1933 Anti-Spam Doorbell
Here's a great description of an anti-spam doorbell from 1933. A visitor had to deposit a dime into a slot to make the doorbell ring. If the homeowner appreciated the visit, he would return the dime. Otherwise, the dime became the cost of disturbing the homeowner.
This kind of system has been proposed for e-mail as well: the sender has to pay the receiver -- or someone else in the system -- a nominal amount for each e-mail sent. This money is returned if the e-mail is wanted, and forfeited if it is spam. The result would be to raise the cost of sending spam to the point where it is uneconomical.
I think it's worth comparing the two systems -- the doorbell system and the e-mail system -- to demonstrate why it won't work for spam.
The doorbell system fails for three reasons: the percentage of annoying visitors is small enough to make the system largely unnecessary, visitors don't generally have dimes on them (presumably fixable if the system becomes ubiquitous), and it's too easy to successfully bypass the system by knocking (not true for an apartment building).
The anti-spam system doesn't suffer from the first two problems: spam is an enormous percentage of total e-mail, and an automated accounting system makes the financial mechanics easy. But the anti-spam system is too easy to bypass, and it's too easy to hack. And once you set up a financial system, you're simply inviting hacks.
The anti-spam system fails because spammers don't have to send e-mail directly -- they can take over innocent computers and send it from them. So it's the people whose computers have been hacked into, victims in their own right, who will end up paying for spam. This risk can be limited by letting people put an upper limit on the money in their accounts, but it is still serious.
And criminals can exploit the system in the other direction, too. They could hack into innocent computers and have them send "spam" to their email addresses, collecting money in the process.
Trying to impose some sort of economic penalty on unwanted e-mail is a good idea, but it won't work unless the endpoints are trusted. And we're nowhere near that trust today.
Posted on May 10, 2007 at 5:57 AM • 56 Comments