> From: David Morris [mailto:dwm@xxxxxxxxx] > It is pure naviety to assert that increasing the cost of > sending spam will not reduce the amount sent. The operative > word is REDUCE. Also note that my choice of words was 'cost'. > There are many ways to associate cost with sending spam. Actually it won't reduce the amount sent for a different reason, the criminals will use stolen card numbers to pay for their spam. This is now a major problem for DNS registrars and ISPs. I don't disagree that making spammers pay will reduce spam. Where we disagree is that I don't think that it is necessary to charge legitimate email senders in order to penalize illegitimate ones. As Bill Gates proposed a few years ago, bonding type schemes are much easier to deploy than payment schemes, much cheaper to run and only cost money for the abuser. Regardless of what payment mechanism you propose you have to start with an authentication scheme to bind the payment to the message. So DKIM is actually a starting point there. Alternatively you could use a trustworthy hardware device that implements my patent-pending velocity indicator mechanism. Or you could link the DKIM signature to a digital certificate that demonstrated that the holder can be held accountable (e.g. VeriSign Class 3 or an Extended Validation certificate). This could then provide information on where to find reputation services reporting on the sender. A company can ignore a $100,000 fine as simply the cost of doing business. Having their email rejected by other companies is a much more critical penalty for them. Micropayments are fun but having tried to deploy them in the past I don't think it is practical to do this to stop spam. It is possible to have the same effect on the bad guys without any effect on the legitimate sender and without creating a whole different set of cost issues. The solution to spam is accountability: authentication, accreditation and consequences. DKIM is the authentication component. We will come to the other components later, not necessarily in this forum. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf