One Cent Mail Server

Joel on Software - November 14, 2002. Joel writes:

Here's what I'd like to see: a system that delivers an email for one cent. Nobody has to use it, but if you want to get your messages through, you pay one cent and the system delivers it for you. Every spam filtering system on earth can safely whitelist all email that comes from the one cent server, because no spammer can afford the penny times the 19 million messages they send.

Unfortunately, I don't think this would work. For one, I personally would not care to pay 1 cent for each e-mail I sent. Most of the e-mail I write isn't worth it.

Second, while it is true that spammers charge very little for all the messages they send out, that's largely due to the high failure rate combined with low response. But, if they could advertise that they had a way to "bypass all the spam filtering systems on earth," I'd say they could probably get away with charging a penny per e-mail for that. Just look at the money spent on junk mail postage. That postage is far more than a penny (not to mention the cost of printing) for sending junk mail (paper spam) that is just as annoying.

What will solve the spam problem? Trust. This means the elimination of the "anonymous" e-mail. I realize that today's average Internet user doesn't know much about digital certificates, but it's time to educate and lower the barriers to signed, authenticated e-mail.

If you sign your e-mail with digital certificate, that is something that I can use to identify and confirm that the e-mail came from you. I can instruct my mail software to trust any messages received from trusted sources. That's going beyond a simple, "accept e-mail those in my contact list" -- while that is a step in the right direction, the fact is that anyone can claim to be "me" by using my e-mail address as theirs. Spammers do this too, as well as viruses. I regularly get bounced e-mails with Klez virus attachments where it is addressed from ME to someone else I've never heard of. This happens because someone out there has my e- mail address in their address book and got infected with the Klez virus. Klez then uses that address book and impersonates those people when it propagates itself. I don't think it would be possible to script signed e-mails -- some kind of user action is required on the part of the sender, even a password if you need that level of security.

Won't spammers just start signing their spam too? I doubt it. In the majority of the spam I get, the spammer goes to great lengths to conceal their identity. They're simply trying to advertise a site or some product. If you have an e-mail signed with a digital certificate that is issued from a credible Certificate Authority, it becomes very easy to identify the source of the spam. And e- mails signed using a certificate that isn't issued by recognized Certificate Authority can be filtered out automatically.

So how do you get a digital certificate? Well, you can hop over to, where they hand them out free for personal use. I alternate between using that and signing using PGP. Both can be checked for validity. Once you can trust someone based on their digital certificate, it's easy enough to separate the wheat from the chaff.

Does this mean that every legitimate e-mailer out there needs to get their own digital certificate and use it for all their e-mails? Well, no. For me, it means that every person I care to exchange e- mail with should use digital certificates. That's a lengthy list, but I'm going to do my part to educate them on the virtues of digitally signed e-mail. If you tell your friends and they tell theirs, the word will get out.


TrackBack URL for this entry:

Listed below are links to weblogs that reference One Cent Mail Server:

» Fighting SPAM from Mostly Rajas
I keep running into this ongoing net discussion about fighting spam, and I thought this post by Timothy Appnel was [Read More]


lashlar said:

Hmmm. I'm not sure if a 1 cent system would work either.

I do think that signing email would be a good idea, although there's just one bugger problem. Last I checked, I couldn't get PGP outside of America, Western Europe, Australia, or New Zealand... And the digital certificate bodies around here charge a fair bit of change for a certificate. We'd need to iron out that first...

Donna said:

Wow, Joel on Software is fascinating; thanks for the pointer!

crodak said:

Although I agree with the idea of all email being signed, I don't think that signing with a free Thawte certificate accomplishes anything. Thawte doesn't verify identities when handing out those free certificates. Instead of that, I'd point out that many states now make digital certificates available to their residents. Identities *are* verified before the state hands out one of these certificates. My Arizona State digital certificate cost about $15 and was easier to obtain than a driver's license.


This article was published on November 18, 2002 1:24 PM.

The article previously posted was The SmartyPants Plugin.

The next article is So, I bought a laptop.

Many more can be found on the home page or by looking through the archives.

Powered by Movable Type