Email Fees and Viruses

One objection to email fees is related to email viruses: if every email you send costs a cent, and you get a virus that sends out 20,000 emails you’ve just lost $200. That sucks. Fortunately, that’s straightforward avoidable by limiting the amount of money your computer can access without your authorisation (by way of password, eg). If you limit the amount of money your computer has access to to $5, that’s 500 emails you can send before you have to worry about recharging your account (more presuming you get sent some emails), and if you do get infected by a virus, you only lose $5, which is a nuisance, but not a big deal. Odds are you lose that much in time anyway. And even better, instead of sending out 20,000 emails, you’ve only sent out 500, reducing the problem globally.

There are other protection measures you can use too. If you’re in an organisation, and you don’t want your 1000 staff members all losing $5 at once to a virus, you can setup your mail server to require manual authorisation if anyone tries sending more than a couple of emails every few minutes. That’s possible now, of course, but there’s no reason to do it: it doesn’t stop the organisation from getting infected by the virus, since it already is, and it doesn’t much matter that other people get infected. By moving the cost onto the sender you setup an incentive for people to start using email programs that are resistant to email viruses, and to setup procedures to ensure that even if they are infected, that they don’t cause problems for everyone else.

UPDATE 2004/03/16:

Martin responds to the above post (without permalinking, tsktsk), and makes a couple of points. One is that it opens a new avenue for insecure monetary transactions — in this case from your bank account or credit card company to your mail client’s moneybox. If that avenue is too easily accessible it’ll be exploited by tricksters. I don’t think that’s a major concern because it doesn’t have to be easily accessible: most of the time you’re going to be aiming to come out square in the email fees you send and receive; and given that the amounts per email are so small, you should only be expecting to withdraw a few dollars a month. Having this be a fairly automatic part of your ISP billing cycle (and thus out-of-band as far as trojans and viruses are concerned) is also possible, for example.

Martin also writes:

Another way to produce that backpressure would be to sue or prosecure someone for negligently continuing to transmit viruses. I think it is fairly clearly negligent to send mail; it might even be covered by existing computer crime legislation.

Coming from someone whose Orkut profile lists him as a “libertarian”, this seems odd — resorting to legislation and police intervention is pretty heavy handed; and doing so when solutions that only require agreement between consenting parties haven’t even been tried seems quite anti-libertarian, at least as I understand it.

The obvious problem with legislation is that it’s slow, not very reactive, and by it’s nature is a one-size-fits-all solution. For things like spam, where different people have different classifications of what’s a problem and what’s not, it’ll never be a good solution. If I don’t like real estate agents sending me mails just because I talked to them once a year ago, a legislative approach isn’t going to help me, because it would hurt both the real estate agent, and the people who are interested in getting those emails.

Martin’s final remark is:

So we only need to worry about high-volume senders. Most people won’t need to send more than say 100-200 emails per day, and it would be a good start to cap dial-up/DSL users to that. Perhaps organizations which do need to send in large volumes should pay a bond to some kind of underwriter.

(This comment is in reponse to the claim that email postage is free as long as you send less mail than you recieve; which implies that if the spammers find a way to work around this and keep sending you spam, at least you don’t lose out; otoh if you are losing money, then you’ve also managed to substantially decrease the amount of spam you get. ie, you can’t lose! In theory, anyway. I don’t think Martin’s comment follows from this, because it assumes we already have email postage. Maybe I’m misunderstanding, though)

Anyway. 100-200 emails a day just means you need to infect 10k machines to send a million emails every day. If the owners of those machines don’t really care about that — they’re not losing their money and their computer is still working fine, eg — then that ought to be relatively easy, so it’s questionable whether the problem would actually be solved. Paying a bond to “some kind” of underwriter, meanwhile, makes a system that’s only useful for a few people (and thus doesn’t get many network effect benefits), and opens up similar scope for monetary abuse: either getting funds by claiming to have gotten spammed by one of the bond payers (possibly after trojaning their systems yourself), or simply depriving the target of funds (by convincing the bond holder that the group is a spammer and causing them to not return the bond).

The real benefits of email postage compared to other money-based solutions is that it’s broad-based and fair (no one has to worry about following a different system to anyone else, which is a nice equalising property of the Internet that’s worth retaining, and there aren’t areas for big businesses to position themselves so they can extort money from users); that it is implementable entirely at the endpoints (you just need to upgrade mutt or Outlook, you don’t need to change ISPs), that it’s flexible (you can change the fees you expect depending on who the mail’s from, who it’s to, or what it’s about), and it has very few external costs (you don’t need to reimplement the internet, you don’t need to create a new police taskforce, or put more cases through the courts, or add lots of new restrictions to ISPs — basically it has the property when people don’t follow the rules, you just don’t get their mail, you don’t get hurt and have to seek a remedy).

Leave a Reply