Email Should Sometimes Cost Money
Over the years there have been a number of attempts to make spam more expensive to send, and there have been some proposals to make sending email cost money. (One example is hashcash, which later became (in)famous as the mining algorithm used for Bitcoin.)
One of the first chain letters I fell for claimed that Canada Post was going to start charging postage for emails sent to and from Canada.
All of these proposals have been abhorrent to me, because I am a cheapskate and/or poor, and email is my primary form of communication. In some ways I hate email, but in many ways I like it. In principle (although no longer in practice) email is NOT a walled garden. It is an open standard, and there are multiple providers to choose from.
But email comes with spam, and spam is awful. Spam is a primary vector for malware, and malware is bad news. Almost everything that is awful about email has to do with spam. Sometimes I cannot get legitimate mail through because it is marked as spam; sometimes I do not even get a bounceback message. Setting up email servers these days requires you to set up DKIM and DMARC and graylisting and who knows what else.
Almost all of the proposals to charge for email have to do with stopping spam. I agree that spam should be stopped. Spam filters are okay, but they solve the problem from the wrong end, and they involve surveillance.
Maybe it is time to charge for some emails.
The Proposal and its Consequences
If I trust somebody and that person sends me a legitimate email, then that email transmission should cost neither of us any money.
If I try to email a stranger who does not trust me, then that should cost me some money.
If a spammer takes over my account and sends email to my trusted senders that is spam, then in an ideal world the spammer should have to spend some money. In practice, I do not know what to do. This may be the Achilles heel of this proposal. The incentive to break into other people's email accounts and send mass emails will become high. Maybe marking a message as spam means that person goes from trusted to untrusted. Then that person has to prove their trust before they can send mail cheaply again.
Mailing lists are the other problem that immediately comes up. People subscribe to mailing lists consensually, and then they are unhappy that they receive email messages. Then they mark those mailing list messages as spam.
Clearly mailing lists should not be exempt from these rules, or spammers will just send their spam via mailing lists. But if we could get email clients to deal with this (ha ha) then the problem could be reduced. Say I receive an email message from a mailing list that I do not like. When I mark that message as spam, then the email client could ask if I really want to unsubscribe from the list, or whether the content of this message is actually spam. Even that is not going to work -- there can be perfectly legitimate content that people just do not like for any reason, and they deal with that content by marking it as spam.
As a person who runs mailing lists I do not want mailing lists to be expensive to run, but maybe this is unavoidable? Certainly I do not want anybody subscribed to my mailing lists who does not want to receive the emails in question. Certainly some topics will be boring for some subscribers, and those subscribers should be able to ignore those threads without unsubscribing to the entire list or making the list expensive to operate. Certainly unsubscribing from a list ought to be trivial. I do not know whether this is sufficient, though.
I guess another problem with this is businesses. Businesses want strangers to email them. In that case maybe they can set the charge for sending them email to zero, or maybe they can have "toll-free" email addresses where they absorb the charge for getting emails. This opens those business emails to abuse, but maybe this will be the cost of doing business.
Should people be allowed to set a price for strangers contacting them? Sure. Then people who never want others contacting them can charge a huge price.
Is this unfair to international senders where currency is weak? Yes. In fact it is unfair to all poor people. The rich can send poor people emails with impunity, but poor people cannot do the same to the rich.
Is this unfair to Luddites like me who do not use money on the Internet? Yes. The best I can think of is that I could buy a $5 card at the grocery store that would give me some credits to use for sending email, the same way I get a long distance card to make phone calls.
Maybe the worst consequence of this is that while it will reduce spams blasted to hundreds of recipients, it makes targeted spam much more attractive. There will be lots more spear phishing.
If recepients can configure prices for email sent to them, then there will be lots of attempts to make people set prices low for scammers, just as viruses provide instructions for disabling macro protections in Microsoft products now.
Taxes will come into play here, but I think that is solved by declaring the amount of money you make from your email account as taxable income.
If people have balances of money associated with their email accounts, then those accounts become juicier targets for criminals. There will be a brisk business in breaking into accounts and then getting those accounts to email very expensive email addresses run by scammers, so the scammers get all the money.
Implementation
I think proof of work is a bad idea. We can see how awful Bitcoin has been for the environment.
I think you could use something like Paypal for this. I do not think there needs to be a central authority. There could be many providers, which will make it more expensive to send mail to strangers, but would give recipients some choice. (Of course, the market would immediately consolidate so there are only 2-4 big players.)
Here's what I see happening:
- Mail accounts have prices associated with them. An untrusted person sending email to that account needs to meet the price. Maybe the price is a few pennies. Maybe it is a Bitcoin. The account holder might configure this. There might be different prices for different levels of trust.
- There are payment processors who deal with the payments.
- If I want to send an email to someone I can try sending it for free. Then the receiving email server can bounce a message back saying that it will cost me some money (say three dollars, because the recipient really does not want email from strangers) to send the message.
- Then I have to authorize my email client to approve the transaction. My email client withdraws money from my Paypal account and sends it to a payment processor. The payment processor sends a signature confirming that it has approved the transaction. This is some encrypted thing that is unique for every transaction.
- My client then resends the email with the appropriate header. The receiving email server checks that it trusts the payment processor. It then takes money out of the payment processor, awards it to the recipient (minus the cut that goes to the payment processor) and delivers the message.
- If the receiving email server does not trust the payment processor, or the server cannot verify the transaction, or the transaction is not high enough, it rejects the message without taking the money. (This requires trusting the receiving email server, but I think that is okay. You just won't send dishonest receiving mail servers mail that often.)
- If I already know the message will cost a certain amount of money I can just transfer the money without sending a message first (but then how do I know what the recipient is charging?)
There are elements of this design that I do not like, but I think it is achievable pretty easily. This is essentially how third party spam processors work now.
I also like that this could be an opt-in system, which means that it can be adopted without needing to revamp email and replace it with something else. Because it offers recipients the opportunity to make money, I think adoption will be quick in a way that other security measures have not been.
Concluding Thoughts
Clearly this is another crackpot idea that will not solve the problem. The insight that I feel is valuable is that sending mail to strangers is a legitimate thing to do, but that this is qualitatively different from sending mail to people you trust. If the stranger in question trusts your email then subsequent messages will be cheap or free.