logoalt Hacker News

SXXtoday at 12:50 AM2 repliesview on HN

What always bugged me about whole email its that we still dont have two best and most reasonable practice to fight about abuse:

1 - Ability to pay once to provider give your domain Good reputation score to new or old domain and IP and whatever. Like pay once, be a good citizen.

2 - Or just use Hashcash or any other PoW.

This would really solve a problem with 99.9% of spam and allow actually more decentrolized email system.

Fact that no matter what you do its impossible to setup own emaik server to just send few emails a year with 100% guaranteed delivery is just beyond me.


Replies

edelbittertoday at 1:28 AM

In a way, the "let the money decide who is a good citizen" already works. Just not in our favor: Most of the spam I receive is not from some rando using an IP I know nothing about. Its from providers that keep making good money with their current anti-abuse.. strategy. As much as I would like, I cannot refuse all mail from certain providers, because some of their customers are "important" and non-abusive. But I get the good and the bad all laundered together¹.

¹) Some do allow recipients to distinguish, e.g. Sendgrid add an X-Entity-ID header which is a stable 1:1 or <small-number>:1 map between short ascii identifiers and customers. So if you store that mapping, you can reject the usual "From: <[email protected]> but not sent using the account associated with bigcorp.example". (The way they easily could, if they cared.)

bawolfftoday at 1:52 AM

> Or just use Hashcash or any other PoW.

People love the idea of this, but i don't think it really makes sense.

How high do you set the PoW to? I dont think there is any middle ground that would actually deter attacks but not deter legit users.