> Email is open, and incredibly valuable because it is open. A model like this threatens to close it
Phones were also open. Now no one answers calls from strangers because of the proliferation of spam calls.
This is a natural solution to spam and nothing to be enraged about. It is ridiculous but not for you to dictate how other people manage how you contact them.
"The requirement also doesn't yet apply to small phone companies because carriers with 100,000 or fewer customers were given until June 30, 2023 to comply. The FCC is seeking comment on a plan to make that deadline June 30, 2022 instead because "evidence demonstrates that a subset of small voice service providers appear to be originating a high number of calls relative to their subscriber base and are also generating a high and increasing share of illegal robocalls compared to larger providers."
> In this example, Jeff is sending an email to Sarah. He’s not on her contact list, so he gets a bounce. He then chooses to send her a paid message, which he can easily do through her Earn.com profile. If she replies within a week, she gets paid and Jeff gets his reply.
It does not work because it is trivial to fake the source number.
A popular form of spam pretends to call from a phone number very similar to yours (they use the same leading 6 digits) to make it look like a neighbor is calling.
Hopefully the STIR/SHAKEN implementation will widen and this will be put to bed.
No.
It is not a block list. It only applies to US based organizations who decide to honor it. It does nothing to prevent international callers from using (or forging) a US based number to very urgently talk to you about your lapsed car warranty or your Microsoft Windows error.
No, because most of the spam calls in US are actually criminal fraud, eg: extended warranty. Australia carved out enough exemptions for their DNC registry to make it less useful. Political parties can spam you via phone whenever they like.
The UK also has a series of anti-spam and anti-solicitation measures (see this by ofcom, our communications regulator: https://www.ofcom.org.uk/phones-telecoms-and-internet/advice...). They are very effective, many people are educated on reporting so even out of jurisdiction offenders (e.g windows has an issue, or the more recent parcel fee texts) are shut down pretty quickly. We are currently passing (or have passed) some measures to make the service provider liable for out of jurisdiction calls and texts.
The major issue we are not addressing is ‘legal scams’. Charities harassing old people, tradesmen faking issues to the uneducated - that kind of thing.
Spoofing your caller ID phone number is very easy. I can make my phone appear to be from the White House and call you. There’s no way to block that. I guess it’s a limitation of the SS7 protocol for now.
Slightly different issue. In my experience, the problem tends to be from robodialers operating on behalf of scammers or fly-by-night marketing agencies. As the US phone system is currently operated, it's trivial for these kinds of actors to spoof originating phone numbers and hit every valid US phone number in sequence.
I haven't gotten a spam call in years that wasn't from a spoofed number.
Pick it up, and it's "We've been trying to reach you about your car's extended warranty"
Miss it and call back later, because it's a local area code? You get some very confused, usually elderly, person who wants to know why you called them.
Earn.com was making people go through them in order to contact whoever used its service. It completely killed the open nature of email where if you had someone's email you could be sure the message directly reaches him. It was then his choice if he chose to read your mail or not.
I'm not sure exactly how earn.com worked, but when I implemented this for my own email, all such emails would go to a "quarantine" folder until the sender responded to the autogenerated email.
So yes, the sender's email did get to me. Thankfully, I would be blissfully unaware of it until the sender confirms they're human. The sender needs to do it only once. There's a great chance that if the sender is not willing to go through that hoop, that they are not someone whose email I want to read.
This isn't "killing" the open nature of email. As designed, the email was delivered to me. I just added a workflow to it.
How did you go about doing this? I would live to require verification for email. I assume you had to have a way to manually dip into the quarantine and white list senders or you'd miss Known Good robots (like banks with bad MFA implementations).
Fairly simple. I have a folder called "jail" and all emails go there unless in the whitelist.
jail is just another folder. I can manually go in and whitelist with a keystroke. Or if they go through the hoops, the system automatically whitelists them and moves the mail to the inbox.
OK, in reality my mail is tag based, so I use tags instead of folders. Minor difference.
And no, I do not whitelist banks and MFA emails. As I said, it's still a folder. I can go in and read the MFA email without needing to whitelist them.
> if you had someone's email you could be sure the message directly reaches him
You don’t get it. I don’t want your message to directly reach me. I want you to kindly f-off and don’t waste my time with endless offers of shit that I don’t need. You think your message is worth it? Pay me for my time to look at it then. I think it is a great idea. I wish someone did it for phones as well. “p2t2p won’t answer your call as you’re not in the list of approved callers. Press hash sign to make a paid call for a small fee of 1 AUD a minute if you really think your phone call is worth it."
We once built a service like that as a joke on a Twilio hackathon. I've solved my robocall problem by enabling Do Not Disturb mode. Only people that call twice with the same phone number within one hour go through. My friends know and if someone else calls and it's urgent they will retry. But it nicely keeps all those robots away, because they usually randomize numbers.
> Phones were also open. Now no one answers calls from strangers because of the proliferation of spam calls.
I used to get at least a couple of spam calls each year, but I don’t think I’ve gotten any this past year. I have no filtering or app. Of course, I don’t live in the USA.
This article is completely hyperbolic, and seems to intentionally misunderstand what the goal of a service like Earn is (was?), based solely on a single one of their users having forgotten to add a newsletter to their allowlist.
For me, email _needs_ to be an allowlist by default. At this point, pretty much _all_ communication channels, be it calls, sms, or physical mail, need to be allowlist by default. There are too many people out there willing to do shitty scattershot marketing or exploit phishing for me to want to open my inbox to the world.
Earn, it seems, did it, and I wish they'd kept doing it long enough for me to hear about it. The fact that they then extended the allowlist into an "allowlist-or-pay-for-my-attention" is a neat feature that I probably would have enabled without much expectation of any real results. The real feature for me is the allowlist-by-default.
So yeah, this author is a dingus, Earn may well have _saved_ email if they'd succeeded, and I hope someone else tries.
I've thought about doing this very thing! But given all the other interesting projects I have/want to work in domains I'm actually familiar with, this is one that I'll leave to an expert.
If he bumps people off his mailing list whenever he's getting this email, isn't it working as intended? The recipient didn't whitelist you, which means he/she doesn't really want your email.
I implemented this for my personal email some years ago, although I did put a third "grey" list for people I didn't want such emails to go to (but were still not on whitelist) - mostly because I didn't want to annoy the sender (a non-profit, etc).
A lot of my non-tech friends have asked if I can start up a service to offer this to anyone and they claimed they were willing to pay. I never bothered, as such services already exist. The point, though, is that a lot of people do want this.
Yeah... I'm not sure I see an alternative to this being what most people do, unless spam filters somehow win an arms race when it's an uphill battle.
But, assuming this replaced AI spam filters rather than being used together, is it any worse than your friend's (or your mailing list member's) email getting classified as spam? At least this way you know they didn't receive it and if you really did care about them specifically you have recourse.
If it was just silently classified as spam you don't even know they didn't get it until weeks or months later if they ever notice it in the first place.
> At least this way you know they didn't receive it and if you really did care about them specifically you have recourse.
That was the point I mentioned in another comment: They are notified and if they can't bother doing something tiny for me to get the email, chances are they're not vested in contacting me.
Being subscribed to a newsletter for a year does not correlate with me actually wanting to receive that newsletter anymore.
Every once in a while I go through my emails an unsubscribe from all the junk. Junk I've been receiving for months (or more, if I've been lazy) without actually wanting to read or receive them.
With that perspective, this sounds like someone who doesn't realize that not everyone wants to continue receiving their newsletter, even if they've technically been subscribed for a year. Instead of unsubscribing from dozens of services every 6 months, including this newsletter, they set up an allowlist.
So you subscribe to a newsletter, apparently by the dozens every 6 months, then take zero action to show disinterest for a long time, and during this time expect the sender to read your mind about whether you still want it?
Seems like a fabricated problem. How about not signing up for junk in the first place, or taking the 5 seconds to unsubscribe as it comes in?
2. I often continue to receive newsletters after unsubscribing (not just for a few months, but forever - the unsubscribe feature doesn't work).
3. Why spend 5 seconds for each newsletter when I can use a solution that doesn't require any of my time?
4. This method has the benefit of killing spam pretty much instantly - not just newsletters. Why would I want to hunt for an unsubscribe link when I can kill two categories of problems with less effort than killing a few individual emails?
That won't prevent you from getting subscribed to newsletters.
There are parts of life where discipline is good for you (diet, exercise, etc). For unsubscribing and not signing up? Not really. Why be disciplined about it when there's a simpler solution?
I don't sign up, usually. My email gets onto lists without my explicit permission when I sign up for services/buy products and then I start getting emails.
It takes a lot of effort to maintain an email these days. Unsubscribing often doesn't work or is temporary.
I can go on and on. Legitimate newsletters that I may sign up for get lost in all of that, and stay around long after I care to read them anymore.
Nope. The open protocol email was built on would still work, just some people would now use a service that blocks newsletters and other annoying spam. Only his business model would be effected, the rest of could merilly go on without consequence of Earn.com's success.
Hard to imagine, but there might be people you do not know yet wanting to contact you in a way beneficial to you.
Maybe for a serious job offer. Somebody secretly in love with you. Somebody admiring your content, and wanting to publish it in a book. I'm sure there's more examples.
Such people would need to pay to contact you, and possibly/likely won't.
If I'm not looking, then I don't want to be contacted for job offers. Regardless, there are more appropriate channels like LinkedIn where I explicitly go regarding jobs.
> Somebody secretly in love with you.
Would you actually take such a person seriously? This is probably exactly who I want blocked as a phisher.
> Somebody admiring your content, and wanting to publish it in a book.
Good. Let them prove they want to invest in me by paying to contact me. That way I can trust a little more that they're not trying to con me.
I think it is also worth pointing out a couple solutions to these problems that Earn.com had:
> If you're a friend of mine, click below to request a spon on my whitelist. Your emails will get through as normal.
> If I don't know you, go ahead and send me a paid message. You'll only pay if you get a response.
All of those examples sound like the exact sort of people willing to pay 50c or whatever to contact you though? If anything I would take all of those emails more seriously if they did pay some trivial fee.
> You are always in control of whether you want to read an email or not.
Demonstrably false. You cannot ignore a category of information without first without interacting with it - as you must first establish that it _is part of that category_. It's impossible to know a spam message that got thru automated filters is spam or not until I read at least the subject line.
The interesting part about this idea to me is the scalability.
If you're someone looking to cold-email someone you admire, you're willing to spend a dollar to do that.
If you're a spammer who plays number games with your emails (maybe 0.01% result in a successful clickthrough), $1 per email is not even close to worth it.
I haven't thought through all the consequences yet, but this seems like a super interesting idea to me, with the potential to kill off the low-probability-of-success emails that I get hundreds of per day!
Certainly, one of the problems with email is that it is free for the sender. If sending an email required even a small amount of "postage", even a thousandth of a cent, it would solve a lot of problems. (Perhaps, the receiver would get the bulk of this "postage", with the service provider creating the infrastructure getting a commission.)
The problem with it is that there is no easy way for anyone who is willing to pay a thousandth of a cent to send an email to someone to pay it. Despite how much the internet has boomed in the last thirty years, there is still no good way for individual consumers to send and receive micropayments worldwide.
back in the mid to thousands. I had a working example of a sender pays email environment. it used hash cash embedded in an email message in combination with content filtering.
it was more of a proof of concept that an actual practical system but if I was going to do it again today I would instead put the postage at the SMTP level as a protocol extension where your reputation from the mail service perspective would tell you how big a Hash cash stamp to create. This model would accommodate inflation and familiarity for generating bigger and smaller stamps.
It's an interesting project for anyone that has the time.
Seems an odd thing to be infuriated about. Like, some people have no email address, right? Should we be infuriated about that? No? Then why are we infuriated about people with an email address with a whitelist? It doesn't stop you from having an open email address if you want. It's their choice.
Personally, it sounds pretty handy. Every day my personal email address gets 100 messages. The only reason I check it is once every week or two my family might have sent something. Whitelist sounds perfect. As it is I just open Gmail, search for my family's address, and close it if nothing shows up. The Gmail icon on my phone has 9,714 unread messages...never gonna go through all that.
As someone who runs a newsletter and is active in the email space (and sees the other side of what happens when a message is sent to thousands of people), I think my concern with this approach is that it comes off as passive-aggressive against everyone, good-faith or not, especially in cases where someone signed up for an email in a double opt-out format where they had to verify that they wanted the messages in the first place. And during this period, if I remember right, a lot of people were tweeting their email accounts in an effort to encourage Earn.com as a revenue stream. To my eyes, it felt like it didn’t solve a problem, but instead brought gatekeeping to email and was not being used for its intended purpose.
I think the problem I have with what I wrote three years ago is that my emotion around this was way over the top, and as a result my legitimate concerns around the model (and how it could damage honest use cases for sending messages, such as newsletters sent in a one-to-many format, or journalists emailing potential sources), got overshadowed by hyperbole. I could imagine hundreds of people doing this on a single list, overwhelming a single user or organization. I would prefer to see an approach like this managed at the standards level rather than from a startup, because I could too easily see it misused.
I have a lot of complex thoughts around this model, because it’s gatekeepy and unworkable at scale, but this clearly whipped-off post didn’t properly convey them.
fwiw, I don't find it overly harsh, but maybe because I'm mostly agreeing with you and am kinda puzzled why people would lump in a newsletter you signed up for with some marketing bullshit you were enrolled unwillingly. Maybe the comparison to snail mail isn't the best but in no way I would accept not getting important government documents just to block some spam pizza place flyers, especially when it's so much easier to compartmentalize your email to actually whitelist or sort stuff automatically...
Seems like the incentive is opposite of what I would want. It says that you only pay if you get a response. Doesn't that mean that you should just spam as many people as possible since it's free unless you get a lead?
In practice, no. Your server would need to be on many pre-approved lists if you want to avoid all of your messages being saved to most user's spam folders. Only the big operators with full-time staff monitoring the system get on the list.
This is true only for a few actors that represent a fraction of email traffic. However they break the system for everyone since even a 5% chance of having your email going to /dev/null is way too disruptive for most people.
Not to you, maybe. Good thing you're free to keep your own email. Clearly getting your emails scanned isn't a issue most people care about or Gmail wouldn't be the defacto standard.
I see it’s time to link this thing again, which made the rounds in the late 1990s as spam was starting to become a problem. Everybody and their dog had their own “ultimate solution” to the spam problem, which they all thought was obviously the correct one, but all of them were more or less equally unworkable:
A little off-topic, but this makes me wonder... what if sending email required a very small amount of currency (crypto or fiat) to be sent to escrow. If the receiver decides the email was unsolicited or unwelcome, you would lose that currency (burn it or redistribute it amongst everyone participating).
The value can even be small enough to be inconsequential to individuals but costly for high-volume spam.
This has been proposed many, many times. It's infeasible for a multitude of reasons. One of those is that it would allow any web service which sends an email to a user-specified address -- even a single email used to verify an account, which is standard practice -- to be abused to bankrupt the service operator.
That's interesting, though. The attack would require the collusion of many parties. That's very feasible if you consider how easy it is to create email addresses today.
One could imagine the system requires a one-time registration fee orders of magnitude greater than the spam penalty. That wouldn't be a solution on it's own, but pair that with delays in applying penalties and an arbitrage system and I think we're looking at an increasingly stable system but with ballooning complexity.
Don't know if it's practical, and as you've mentioned I'm sure many people have gone down that road, but I'll be daydreaming about it for the next little bit :)
> The attack would require the collusion of many parties.
Not sure what parties you have in mind here. As far as I'm aware, it would only require the involvement of a single party entering a bunch of fake or scraped email addresses into a registration form. The malicious party wouldn't receive any benefit, but the web site operator would have their funds drained.
> One could imagine the system requires a one-time registration fee orders of magnitude greater than the spam penalty.
Requiring every online service which sends emails to charge users to register would be disastrous. It would make entire classes of web sites (like hobbyist forums, or even free trials of paid services) infeasible to operate.
not necessarily. Even in my prototype sender pays email environment (camram/2 penny blue), the cost of the stamp was pushed on the message originator i.e. the email client. The mail server delivering the mail to another server on the Internet doesn't need to take that message if it doesn't have postage.
There are a few other ideas the project explored including using captive zombie nets generating postage for a company's email using spare cycles on desktops. Truth be told, whole distributed postage stamp generating model looked a hell of a lot like bitcoin mining.
> Even in my prototype sender pays email environment (camram/2 penny blue), the cost of the stamp was pushed on the message originator i.e. the email client.
What email client? The one internal to the web application?
Didn't Bill Gates think of this in his 90's book The Road Ahead? Pay to gain attention, but the receiver can refuse to charge you if s/he found your mail worthy of their attention. (E.g. if you're trying to gain the attention of a lost relative and put a $200 reward so they'd notice your email).
Of course there's no cryptocurrency hungry rent-seeker in his concept.
Cryptocurrency could be a convenient way to do the micropayments, without any rent-seeking if the project doesn't mint its own token. They'd need to solve scaling first though.
Isn’t Earn just a zombie start-up with some over invested VCs at this point? What traction can they demonstrate after years of work and millions in funding?
The author has nothing of substance to contribute. This could have been a tweet but they wrote an article repeating the same thing over and over to get a click on their site. These are exactly the kind of misleading advertising that I want to get rid of and a paid email service (never heard of it before this) seems to do that based on the author's reaction.
This causes yet another rich v poor divide. Poor people may not even be able to pay a few pennies to send an email (perhaps at a downturn when they need to reach out). Hopefully they have a phone, but at least the library might have free computer use for your currently free email.
The sooner people realize this, the better off we'll all be. When companies use slack or other chat-like tools, instead of email, total organizational disaster inevitably ensues.
Email and instant messaging aren't in competition they fulfill different communication roles and while each can be used as the other (there isn't a deep fundamental difference) each is habitually used in a very different manner. Asynchronous notifications about large tasks shouldn't be done in a medium where that notification is possibly going to scroll off of a screen in a few hours[1] (maybe I'm busy and want to review that long document sometime next week) - while low friction direct communication becomes sloggy through emails - nobody I've ever met would ever email AFK before going off to lunch. And, specifically, I wouldn't want them to mass-email the whole company with ever status change - being able to see availability at a glance makes communication smoother.
Companies should use both.
1. Message reminders in most clients can sorta do this but I still prefer emails.
Phones were also open. Now no one answers calls from strangers because of the proliferation of spam calls.
This is a natural solution to spam and nothing to be enraged about. It is ridiculous but not for you to dictate how other people manage how you contact them.