Melinda Shore <mshore@cisco.com> writes: > I think it's pretty unreasonable to put any but a trivial > computational load on the recipient. The scheme that I describe (I am not sure about its origins) satisfies this condition: if the challenge string has n bits (randomly generated), the recipient needs to do O(1) work (generate random bits and compute MD5 of a short string once) while the sender needs to do O(2^n) work to find a hash collision. There are numerous other techniques that would accomplish the same goal. > This is clearly an economic problem, but it's not just that it's > inexpensive to send spam, it's also that ISPs make money from > spammers and they lose revenue if they cut them off. One problem to > think about is how to change the balance so that hosting spammers is > more expensive than not hosting spammers. The scheme that I describe puts an effective throttle on how much spam a given host can send. Open relays keep disappearing. The spammer will soon have to own the machines that spew. If this is the case, and the heuristic algorithms are any good, the CPU on the spammer's machines will be 100% occupied with finding hash collisions. Thus, sending spam becomes more expensive (you'll need large clusters to send any significant amounts). This needn't affect legitimate bulk mail senders: they can demand to be whitelisted (at signup time) and refuse to do any computations. If I want the traffic of a mailing list, I will have to accept it without making the distributuion machine jump over hoops. The scheme is -- to an extent -- similar to charging a fee for reading mail. The currency, however, is CPU cycles rather than money. > > P.S. If people complained more to the ISPs it would help. > > http://www.internet2.edu/~shalunov/uce/reporting-spam.html > > I think so, too. Also, when I do take the time to look at spam and > see that it contains a freephone (1-800, etc.) number, I always > give them a call to let them know that I'd like to be removed from > their mailing list. Placing fake orders must hurt the spammers. Unfortunately, it takes just as much recipient's time. (Same problem as with toll-free numbers: it's 5 cents/minute for the spammer while your time is probably worth as much or more.) -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ "Nuclear war would really set back cable [television]." -- Ted Turner