CentMail Frequently Asked Questions

  1. What is CentMail?
  2. How does this project relate to Yahoo! Mail and Yahoo?
  3. Can I choose which charities my money goes to?
  4. Why should I use CentMail?
  5. Will I have to use CentMail?
  6. How big a problem is spam?
  7. How much will CentMail cost the average user?
  8. Will the providers of CentMail make a profit?
  9. Can spammers fake stamps by attaching fake signatures to emails?
  10. If only a few people are using CentMail, why should I?
  11. Are there hidden costs to using CentMail?
  12. Can spammers reuse stamps, sending many messages for the cost of ...
  13. Will CentMail deter web applications from sending email ...
  14. How will CentMail work with mailing lists (listservs)?
  15. For a message with $1 postage sent to millions of people, the ...
  16. Does CentMail magnify the damage from email viruses?
  17. Is Hashcash better, achieving the same goal with less user ...
  18. Don't micropayments exert a large cognitive cost on ...
  19. Will demanding too much from a sender dampen the free flow of ...
  20. Does forwarded mail need to be restamped?
  21. Are there privacy implications in the fact that when a recipient ...
  22. Who will run CentMail? Will there be competition for providing it?
  23. How can we incentivize the big players to agree to this?
  24. Will companies pay for their employees' emails?
  25. Is the cost of false positive spam detection high enough to get ...
  26. What happens to people who continue to send unstamped email?
  27. Would CentMail be a barrier to emerging email markets in poorer ...
  28. Can malicious users undermine CentMail by verifying stamps before ...
  29. Can spammers cancel payment after procuring stamps?
  30. Can spammers get stamps by donating to themselves?
  31. Will legitimate users with extra stamps have incentive ...
  32. Does CentMail have an adverse selection problem, in essence ...
  33. Is CentMail vulnerable to spammers who have zombie networks at ...

 

  1. What is CentMail?

    CentMail is a charitable twist on the old idea of email postage stamps. The goals are to make it less like paying to send email, and to provide a plausible adoption path to solve the chicken-and-egg problem. In the standard email stamps approach, neither senders nor recipients gain by joining unilaterally, and senders lose money. CentMail begins as a charity fund-raising tool: Users donate $0.01 to a charity of their choice for each email they send. The user benefits by helping a cause and promoting it to friends, often at no additional cost beyond what they planned to donate anyway. Charitable organizations benefit and so may appeal to their members to join. The sender's email client certifies each outgoing message with an unforgeable stamp issued by the CentMail server. The recipient's email client verifies with CentMail that messages are appropriately stamped, and have not been queried by an unexpectedly large number of other recipients. More generally, the system can serve to rate-limit and validate many types of transactions, broadly construed, from weblog comments to web links to account creation.

  2. How does this project relate to Yahoo! Mail and Yahoo?

    CentMail is a research project at the moment, and we are exploring ways that it could be used someday to augment the company's product pipeline. Here is Yahoo's official statement on CentMail:

    At Yahoo! we’re always looking for new and innovative ways make sure our users have the best experience online, including protecting them from scams. This Yahoo! Research project is an example of how we’re open to experimenting with new approaches for addressing some of the difficult issues that can impact our users and the internet at large. With CentMail we have two specific goals: to raise awareness and money for charitable organizations, and to learn about potential ways to put a dent in spam while doing so.

  3. Can I choose which charities my money goes to?

    Yes, but only from a pre-selected list that meet certain criteria to legally qualify as charitable organizations. See also Question 30.

  4. Why should I use CentMail?

    First, CentMail promotes your favorite causes with every email you send. Second, since CentMail donations may be matched by sponsors, your financial impact is directly amplified. Third, as the system gains popularity and becomes incorporated into spam filters, your emails are less likely to end up in the junk mail folder.

  5. Will I have to use CentMail?

    No, CentMail is strictly opt-in. Nor is there particular pressure to stamp your mail with CentMail. The attachment of a CentMail stamp to a message provides an informative feature to a recipient's spam filter that the message is not spam; this signal is meant to augment (rather than replace) existing features of spam filters. For adopting users this decreases the probability of false positive spam classifications on their recipients' end.

  6. How big a problem is spam?

    It costs tens of billions of dollars a year in the United States alone. Even if you've been careful with your email address and your spam filter keeps your inbox relatively spam-free, spam makes the whole internet slower and costlier. And it's likely that once in a while a legitimate message never reaches your inbox because it's falsely marked as spam. Worst of all, you often won't realize when that happens.

  7. How much will CentMail cost the average user?

    CentMail will essentially be free for the majority of users who already give yearly charitable donations. 89% of U.S. households already make annual donations, with an average contribution of $1620 and a median on the order of $100. By making these donations through CentMail (as opposed to directly to the charity), users will spend no additional money, but will be provided with CentMail's service.

  8. Will the providers of CentMail make a profit?

    No. All donations will go to the participating charities.

  9. Can spammers fake stamps by attaching fake signatures to emails?

    No. Email signatures are generated by a hash of an email digest and the user's secret key. A fake stamp cannot be generated without such a key, as issued by the CentMail server.

  10. If only a few people are using CentMail, why should I start using it? Is there a chicken-and-egg problem?

    To become an effective spam deterrent, many people need to use CentMail. However, regardless of how many other people are using CentMail, each participant gets the immediate benefit of having their causes promoted and perhaps their donations matched. In terms of spam deterrence with partial adoption, CentMail's guarantee -- that the sender paid at least one cent per recipient -- is diluted but still meaningful.

  11. Are there hidden costs to using CentMail?

    Again, the vast majority of users who already make charitable contributions incur no additional monetary expense. Furthermore, there is also no significant computational expense (e.g., spent CPU cycles) or significant human expense (e.g., time spent solving CAPTCHAs). The system does require users to open a CentMail account and, in some cases, to install a simple application. With support from large email providers (e.g., Yahoo!, Google and Microsoft), however, this barrier to entry can be significantly reduced.

  12. Can spammers reuse stamps, sending many messages for the cost of one stamp?

    Since stamps are associated with a particular piece of content (as determined by its hash), a malicious user can only reuse a stolen stamp on identical content (see also Section 3.1 of our technical paper). This security guarantee makes it effectively useless for third parties to steal stamps since they would have no control over the content. A related scenario is when a user attempts to reuse a single legitimately obtained stamp to validate a single message sent to thousands of people. This is in fact considered to be acceptable behavior from the perspective of CentMail, similar to the use of blind carbon copy (bcc) for emails. Recipients are informed, however, of the number of times a message has been verified, alerting them to down-weight the value of a donation appropriately.

  13. Will CentMail deter web applications from sending email (e.g. Evite, Facebook, LinkedIn, etc.), and hence hamper innovation? What about other legitimate bulk mail senders?

    We suspect that any long-term solution to spam will continue relying in part on domain and content-based filtering. In particular, organizations with a history of legitimate bulk mailings that verify their identities (e.g., via DomainKeys) can be whitelisted and avoid using CentMail altogether. CentMail is tailored for instances when individuals -- not organizations -- send messages to recipients for the first time. This type of correspondence is particularly hard to classify as spam or ham (i.e., legitimate email) via traditional methods.

    Furthermore, CentMail would not pose any barrier to as-yet-unestablished bulk senders unless it were so ubiquitous that recipients commonly rejected unstamped messages from non-whitelisted senders. See Question 26 and 27 for more on the case of legitimate senders who cannot afford sufficient donations.

    When making sufficiently large donations is not an issue, the protocol accommodates bulk senders by allowing arbitrary postage amounts on a stamp. That way, when sending a single message to many recipients, the sender would attach a stamp with higher postage. Each recipient when verifying the stamp would divide amount by queries to determine the amount donated per recipient and decide if that amount is high enough to be considered legitimate. For example, if you get a dollar's postage then the first 100 recipients will see a per-recipient postage of at least one cent. The rest would, if using one cent as a threshold, reject it as spam. This distinguishes spammers from legitimate bulk mail senders if we take as a definition of a spammer someone with sufficiently low value per recipient.

  14. How will CentMail work with mailing lists (listservs)?

    Mailing lists traditionally pose difficulties for economic approaches to reducing spam, as a sender's message to the mailing list address is redirected to the (potentially large) set of subscribers. While CentMail encounters some difficulty in dealing with mailing lists, a simple solution exists via whitelists. Although one could ask that either the original sender or the operator of the mailing list incur a relatively large fee to cover the number of subscribed users, we instead recommend that users whitelist relevant mailing lists to deal with this issue. Recent work on improving the management and useability of whitelists [1] has confirmed that this is an effective strategy.

  15. For a message with $1 postage sent to millions of people, the first 100 CentMail users will receive it with no indication from CentMail that it's spam. Has CentMail failed these initial recipients?

    Not at all. CentMail has correctly informed those 100 recipients that they were one of at most 100 CentMail users to receive the message. We take as a definition of a legitimate message one for which the sender paid at least one cent per actual recipient. Whether there were millions of attempted recipients is irrelevant. And in fact the would-be spammer would not attempt to send to more than the initial 100 since it wouldn't work.

  16. Does CentMail magnify the damage from email viruses?

    A virus that infects a user's computer could deplete that user's CentMail account by sending out emails on their behalf. In this case, however, three factors mitigate the potential damage: (1) An increase in the number of stamps requested by a user would alert CentMail to a potential security issue, and the user could then be alerted to a possible infection; (2) since stamp proceeds are donated, stolen stamps amount to the user donating more money through CentMail than they had intended -- while still not ideal, this is perhaps a better scenario than money being lost outright; and (3) if one's computer is infected with a virus, the monetary loss of CentMail stamps -- on the order of $5-$10 -- is likely not the primary concern given the costs associated with corrupted data and other threats associated with viruses.

  17. Is Hashcash better, achieving the same goal with less user involvement?

    We're not proposing to eliminate Hashcash. Any viable solution to spam will likely draw on myriad techniques. That said, we believe CentMail is intrinsically more socially efficient in the sense that nothing (e.g., CPU cycles) is wasted.

  18. Don't micropayments exert a large cognitive cost on users?

    Using CentMail does not require making a decision every time you send an email about whether or not to donate a penny. In contrast, users make upfront donations (typically $5-$10) that often amount to enough stamps to last several months or even years.

  19. Will demanding too much from a sender dampen the free flow of information? Could it even be viewed as a restriction of free speech?

    By analogy, postage stamps on paper mail are generally not considered an infringement on free speech. More to the point, CentMail is coercion-free. Senders choose to attach stamps proving they made charitable donations and recipients choose to read those messages based on any criteria they like, including potentially the existence of a stamp. See also Question 26.

  20. Does forwarded mail need to be restamped?

    If the message is remailed, then a new stamp is required since the sender's address is included in the message hash. On the other hand, if the message is bounced (i.e., the header -- including the sender address -- and message body remain unchanged), then a new stamp is not required. This latter scenario is akin to use of blind carbon copy (bcc). See also Question 12.

  21. Are there privacy implications in the fact that when a recipient verifies a stamp they learn how many times the stamp was previously verified?

    It is true that CentMail is giving the recipient a clue about the number of other recipients. If the sender wishes to fully conceal that information they should not stamp the message. Indeed, much of the point of stamping a message is to prove to the recipient that the message was not sent to them indiscriminately.

  22. Who will run CentMail? Will there be competition for providing it?

    In addition to implementing CentMail ourselves (centmail.net), we are publishing the API as an open standard (see the appendix of our technical paper). We welcome other organizations to implement it and provide the service as well.

  23. How can we incentivize the big players to agree to this?

    DomainKeys was adopted by Google and Yahoo! because of its promise to curb spam in the long run if it became a standard. We expect they have no less incentive to adopt CentMail.

  24. Will companies pay for their employees' emails?

    Most corporate email is internal and need not be certified. However, even if employees send ten thousand emails per year, they need only one hundred dollars worth of stamps. Large companies often already donate that much per employee.

  25. Is the cost of false positive spam detection high enough to get the average user to bother verifying CentMail stamps?

    This depends on how many people are stamping their mail. If stamping were universal then stamp verification would likely become the primary spam filtering attribute. At the other extreme, with very few CentMail users, there's little incentive. Somewhere in between is a threshold. Since senders have an independent reason to use CentMail (to promote their charities) it remains to be seen whether that motivates enough early adoption to cross that threshold. See [2] for a recent survey of the cost of false positives.

  26. What happens to people who continue to send unstamped email?

    CentMail does not shut out users who send unstamped email. Especially at first, CentMail's spam-fighting value will be in avoiding false positives. Sending unstamped mail just means forfeiting that protection against your message being falsely labeled as spam. Only when CentMail becomes so popular that a lack of a stamp is strong evidence of spam is there pressure to stamp all mail.

  27. Would CentMail be a barrier to emerging email markets in poorer countries?

    It is true that CentMail stamps are "free" only when users already intended to make charitable donations, and in fact CentMail may be prohibitively expensive for users in poorer countries. CentMail, however, does not shut out users who leave their messages unstamped (see Question 26), and we imagine CentMail to work in conjunction with myriad other spam fighting tools and techniques. In particular, CentMail eases the transition to alternative economic approaches, such as sender-posted bonds [3], which ultimately may be better suited for poorer users, but which initially lack the appropriate adoption incentives.

  28. Can malicious users undermine CentMail by verifying stamps before the intended recipients do?

    In the standard CentMail protocol (described in Section 2.1 of our technical paper) malicious users could in theory sniff a network and verify messages not intended for them, giving the impression that a legitimate user was trying to send spam. Although we believe this type of attack on the system is unlikely, Section 3.1 describes a modified protocol that closes this loophole by requiring senders to specify the intended recipients.

  29. Can spammers cancel payment after procuring stamps?

    It is paramount that CentMail participants pre-pay for stamps, and do not in effect steal stamps by defaulting on their financial commitments. To a large extent, this situation is avoidable through no-refund policies and enforcing waiting periods to confirm that donations are in fact processed and debited from users' accounts.

  30. Can spammers get stamps by donating to themselves?

    Users receive stamps in exchange for donations to charitable organizations of their choice. Here, care must be taken to guarantee that spammers are not simply funneling payments to a "charitable" organization which they ultimately control. To address this problem, we restrict donations to known reputable organizations which, for example, have been given a Charity Seal from the Better Business Bureau Wise Giving Alliance (bbb.org/charity) or granted non-profit tax status by the U.S. government.

  31. Will legitimate users with extra stamps have incentive to sell them to spammers?

    For those who make charitable donations, CentMail stamps are effectively free up to the amount of their donations. This creates the possibility of a black market for stamps in which users resell their stamps for potentially far less than their face value. While not inconceivable, this scenario seems implausible since the seller would still be associated with any stamps he sold (i.e., the stamps are traceable to the seller, regardless of who actually sends the message).

  32. Does CentMail have an adverse selection problem, in essence "over-solving" the spam problem and encouraging users to purposefully present themselves as spam bait?

    That is a more serious problem for economic approaches that pay the recipients of spam. CentMail minimizes this concern by leaving the choice of charity to the senders.

  33. Is CentMail vulnerable to spammers who have zombie networks at their disposal?

    Zombie networks typically rely on being able to compromise computers undetected, to relay spam as a background process. With CentMail they would have to not only execute code on their host machines but steal users' CentMail credentials and deplete their balances. This type of attack is harder for spammers and, since CentMail generates an audit trail of stamp requests, more easily detectable. See also Question 16.

REFERENCES

[1] D. Erickson, M. Casado, and N. McKeown. The Effectiveness of Whitelisting: a User-Study, 2008. Fifth Conference on Email and Anti-Spam.

[2] T. C. Loder, M. W. V. Alstyne, and R. Walsh. An economic response to unsolicited communication. Advances in Economic Analysis & Policy, 6(1), 2006.

[3] Ferris Research. The Cost of Spam False Positives. http://www.ferris.com/2003/08/14/the-cost-of-spam-false-positives, 2003.