Penny Black Project Investigates Sender-Pays E-mail

Anonymous Coward writes "The Inquirer reports: Microsoft contemplating charging for emails. 'MICROSOFT IS UNFOLDING something it calls the Penny Black project in which people sending emails might have to pay for the privilege.' Microsoft's explanation of the project is here: The Penny Black Project." There are a lot of things going on at Microsoft Research -- no guarantee that particular ones are going to be released in the real world. (And Microsoft isn't the only party interested in sender-pays, or at least sender-risks-paying systems.)

Wow this article isn't what I expected.

[GreyWolf3000]

The Penny Black project is investigating several techniques to reduce spam by making the sender pay. We're considering several currencies for payment: CPU cycles, memory cycles, Turing tests (proof that a human was involved), and plain old cash.

This is an anti-spam tool that doesn't need to be paid in cash. This also presents /. with an interesting juggling act: we hate Microsoft, but we also hate spam.

Not such a bad idea, but who's running it?

[SpikeSpegiel]

This could be a good thing, after all, if spammers had to pay for all that mail they send, they would have problems sending millions a day.

On the other hand, I don't want to pay for email, I already get it for free. I think that this idea would be great if it could somehow charge spammers for emailing me, while letting me send out whatever i want.

Email is already free, I don't see a way for any company to charge for it, but I am all for using any tool to stop spam as long as it doesn't hurt me.

Easiest way to deter spam

[xenocide2]

The easiest way to deter spam is to charge per byte rather than a flat monthly fee. Of course this has the (sometimes) undesirable side effect of increasing the cost of downloaded/pirated goods...

No need to charge for email

[maynard]

So, the plan is to make the hundreds of millions (if not +1 billion) individuals who properly use email for individual communication in order to stop or slow down the few tens or hundreds of professional SPAMers from the expense of mass emailings. Why do I think this benefits the toll colector more than me? Why can't international and nationa legislation solve this problem?

I would argue that the real solution to SPAM is to fix SMTP such that it authenticates users and servers at the protocol level while mail is passed from the originating server to the final destination. But of course, there's no need to charge a per-email fee in such a circumstance. And while I'm not surprised to see Microsoft devoting R&D dollars toward such a scheme, given todays 'charge for it and make it fit into an economic model or it doesn't exist' guilded age we should expect MS is only one of many to try and find a way to extract more money for the things we take for granted as free today. Would anyone like to buy some of my bottled air?

--Maynard

Re:Remember the good old days...

[chriso11]

Except for messing up mailing lists, a neat way to limit spam would be to require the mail sender to factor a large number provided by the SMTP host. It wouldn't need to take too long - only 3 or so seconds on a decent computer, but it would really slow down spammers. If you need to send out an email to 20 hosts, it would take a minute, which isn't that bad. But if you were trying to spam 100000 addresses, that would require a good amount of time to crunch... Of course, the number to factor would need to be a good random number.

Bandwith charges?

[russianspy]

Here is an idea, it is borrowed from the way ISP's pay for bandwith.

Why not make networks pay for the e-mail that originates there? Subtract the e-mail that arrives. For most companies/networks - that will be just about an break even proposition. For the ones who allow spammers - well... that is going to get expensive pretty quickly. Sooo... they will either boot the spammers off, or get them to pay it. Either way, we win!

If you think...

[jpellino]

...that this will be limited to spammers, guess again. Once MS figures out how to charge anyone for sending anything, they will patent it, make it a standard, and implement it in every product they sell. And with their still overewhelming monopoly, this will go Charlie Foxtrot in record time.

And by the way, my incoming spam cost me only aggravation, and I'd rather tweak my mail.app settings than to pay someone by the message. By 'recipient' they must be referring to people running their servers and having to filter this stuff. Boo-fricking-hoo. Solve your mail server problems and do it in the ost resilient monetary fashion.

Maybe they're lining up behind the gummint under the apparently delectable idea that we can trample everyone's rights and assumptions to make life a little easier for people who aren't doing their job in the first place.

This is the electronic equivalent of plastic sheets and duct tape.

"We're from Miscrosoft. We're here to help."

Yes, I know it's only research, and it may never see the light of day, but then explain the rest of the half baked MS implementations that have been sanctified, dogma-fied, shoved down our throats and caused us to question our sanity - directx, .net, IE, access, passport, the most vulnerable servers ever devised, and that christless butterfly.

I gotta go.

What's worse is monopoly collusion with USPS

[michaelmalak]

From the Nov. 29, 2002 UnderReported.com story Microsoft and US gov teaming up to monopolize new "certified e-mail" postmark [underreported.com]:

According to a Nov. 21, 2002 Seattle Times article:

...at the Comdex technology trade show this week, ... a mundane product quietly unveiled at Microsoft's booth may have more of an impact on the average computer user.

On display was an electronic stamp the U.S. Postal Service plans to sell to certify authenticity and delivery time of e-mail.

[...] The plan is to have e-mail-postage software available in the next 30 to 45 days At first, it would be an add-on to Microsoft's popular Outlook e-mail-management software.

Later, it would be bundled into the new version of Microsoft's Office suite, due around summer. When loaded, it would appear as several buttons on the Outlook control panel.

Users would pay the Postal Service anywhere from a penny to $2, depending on the volume of use, to add an official stamp of authenticity. The stamp would be applied with a click, not a lick.

[...] Several attempts by companies to charge per e-mail for authentication services have failed, noted analysts at IDC, a research company in Framingham, Mass. [...] A key reason is people still don't trust the technology enough, IDC's research shows.

[AuthentiDate Chief Executive Rob] Van Naarden said electronic postmarks will succeed because they have federal authority. He said the stamps would provide legal force to electronic documents, and the Postal Service can prosecute people who circumvent the system.

So now it becomes clear why the Bush administration has gone easy on Microsoft -- it planned to become its business partner.

how it works *and* stays free

[Willy K.]

People are focusing a lot on the idea of paying real dollars in order to send e-mail. The thrust of the research in this article appears to be for alternative "currency" models.

So for CPU cycles, here's what I think they are doing:

Every email account has a notion of a "ticket pool". A valid ticket is very expensive to create. Say, it takes 5 minutes to make one on a fast modern machine, at 100% CPU.

When I send an email, a ticket is attached to it. This ticket is required for sending mail (say, through the Hotmail SMTP servers, for example). No ticket, it bounces back to me. When I get a reply to the mail, or perhaps some other sort of acknowledgement from the receiver that they meant to receive the mail, I get credit back for the ticket I used.

In normal circumstances, you almost never have to create new tickets. If you have 10 in your pool, and you are mostly emailing co-workers and friends, you never run out of tickets, and everything acts just like it does today.

However, if you are a spammer, and you want to send 1,000,000 emails per day to people who don't really want to get them, and are never going to reply to your email address (which, to make things worse, probably changes with every batch you send out, to keep yourself anonymous), it's too "expensive" to stay in the spam business. To send 1M unsolicited emails could cost up to 1M tickets, which you may never get credit back for. To generate those would cost 5M minutes on the client machine, which would mean 9.5 years of number crunching, to send one day's worth of email. Clearly not feasible.

Let's say we cut the time per ticket from 5 minutes to 5 seconds. Now, it's almost unnoticeable for normail email usage. An extra 5 seconds to send a mail? Totally not a big deal unless you are mass mailing. But again, to send 1M mails per day, even 5 seconds per mail costs 57.8 *days* worth of CPU crunching. Also completely not feasible.

Sounds like a great plan to me, once all the details I'm glossing over are worked out, but that's what research is for!

The only issue here, that Timothy hit on in a follow-up comment, is that there'd have to be mechanisms for valid mass-email to be sent out. Banks sending statements, Organizations sending email-newsletters, etc. Perhaps there'd be a way to give them a pool with a million tickets, and rely on whatever mechanism was used by the receiver to credit them back after the newsletter was read/received..something like that.

(Ah, the devil is in the details...)

Tricky project to get right, but it could definitely be a win/win.

Re:Not such a bad idea, but who's running it?

[callipygian-showsyst]

With one tweak, it could be quite tolerable.

Let's say it's FREE to send email to people who's "white list" you're on. This would include (if you're like me) 95% of the emails you send each day.

When you're sending an email to someone who doensn't know you (e.g., you're not in his addressbook "whitelist"), it costs you a penny.

For me, it would probably cost me between a dime and a quarter each month. I'd say that's well worth it to stop spam *and* to increase the chance that an email I send cold is read.

Sadly, most--if not all--unsolicited email I receive goes straight into the recycle bin. Who knows what I'm missing?! --

IM2000

[dmelomed]

http://cr.yp.to/im2000.html

it would never work

[Anonymous Coward]

I'll tell you why this would never work - or actually maybe why it *will*. Because big business can afford a penny per message and little guys can not.

For instance, I run a popular auction site and on your average day my system sends out about 1,500 auction-won notices, 1,500 auction closed notices, 2,000 auction closed without a winner notices, 200 account related notices (new accout, lost password, etc) and about 500 misc emails for other various reasons.

This comes out to almost 6,000 messages per day from my system (which is 100% free by the way). This doesn't even count personal correspondance.

Now there are a few questions. First, I run my own mail server for the auction site. Do I pay myself $60/day to send email? Or do I pay my ISP even though it isn't their server? Or do I pay microsoft for the right to send email from myself through my own server to my own users who are expecting to get these messages?

Re:SPAM prevention techniques

[iangoldby]

The trouble with a payment system though is that it itself is a technological solution that the spammers will eventually find a way around, just as people have at various times found ways to defeat the technological systems used to make us pay for phone calls.

Having said that, I for one would be happy to pay to send emails, in just the same way that I pay to make a phone call, if it did result in a reduction of spam to about the level of telemarketing calls (of which I get significantly less than the 500 spams a day that a previous poster mentioned!)

Re:Wow this article isn't what I expected.

[Narcissus]

I wouldn't mind having a government issued email address, so long as there was no law to require me to use it. Just as I can use FedEx, a pigeon or kid on a bike to deliver a package / letter for me without the involvement of the postal service, would they be able to stop me from using another email service?

And even if they enacted a law like that (how likely would it be, well here in Australia, anyway...), would they actually be able to stop you?

As I say, a government issued email address would be good, as then I can just use that for my "expecting spam" account, and free up a Hotmail account for some other person, or actually for receiving normal email, as no doubt the biggest spam shipments would go straight to the government addresses.

Re:Wow this article isn't what I expected.

[stand]

I can't say that I've received more than a handful of non-spam emails from hotmail, msn, etc. over the past 18 months either, but that does not detract from my central point which is that unsolicited non-spam emails tend to be of high importance to us. They are the proverbial babies that it seems you would be happy to throw out with the bathwater. Examples: The random email from an old friend you haven't heard from in years, a job lead from an old business contact (maybe using hotmail because it wouldn't be appropriate to use a business address from work), the email from a friend of a friend of a friend who saw you at the coffee shop and would like to get to know you better. I'm sure you can come up with examples that might apply to you.

The people sending these emails won't necessarily look down their noses at domain names like msn.com like we do because, frankly, most people don't care. My mom uses msn because it lets her communicate with her family. That's about as far as it goes for her. Because these kind of emails don't happen very often (esp. my last example...Damn!) and because *so much* email is crap that we don't want, I can see how we might be tempted to completely block entire domains, but that's not a solution, it's a capitulation.

Proposals like the Black Penny project are honest attempts to address the problem. I think it is possible that a trade-off point exists that would reduce spam (by making it too costly) while not making it too taxing (literally) on normal email users. It certainly doesn't hurt to speculate.

Re:RTFA

[Alsee]

No, this is about charging for email use.

As the title says, RTFA. The article isn't as clear as it should be, but many of the options do not involve any money whatsoever.

An option which the article doesn't specificly mention is the possibility of allowing the recipient of the E-mail to be the one who gets the money. I don't know if they are considering that option, but it would be an effective option. 10 cents or more per stamp is not a problem if most people simply decline redeem the stamp you used. If you send (non-spam) e-mail to your friends they aren't going to cancel the stamp (collecting the 10 cents). If they don't cancel the stamp it doesn't cost you a cent because you still have your 10 cents on deposit. You could keep re-using a single 10 cent stamp to send an E-mail every two days or so. With a $1 deposit you can send up to 10 E-mails every two days. If someone sends you spam or other undesireable mail you have the choice to collect 10 cents per E-mail.

Spammers will always use open mail relays that are off shore to send spam.

No, the point of the system is that you may use an E-mail client that would simply ignore or reject any unstamped mail.

I'm no fan of Microsoft, but they are one of the few entities capable of leading a change-over in the E-mail system to solve the spam problem. If Microsoft attempts to get greedy or abusive I will be in the front row bitching at them. We have to wait for them to actually decide on a system first. It could be a good system or a bad system.

-