It is a difficult problem and I don't have a magic bullet, but I think that things can be done. The root of the problem is economic. Spam is about five or six orders of magnitude cheaper the paper junk mail for the sender. No matter how cheap prime numbers are, requiring mail to be signed has a number of advantages. It imposes some computational costs on the sender and serves to link together mail so that white lists are more effective. Another possibility is a "hash cash" scheme which requires the sender to come up with a token which when HMACed with a canonicalization of the body and certain fixed headers (including From, To/cc, etc.) results in a value ending in N zero bits. The idea is to cause a slight delay to the average user while their software searches for a token when they send a message but a computational load enough to slow down spammers if they are required to individually address messages. You could even make N time dependent to compensate for Moore's law (not Keith, Gordon :-). These are not new ideas and would have a variety of start up problems but in combination with appropriate filters and black list services, they would help out for some time. Ultimately, despite the problems involved, I think you need to be able to charge people/lists not on your white list to get your attention. Donald ====================================================================== Donald E. Eastlake 3rd dee3@torque.pothole.com 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA Donald.Eastlake@motorola.com On 13 Aug 2002, Perry E. Metzger wrote: > Date: 13 Aug 2002 17:15:51 -0400 > From: Perry E. Metzger <perry@PIERMONT.COM> > To: Franck Martin <franck@sopac.org> > Cc: ietf@ietf.org > Subject: Re: Why spam is a problem. > > > Franck Martin <franck@sopac.org> writes: > > My own little piece part of a solution, is to enable global digital > > signature. > > > > For the moment GPG and S/MIME are not living to their promisses because > > they are not offering tracability through a global certification > > authority system (like DNS). So we come back to an old discussion GLOBAL > > PKI with DNS help. > > As I've said before: prime numbers are cheap. Anyone can get a > certificate. If we do this, we'll just get certified spam. > > The problem isn't tracking down the spammers. Tracking them down is > laughably easy if you are willing to invest the time. I've done it on > a few occasions. The problem is stopping them from putting mail in > people's mailboxes. > > Perry