No subject


Mon Nov 10 20:33:39 PST 2008 

a system before trying to build it. ( But then maybe I've had too many
professors and managers preaching to me about SDLC. )

In the reading I've done on hashcash, it seems there is valid debate about
whether or not e-mail should ever be "allowed" to be anonymous.

It seems there's usually valid debate on this list about whether or not
e-mail should include per piece metering (to include micropayments).

If one were to assume that a recipient should be able to determine their
own requirements with respect to veracity of sender identity and "cost"
related to bypassing SPAM filters, would such a system even be possible?
Would it make sense to allow users the freedom to make such choices?
Or are we debating with preconcieved notions that ISP's need to make
global decisions about these two parameters before any new technology
can succeed?

Every closed system I've seen makes some global decision about how
to verify senders, and the cost related to messages.   Are we debating
the answers to globally unanswerable questions?  Personally, I see
those answers as a configuration requirement for individual recipient
profiles in the FUSSP.  Recipients have to be able to answer those questions
for themselves and accept the risk and reward of their choices.

There are lots of people who already use personal filters that try to strike
a balance.  For example, Scott Adams requires "Dilbert" to be in the subject
line
of incoming mail.  His sender identity test isn't the same as what Goodmail
uses,
his only requires senders to know his "public key".    His "public key"
isn't
used as an encryption key, and it isn't distributed the same way as PGP
keys,
but it is effective *enough* for his purposes.

I whole heartedly agree that any FUSSP that uses micropayments will
have a huge sender identity and verification issue, but isn't that external
to how notice of a micropayment is transferred in a mail exchange?  Maybe
for a lot of users, sender identity at the level of "Dilbert" is good
enough.
Who should choose, the recipient or his ISP?

Gerald

------=_Part_33883_7829405.1227755762038
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br>
<div class="gmail_quote">On Tue, Nov 25, 2008 at 9:45 AM, J.D. Falk <span dir="ltr">&lt;<a href="mailto:jdfalk at returnpath.net">jdfalk at returnpath.net</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class="Ih2E3d">On 24/11/2008 17:24, &quot;Gerald Klaas&quot; &lt;<a href="mailto:gklaas at sacto.com">gklaas at sacto.com</a>&gt; wrote:<br><br>&gt; Goodmail has already shown that tokens can work, and that the<br>&gt; economics can work. &nbsp;I think the question becomes, is the Goodmail<br>
&gt; profit margin big enough that large ISP&#39;s would be interested in transitioning<br>&gt; to an open, non-proprietary system where they can sell tokens to large<br>&gt; BBM senders directly (and keep Goodmail&#39;s cut of the action) ?<br>
<br></div>Doesn&#39;t look like it, so far. &nbsp;I suppose that could change in the future,<br>but right now ISPs are still forced to more in anti-spam technology than in<br>pro-marketing technology.<br><br>But in any case, remember that a standardized token-clearing system won&#39;t be<br>
the end of the story -- or even the beginning. &nbsp;As Daniel Dreymann pointed<br>out, &quot;It was a challenge to build a scalable clearinghouse...but the<br>processes supporting the accreditation of senders, reputation monitoring,<br>
security, feedback loops, reporting, UI, etc. have proven to be at least as<br>complex.&quot;<br>
<div>
<div></div>
<div class="Wj3C7c"><br>&nbsp;</div></div></blockquote>
<div>I completely agree.&nbsp; That&#39;s one of the main reasons I think the discussion</div>
<div>needs to be split between how a transaction occurs, whether through tokens or </div>
<div>ESMTP extension, or some&nbsp;new TBD&nbsp;MTA technology and then</div>
<div>what happens within the transaction whether it&#39;s&nbsp;micropayment, sender</div>
<div>authentication, hashcash, value transfer, etc.</div>
<div>&nbsp;</div>
<div>From my view, there&#39;s great benefit in understanding the requirements of</div>
<div>a system before trying to build it.&nbsp;(&nbsp;But then maybe I&#39;ve had too many</div>
<div>professors&nbsp;and managers preaching&nbsp;to me about SDLC.&nbsp;)&nbsp; </div>
<div>&nbsp;</div>
<div>In the reading I&#39;ve done on hashcash, it seems there is valid debate about</div>
<div>whether or not e-mail should ever&nbsp;be &quot;allowed&quot; to be anonymous.</div>
<div>&nbsp;</div>
<div>It seems there&#39;s usually&nbsp;valid debate on this list about whether or not</div>
<div>e-mail should include per piece metering (to include micropayments).</div>
<div>&nbsp;</div>
<div>If one were to assume that a recipient should be able to determine their</div>
<div>own requirements with respect to veracity of sender identity and &quot;cost&quot; </div>
<div>related to bypassing SPAM filters, would&nbsp;such a system even be possible?&nbsp;</div>
<div>Would it&nbsp;make sense to allow users the&nbsp;freedom to make such choices?&nbsp;&nbsp;</div>
<div>Or are we debating with preconcieved notions that&nbsp;ISP&#39;s need to make </div>
<div>global decisions about these two parameters before any new technology</div>
<div>can succeed?&nbsp;&nbsp; </div>
<div>&nbsp;</div>
<div>Every closed system I&#39;ve seen makes some global decision about how</div>
<div>to verify senders, and the cost related to messages.&nbsp;&nbsp; Are we debating</div>
<div>the answers to globally&nbsp;unanswerable questions?&nbsp; Personally, I see </div>
<div>those answers as a configuration requirement for individual recipient</div>
<div>profiles in the FUSSP.&nbsp; Recipients have to be able to answer those questions</div>
<div>for themselves and accept the risk and reward of their choices.</div>
<div>&nbsp;</div>
<div>There are lots of people who already use personal filters that try to strike</div>
<div>a balance.&nbsp; For example, Scott Adams requires &quot;Dilbert&quot; to be in the subject line</div>
<div>of incoming mail.&nbsp;&nbsp;His sender identity test isn&#39;t the same as what Goodmail uses,</div>
<div>his only requires&nbsp;senders to&nbsp;know his &quot;public key&quot;.&nbsp;&nbsp;&nbsp; His &quot;public key&quot; isn&#39;t</div>
<div>used as an encryption key, and it isn&#39;t distributed the same way as PGP keys, </div>
<div>but it is effective <strong>enough</strong> for his purposes.&nbsp; </div>
<div>&nbsp;</div>
<div>I whole heartedly agree that any FUSSP that uses micropayments will </div>
<div>have a huge sender identity and verification issue, but isn&#39;t that external</div>
<div>to how notice of a micropayment is transferred in a mail exchange?&nbsp; Maybe</div>
<div>for a lot of users, sender identity at the level of &quot;Dilbert&quot; is good enough.</div>
<div>Who should choose, the recipient or his ISP?</div>
<div>&nbsp;</div>
<div>Gerald</div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>&nbsp;</div></div>

------=_Part_33883_7829405.1227755762038--

More information about the Asrg mailing list