Topic: Bounty proposal for a Bitcoin-based email to fight spam. (Read 4669 times)

Email servers are already monetized for the most part. The free ones have advertising and that's partly why they work so well for now (for some). I just have a feeling that even email will one day become decentralized through agents.

Whilst I agree that spam to the end user is nothing like the problem it was years ago (mostly thanks to Bayesian filtering) there is still the issue of waste to be considered (I think last I read it was estimated that more than 50% of all emails being sent are spam).

So in my opinion any approach to trying to solve this (what is for most end user's now a non-)problem would have to be instead aimed at the large email providers and/or ISPs as it is their resources that are being wasted by spam.

I completely agree with Mike here... this is trying to solve a problem that is, by and large, no longer a problem.  I VERY rarely get spam in my gmail account (maybe 2-3 per month?), and less often than that get a legitimate email sent to my spam folder.  It's not an overwhelming amount of spam, like it used to be 6-7 years ago.  It's easy and quick to deal with.  And one of these addresses, I've had since Gmail was still in beta invite-only status.

So, introducing complication that costs users money AND time to fix a problem that takes a few seconds a month out of the average person's time is just silly, in my opinion.

I see the problem being that bitcoin values are to volatile.  It is the same problem with decided what is the best transaction fee.  One month 0.01 BTC could be equal to $0.01 but later in the year it could be closer to $1.00. 

BTW, here's a timely article:

  http://gadgetwise.blogs.nytimes.com/2012/04/11/gmail-fires-back-in-the-war-on-spam/

It contains stats on the FP/FN rates of industrial-strength filters.

Can you beat that if you impose strange rules on people who send you mail? Sure. But you could also just bounce any mail that you would have requested Bitcoins for, with a URL to a CAPTCHA. It'd work just as well.

I'm happy for you, but I get spam to my Gmail accounts.

Spam, for a lot of people, is a solved problem at this point. The stats from Gmail users look very good and are stable over long periods. The last time I got a spam to my personal account it was from the hacked account of somebody I knew, and it was still classified correctly.

The general trend towards messaging on social networks like Facebook instead of email just solidifies this state of affairs.

I'm all for improving spam filtering for non-big-3 users. I think it has a lot more to do with making a better SpamAssassin rather than trying to get people to change how they send mail. The two types of project aren't really related.

Not "overly aggressive". Slightly more aggressive than it could otherwise be.

It is a general rule of machine learning that if you have another feature whose information content outweighs the added model complexity, you can improve your precision and recall. This may be less relevant if spam filters generally deal with black-or-white situations.

The system will only be relevant for unsolicited mail from someone that isn't whitelisted. Ideally, wherever the sender got your email address from, he can also see a note "this receiver uses Mailcoin" (complete with links to easy-to-use instructions for the uninitiated). If the message is important, and he sends it once without getting a reply (or with an indication that the message was spam-filtered), he can try sending again with payment. This can significantly increase how aggressive the spam filter can afford to be without missing out on anything.

You speak of spam as if it's a solved problem. I get spam, I get legitimate mail into my spam folder, and I have some of my own messages classified as spam. The problem is real, and I believe this can go a long way towards fixing it.

These are two sides of the same coin, surely? If you have an overly aggressive spam filter that regularly has false positives and you want to use Bitcoins/PoW as a whitelisting signal, it boils down to the same thing as rejecting mail that doesn't provide those PoWs. In practice there will still be FPs that don't provide Bitcoins, so you still have to review the contents of your spam folder, therefore you gain nothing.


To repeat an earlier point, you can already make a spam filter that works well enough for most mail by relying on DKIM to segregate mail streams. DKIM involves signing your outbound mail with a key for which the public part is in DNS. So you can check the domain of the From header cryptographically. All big players authenticate their mail with DKIM. Most mail sent on the internet is DKIM signed these days (note: not the same as most senders).

When Facebook launched Facebook mail, this is the approach they used and it's probably worth reviewing their postmaster site. They have a very simple policy. They offer no guarantees they will try and accept unauthenticated mail. "Unauthenticated mail may be rejected or delivered at a slower rate than authenticated mail."

If you want to mail a Facebook user, and you haven't upgraded to 21st century mail standards, you're out of luck.

   http://postmaster.facebook.com/

This simplifies the implementation of their spam filter considerably.  If you don't care about receiving mail from older/broken mail sources (like open source mailing lists), this is a very workable policy. Spammers can easily sign their mail, but then you can easily calculate a reputation over that mail stream and share it with other people.

What might be more interesting than using PoWs to throttle mail sending is a P2P network for distributing mail reputation data. The big players (Gmail, Yahoo, Hotmail, Facebook) all have their own reputation databases. Systems like SpamHaus are very driven by spamtraps and work at the level of IP addresses.

that was exactly what i see it will happen, but your e-mail will be the same private key that carries the 0.01 btc postage
Bitcoins will get swept by the smtp server and shared with the destination server. Backwards compatible and signed with strong crypto.

My estimate is that the value of one individual spam mail is probably so incredibly low (since the vast majority of them are filtered and a majority of the rest are ignored) that the postage required is nowhere near the value of legitimate e-mails. The profit for spammers come from the huge amounts of mails they can send.

If the postage fee is calculated by the formula "spam profit/number of spam mails sent", then you have essentially made spamming unprofitable. I can't imagine that number is anywhere near an amount of money you actually need to care about, but maybe my estimates are completely of base. I don't really know the GDP or the revenues of the internet spam economy.

Maybe this is a wrong thread, but I would like to have access to a bitcoin-based SMTP server. I am one of those dinosaurs that don't want to use web-based email. I'd pay something like 0.01BTC per email sent, provided there is no minimum amount to deposit. 1 BTC will last me through a year.

Yes, that's what I said, if he compromises the mail account and the coins he can send spam (less than with a payless system), but he can't steal the coins, which are useless for anything except sending mail from this account.

The payment per mail should be less than the value of a legitimate mail, but more than the compute resources required to send mail, and more than the value of a spam mail.

This means that if users keep enough coins in their account to comfortably suffice for day-to-day mail usage, hackers suddenly have a greater incentive to compromise accounts. Or not, depending on the numbers. I guess maybe it can work with direct bitcoin payments after all.

Why? 1 victim is better than 2 victims. Stolen rescources is better than stolen resources + spam.

And if it were my account or computer that was hacked I would prefer if the hacker only got away with a miniscule amount of bitcoins, rather than using my computer/account to spam others.

Except the ability to send spam.

Perhaps rather than a micro transaction make the amount of BTC per email much higher (say 0.1 or even 1.0) and have that amount then be returned to the sender iff the recipient agrees to (could be combined with the current "send receipt").



BTW the Email package for my up and coming open source platform does allow you to use Hashcash (but I really only put that in for fun).

If they get access to the bitcoins and take them, it means the payment system just made things worse.

Maybe this can be more robust if we give up on the idea that anyone should receive the coins. For example, there could be an alt "Mailcoin" which has a built in mechanism to convert bitcoins -> mailcoins, and the mailcoins need to be destroyed to send mails. It should also be possible to tie the mailcoins to a specific sender (decided when the bitcoins are destroyed to generate the mailcoins), so they will have no trade value and the spammer can't gain anything by directly stealing them.

They are paying the alternative cost of the resources they control though. So if the value of keeping bitcoins is higher than paying "anti-spam postage" they will be inclined to keep the bitcoins, regardless of how they aquired them.

Even if they do get access to the bitcoins, why should they mail them to others rather than themself?

Sometimes yeah, your mind is Like a Cray computer Meni


So then if someday we decide to use digital "stamps" it will actually work, great




*Why the recipient ? He gets the information contained in the e-mail already. This has to be addressed.

*The "DNS system" is already in place, is the blockchain. The MUA software would hash the message and output you a bitcoin address. You pay the fee and e-mail gets sent automatically when bitcoin tx is broadcasted. If the e-mail is relayed with 1 confirm or not depends on server you connect to. The market would self regulate.

If TLS is used to communicate with the service provider you know the "stamp" is protected. "Stamp" would be swept by the service provider, MTA, that gets to send the message. The receiving service provider doesn't have to trust the other end, there are only two interested MTA's in the whole process, because they would relay a fix amount of e-mails and wait for the payment or ask a payment in advance for a chunk of them. No coins, no e-mail relay to local user boxes. The remote MTA would even have the ability to check total postage paid with the blockchain.

*The message would be hashed until you get something like this 1CfauqxxHNDVkZTmcsDik1LB9Ka5gmWqRT. You can try buying some "stamps" if you want. Thanks

Oh, I get it. I get jokes

Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages.

* The recipient.
* There will be some sort of DNS system that resolves email addresses to Bitcoin addresses. This will be handled automatically by the mail client.
* The transaction will embed a hash of the message.