On Thu, 26 Feb 2004, Ed Gerck wrote: > Spammers need scale (because they get a very low return). Therefore, > part of the solution should be to deny scalability to spammers. You > seem to think that is not possible. However, it is trivial for a > receiver to impose and enforce *both* work and time burdens to receive > emails from strangers -- at the MTA *and* at the MUA levels. a) Moore's law b) Economics c) Arithmetic d) Clustering e) Human nature among many other reasons why this idea will not fly. Work and time burdens are not uniform or static because of Moore's law -- a modern system might be eight to thirty-two times more powerful than a nearly obsolete system on the same network. Are we going to deny people on the obsolete system the ability to send mail because we're trying to slow down the fastest system enough to make a difference? Economics alone would crush the idea. A large institution is already paying large sums of money supporting its primary MTAs because they are receiving hundreds of thousands to millions of messages a day. You propose to ask them to what -- double? triple? ntuple where n is whatever integer you think it has to be to STOP SPAM? They'd implement institutional-level MTA-based spam filters before they did that -- it would be cheaper. Then there is arithmetic. What, exactly, is enough of a work burden sufficient to be a burden to a spammer? A spammer who sends anywhere from 10000 to 10000 messages a day can make money, from what I've read. That is order of a message every 1 to 10 seconds, and very little of this time would be spent consuming bandwidth. Note that this is a tens to hundreds of times as much time as is currently required, and is NOT easy to arrange. Since the amount of arithmetic determines the ntupling of server expenses for every large mail operation on the planet, you are facing pressure from above to keep it cheap and from below to make it effective. Clustering, alas, will frustrate you. A spammer can afford to add cheap hardware for solving the problem at the high end of Moore's Law faster than legitimate shops can afford to add expensive and reliable hardware to handle enterprise mail. It won't even cost them more bandwidth, since they can easily make their 100K/day nugget with a fairly cheap ISP connection fronting their whole cluster. Finally, there is human nature. You proposed solution is cumbersome and expensive, a cure literally worse than the disease. Spam now is a hassle, but automated tools ameliorate it to a large extent for most users. Too many agencies at all levels of the internet would find it a hindrance with little advantage. So it will never be adopted. > For example, my MTA could enforce large time delays at every step to > complete the SMTP session if the headers contain something suspicious > like "Received: from ([127.0.0.1])". Also, my MTA could require message > encryption and/or MAC using *my* PK (imposing a burden per message). Or it could just reject them out of hand. Remember, the burden per message simply cannot be scaled to where a spammer would care without bringing the entire Internet's mail transport system to its knees. > Look up tables and computational power cannot help spammers in such > case. "Jumping through the hoops" is not optional and will take work > and time, that my MTA can increase at will -- as much as might be > necessary to be an effective deterrent to abuse by strangers. It would indeed, and that's the problem. In order to be effective, your MTA has to increase it to where it is as big a "deterrent" to use by strangers as it is to abuse by strangers. rgb > > Cheers, > Ed Gerck > -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@xxxxxxxxxxxx