
Daniel J. Bernstein's IM2000 email proposal is not a good idea - todsacerdoti
https://utcc.utoronto.ca/~cks/space/blog/tech/IM2000NotGoodIdea
======
donatj
> the fundamental problem of email [is] random strangers on the Internet are
> still allowed to push to you

I think that’s the fundamental strength of email, and what has given it
staying power. I can email a person in government or an old friend or a
scientist and be reasonably certain they will read it without knowing who I
am.

Email is the only tool where I still regularly have meaningful conversations
with strangers. Several times a week I get emails from strangers asking for
help with something they’re working on and I am almost always happy to oblige
them. I have built a number of meaningful relationships through these chance
encounters with random strangers.

It would be all to easy on other services just to say “I don’t know this
person” and ignore them, as I regularly do on Facebook. With email on the
other hand I always read a message before deleting it.

------
gojomo
IM2000 could've been a reasonable step in shifting costs towards those
generating them, especially in the earlier-environment in which it was
proposed - when bandwidth & storage were more salient bottlenecks.

Sure, there would still be a (smaller) pointer (or metadata) saved by the
recipient. But such pointers/metadata might've allowed identifying certain
originators/remote-stores as sources of unwanted mail, earlier, before
transmission/storage elsewhere.

That, and the need for senders to provide an enduring server for the mail to
be read, could've forced some of the same sender-side stability/reputation
that's since become central to mail-delivery, via other mechanisms (DKIM/etc).

I'm not sure it was ever much more than a rough concept/prototype, not a
complete solution. Its central idea – "reverse the responsibilities" – could
still be part of an improved messaging system, even if it doesn't solve
everything.

------
vinay_ys
Much ado about nothing. Is djb or anyone else really pushing for this today?

Email infra is unnecessarily complex and painful to operate yes, but that
isn't the big problem today. If anyone wants to tackle a big problem in email
space (even infra problems), they have to start with UX and justify their
reasons for redesign from that.

~~~
dmix
Obviously not but I think it’s helpful to explore proposed alternatives,
especially by credible people, as we work towards better solutions.

Just like in academia exploring what didn’t work helps us either not waste
time or maybe even ‘fork’ the idea and attempt to fix the original flaws.

Also the bit about email lacking “revocable authorization to send you things”,
at least in a more decentralized and standardized way, is a good concept that
could potentially be reexplored.

------
mongol
I don't understand the proposal. Why would the spammer even need to store the
email on his own server. It could just be generated on demand.

~~~
xorcist
Spam senders who use their own infrastructure is pretty much solvable using
things like reputation score. Details varies but they generally work good
enough. Hence, most spam piggybacks on other infrastructure.

At the time of IM2000, an eternity in Internet time, most of this was done
using open or poorly secured relays. Reputation score worked well for that too
and that spam vector is closed now. Remaining vectors are hacked
infrastructure and the large cloud and free email providers. Storage cost
could be relevant to escalate the problem for the latter.

------
1vuio0pswjnm7
Funny I actually went back and read the IM2000 page again yesterday when
someone submitted another blog post about DKIM from the same author. I
resisted mentioning it.

When I read it this time I started wondering about how the "notifications"
would work. How would we tell a genuine notification for something we want to
retrieve from one that is just a front for some "attention seeker"?

------
JdeBP
Ahem!

* [http://jdebp.uk./Proposals/IM2000/](http://jdebp.uk./Proposals/IM2000/)

You, the Hacker News participant, are using a pull-style electronic
communication system _right now_.

* [https://news.ycombinator.com/item?id=10405864](https://news.ycombinator.com/item?id=10405864)

------
Mikhail_K
"In addition, in some potential realizations of IM2000, email would become
mutable in practice"

That objection is invalid, as common and widespread DKIM message signature can
be pushed with other headers. Author is likely aware of this, so he inserted a
qualifier "in some potential realizations". Then it follows that this is not
objection to IM2000, but to an easily fixed realization flaw.

This makes the author look like he has an agenda.

------
lordnacho
Has anyone proposed proof of work for email? For instance force everyone who
is sending to find a nonce that will take a few seconds per email? Should work
just fine for you if you're sending mail manually or to a short list, but will
take ages if you're spamming millions of people.

~~~
chx
[https://craphound.com/spamsolutions.txt](https://craphound.com/spamsolutions.txt)

Your post advocates a

( X ) technical ( X ) market-based

approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)

( X ) Mailing lists and other legitimate email uses would be affected

( X ) Requires immediate total cooperation from everybody at once

Specifically, your plan fails to account for

( X ) Lack of centrally controlling authority for email

( X ) Public reluctance to accept weird new forms of money

and the following philosophical objections may also apply:

( X ) Ideas similar to yours are easy to come up with, yet none have ever been
shown practical

( X ) Sending email should be free

Furthermore, this is what I think about you:

( X ) Sorry dude, but I don't think it would work.

~~~
timmaxw
Maybe I'm missing something, but none of these objections seem insurmountable.

> Mailing lists and other legitimate email uses would be affected

The receiving server could require proof-of-work for the first message from a
sender to a given receiver, but not for subsequent messages. If spammers try
to abuse this, it's easy for the user to click "block this sender"; if the
spammer changes their sending address, they have to do a new proof-of-work.

> Requires immediate total cooperation from everybody at once

It could be introduced gradually: if a proof-of-work is provided, then the
message is allowed to skip the spam filter. Small mailserver operators often
have trouble with their messages being caught in spam filters by GMail and
other large webmail providers; even if GMail alone started accepting proof-of-
work, that would probably be enough to convince a lot of senders to start
generating proofs-of-work, which would drive adoption.

> Lack of centrally controlling authority for email

This is no more difficult than any other backwards-compatible extension to an
existing Internet standard.

> Public reluctance to accept weird new forms of money

OP's post didn't mention a weird new form of money. The original HashCash
proof-of-work proposal included a weird new form of money, but it's easy to
imagine a proof-of-work system that doesn't.

> Sending email should be free

Suppose the proof-of-work cost is calibrated such that it costs about $0.001
per email. That would be enough to destroy spammers' margins, but the vast
majority of legitimate users wouldn't mind paying that.

> Ideas similar to yours are easy to come up with, yet none have ever been
> shown practical

I kinda see the point here... But I'd like to understand _why_ it isn't
practical, because none of the arguments make sense to me.

~~~
chx
> The receiving server could require proof-of-work for the first message from
> a sender to a given receiver,

at this point mailing lists are dead

> It could be introduced gradually: if a proof-of-work is provided, then the
> message is allowed to skip the spam filter.

Yes, because that totally will not harm the small senders (often individuals)
whose newsletters can easily reach thousands / tens of thousands.

> Sending email should be free

> Suppose the proof-of-work cost is calibrated such that it costs about $0.001
> per email. That would be enough to destroy

all mailing lists, yes. Look at open source mailing lists.

~~~
timmaxw
Suppose you have a newsletter with 10,000 subscribers. You need to perform a
proof-of-work the first time you send an email to each new subscriber; so,
10,000 proofs-of-work. Each proof-of-work costs $0.001. This adds up to a
grand total of ten dollars.

Or, to put it a different way: $0.001 is very roughly equivalent to a few
minutes of CPU time. So if you have a single-core server dedicated to running
your mailing list, you can onboard several hundred new subscribers every day.

Remember, the sender only needs to pay the proof-of-work when someone first
joins the mailing list and receives the initial message. So, I don't see how
this will kill mailing lists at all.

------
vore
I think fundamentally it seems very difficult to even send a message to
someone. If you have an IM2000 server and you would like to send a message to
someone on another IM2000 server: how? They would have to subscribe to your
IM2000 server, but how would they know that unless you told them via... what?
Not via IM2000, certainly, because that's what you're trying to figure out in
the first place!

~~~
avmich
> how would they know that unless you told them via... what?

Metadata? It seems for some assumptions one cannot avoid a notion of sending
at least metadata?

From the proposal: "All the receiver needs is a brief notification that a
message is available."

~~~
Animats
Right. If someone did email today, you'd get a push notification with a URL to
read.

~~~
smabie
Well thank God it wasn't. I love email, one of the few bastions of the old
internet.

------
snvzz
On email alternatives, there's the DIME[0] effort.

[0]: [https://darkmail.info/](https://darkmail.info/)

------
mkovach
I am not sure of the benefit of writing a critic on an ignored proposal from
the late 1990s. DJB didn't modify anything going since the initial proposal
had been updated little.

If course it has flaws, it was never a fully developed idea.

------
alex_young
I love how long people have been trying to fix ‘broken’ email.

------
beefhash
Here's the fix to e-mail: Centralization.

You can't curb abuse in a federated model. This is an issue that's been
plaguing the fediverse as well. IRC networks, though not federated, have had
to each individually ban spammers and other problematic users.

Google (GMail), Yahoo, Microsoft (Live/Hotmail), Yandex, QQ Mail. That ought
to be enough for everyone. EDIT: and mail.ru

~~~
threentaway
I don't think so. We could win so much of the spam fight by just making signed
messages mandatory. Would there still be some spam? Sure. But it's better than
handing over all email to a few select companies.

~~~
luckylion
A lot of the spam these days is being sent via hacked computers. You'd get
signed emails from individuals, only those individuals wouldn't know they are
sending them.

It's the same problem with DDOS. Some providers tried to mail out letters
"hey, your computer is involved in malicious things, please get it fixed", but
that just lead to a lot more support requests that the ISPs can't handle. So
we just accept that botnets are a thing.

~~~
upofadown
It is unlikely you would know the people that had the hacked computers. So
that case would be the same as no signature at all. Otherwise the spammers
could just make up their own valid signatures.

