1. 23
  1.  

  2. 5
    1. 4
      1. The sender’s server sends the email, and the receiver stores it.
      2. The receiver responds with 1MB of pseudo-random noise generated from a secret message-specific seed.
      3. Every hour, the receiver says “append this additional MB, and return the hash”.
      4. Once enough challenges have been passed, the message is moved to the inbox (or spambox!).

      The two servers negotiate ahead of time what the proof-of-care profile will be. The recipient can decide arbitrarily what the profiles are, and multiple profiles can be made available. A trusted sender can be accepted with a low cost. If the email’s author set some priority option, the sending server might choose the “1 GB every minute 10 times” profile instead of the more economical “20 MB every hour 24 times”.

      Either server might have downtime. This is fine. The sending server polls the recipient.

      To reduce bandwidth costs for the recipient, the proof-of-care profiles could include delegation to a third-party — a bit like a CDN, a trusted 3rd party might be in the sender’s data center. Heck, the sender could delegate also, and perhaps they both choose the same 3rd party… (The sender must not get a discount from this.) Note that the only metadata the third parties can glean is “this server sent a message to that server”. Batching might reduce metadata leakage further.

      This scheme can induct itself onto the existing federation. If the sender server doesn’t spaken la francaise, a bounce message can say “write a complaint to your server admin, and keep this webpage open in your browser for an hour”.

      This protocol could be useful outside of email, so it should be independent of SMTP.

      1. 2

        I thought the IM2000 proposal was interesting, but had a lot of affordances for mailing lists, which in the succeeding two decades sort of became significantly less important. I’d be interested in hearing djb’s thoughts on email these days.

        1. 1

          I wonder what’s going on with Darkmail / DIME. That one looked like a good idea.