but still need to be classified correctly, and going deeper into divergent mailstreams to handle the case where, eg, a major mail sender gets hacked, or when your friends get hacked and spam you, or when a large webmail providers signup security fails and you get 10,000 spammy accounts sending from the same network as 1,000,000 good users.

I completely agree with Mike here... this is trying to solve a problem that is, by and large, no longer a problem.  I VERY rarely get spam in my gmail account (maybe 2-3 per month?), and less often than that get a legitimate email sent to my spam folder.  It's not an overwhelming amount of spam, like it used to be 6-7 years ago.  It's easy and quick to deal with.  And one of these addresses, I've had since Gmail was still in beta invite-only status.

So, introducing complication that costs users money AND time to fix a problem that takes a few seconds a month out of the average person's time is just silly, in my opinion.

[CIYAM]

I VERY rarely get spam in my gmail account (maybe 2-3 per month?), and less often than that get a legitimate email sent to my spam folder.  It's not an overwhelming amount of spam, like it used to be 6-7 years ago.

Whilst I agree that spam to the end user is nothing like the problem it was years ago (mostly thanks to Bayesian filtering) there is still the issue of waste to be considered (I think last I read it was estimated that more than 50% of all emails being sent are spam).

So in my opinion any approach to trying to solve this (what is for most end user's now a non-)problem would have to be instead aimed at the large email providers and/or ISPs as it is their resources that are being wasted by spam.