Re: Worsening google service reputation and abuse

[Matthew Petach via NANOG <nanog () lists nanog org>]

On Sat, Aug 16, 2025 at 4:10 PM John R. Levine via NANOG <
nanog () lists nanog org> wrote:

> On Sat, 16 Aug 2025, bzs () theworld com wrote:
> > "Electronic postage stamps" are one possible approach and might become
> > the general term for whatever resource management is adopted.
> >
> > But as a phrase it's too limiting and evokes certain counter-arguments
> > as people stand up straw men and knock them down just based on those
> > three words.
>
> It's a great idea if you wave away all of the practical questions like
> who's going to issue the postage, who's going to collect it, who's going
> to pay for the infrastructure to do the checking, and who's going to
> settle the claims when a crook breaks into your ISP and sends $10,000
> worth of spam using your stamps.
>
> My preferred solution is a mandatory button in each e-mail message that
> administers a small electric shock to the sender.  Each individual shock
> would be no big deal but when thousands of people hit the button the
> cumulative effect would be painful or for big time spammers, fatal.  It's
> sort of like the old Bonded Sender idea but with electricity.  I have no
> idea how to implement that either, but people who claim it can't work
> are just opposed to creative, innovative ideas.



"Electronic Postage Stamps" conjures up visions of a centralized Post
Office type entity
that issues postage.

I think we should take a cue from cryptocurrencies, and have a "proof of
stake" type of
challenge for email messages sent out.  The recipient machine doesn't
accept a message
until the sender has demonstrated they have put some skin in the game as
well.
I avoid the term "proof of work", because I'd like it to be broader than
simply "please
jump through these mathematical calculations for me" -- imagine a
combination of
either proof you've accepted a certain number of email messages from me (a
tit-for-tat
type of proof of skin in the game, where the sender can pass along a
cryptographic hash
of message-IDs that it accepted for its users from the domain to which it
is now trying to
send a message), or a recaptcha type "do some work for the good of the
internet first,
and then I'll accept your message" computational challenge.

The idea would be to have a distributed challenge, one in which each
connection between
servers brings with it a "prove to me you bring value to the email
ecosystem" from the receiver
to the sender.  For "white hat" types of sites, it should be easy to show
that they accept mail
for their users from the domain to which they are now sending a message.
For sites which have
not yet received any mail, the challenge might be to classify the contents
of three images sent
back from the receiving server to the sender.  Or even just hold the
connection open for three
minutes, and make the sender wait on the connection for three minutes
before the message
will be accepted.  Once a site has started to receive inbound mail, it can
use the faster "here's
a hash of message-IDs I've accepted from you in the past X time interval,
please accept this
new message from me", so the 3 minute cooldown would only be used for
suspicious sites
that haven't received email previously.

This is completely off-the-cuff, and clearly needs much smarter people than
me to turn it into
something more workable; but the idea is to have a distributed "proof of
stake" model, where
senders have either shown that they are also participants in the global
back-and-forth flow of
email messages, and have a reason to work towards the improvement of the
overall system,
or that they are willing to hold a connection open for a long period of
time to get their message
accepted, because it really is that meaningful for their user.  That way,
the determination doesn't
require any centralized "Post Office" type entity that everyone trusts, and
it could be rolled out
on an incremental basis.  A receiving site can request proof-of-stake
validation from the sender;
if it has no idea what that is, the receiver can treat it as an unknown
site, and put it in the three
minute penalty box.  Senders would have an incentive then to update their
software to be able
to answer the request for proof-of-stake with a valid answer, to reduce the
wait times on their
outbound message queues.  For spammers, who don't accept mail, and have no
good way to
answer a proof-of-stake request, it puts a throttle on how many messages
they can send out
at a time, drastically reducing (but not eliminating) the spam volume they
can send out.

In short; I think John's right, but I also don't think Barry's entirely
wrong either.   ^_^;

Thanks!

Matt
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/CJNX4C23FO4QV6FKOIQFLU3BLGWC5MQN/