Martin Pool's blog

Mail me RSS Bazaar distcc Canonical is hiring! flickr

email fees and viruses

aj discusses the problems of pay-per-email transmission:

One objection to email fees is related to email viruses: if every email you send costs a cent, and you get a virus that sends out 20,000 emails you've just lost $200. That sucks. Fortunately, that's straightforward avoidable by limiting the amount of money your computer can access without your authorisation (by way of password, eg). If you limit the amount of money your computer has access to to $5, that's 500 emails you can send before you have to worry about recharging your account (more presuming you get sent some emails), and if you do get infected by a virus, you only lose $5, which is a nuisance, but not a big deal. Odds are you lose that much in time anyway. And even better, instead of sending out 20,000 emails, you've only sent out 500, reducing the problem globally.

I don't think this is a very good fix. Suppose that this plan was adopted and we had paid-for stamps on email. Suppose as well that, as at present, a lot of spam is sent through compromised end-user machines.

Presumably there would be some way for your email client to prompt you to buy some more stamps when you run low. Perhaps Outlook pops up a little dialog prompting for your credit card. There is already a large increased risk that people will become accustomed to typing in their credit card when their MUA asks, and some users will store their credit card number in the MUA's memory.

An analog for this already exists in trojan dialler programs, where a compromised machine calls a premium-rate 1-900 or 0055 number to generate a large phonebill, some fraction of which gets back to the scammer. It seems like the law or policy here is that because the user's system really did dial the number, the user is liable for the call. Presumably the same would happen for spam.

In particular, it would be easy for a trojaned machine to ask the user to buy more stamps, but to actually buy $500 rather than $5, and to use the rest for sending spam.

We are no longer in the c1998 situation of lazy ISPs hosting spammers. Instead, most spam (cite?) is sent from compromised machines. An adequate defence these days needs to cope with a horde of compromised zombies. I don't think payment systems do that.

Organized crime is attracted by the combination of money and weak systems. Adding more money to the email system will probably make the problem worse.

On the one hand, the risk on losing $500 might make people more likely to worry about computer security. On the other hand, it is a powerful disincentive to even think about installing an email client that can make payments.

If you're in an organisation, and you don't want your 1000 staff members all losing $5 at once to a virus, you can setup your mail server to require manual authorisation if anyone tries sending more than a couple of emails every few minutes. That's possible now, of course, but there's no reason to do it: it doesn't stop the organisation from getting infected by the virus, since it already is, and it doesn't much matter that other people get infected.

Another way to produce that backpressure would be to sue or prosecure someone for negligently continuing to transmit viruses. I think it is fairly clearly negligent to send mail; it might even be covered by existing computer crime legislation.

Maybe a good way of looking at this is thus: email postage is free to you as long as the number of emails you send is less than the number of spams you receive.

So we only need to worry about high-volume senders. Most people won't need to send more than say 100-200 emails per day, and it would be a good start to cap dial-up/DSL users to that. Perhaps organizations which do need to send in large volumes should pay a bond to some kind of underwriter.

posted Tue 16 Mar 2004 in /issues/spam | link

Copyright (C) 1999-2007 Martin Pool.