and the data that Eric S. Johansson got: -=-=- forwarded text -=-=- this is frustrating. I have run through the exact same calculations and come up with a very different answer. The answers I came up with the show that at worst case, spammers with zombies would almost have enough horsepower to generate enough stamps. one of the difficult aspects of this is that I have not been able to get hard numbers on the number of zombies (it varies by an order of magnitude at least depending on the source) as I said at my MIT anti-spam conference talk, I do agree that proof of work stamps are not a panacea but they are an important component in the "drug cocktail" used to attack spam. that's why I tried very hard to build camram to be able to incorporate other anti-stamp techniques or work in conjunction with them. Another impression of a shortcoming is that they mix and match economic models. I need to go through in greater detail to find out if they have found something I missed. I do know that the cost of a PC and its operation are insignificant to the rate limiting effect of stamp generation. they also did not seem to account for different degrees of cost of doing business. Proof of work stamps will take out the low-end spammers first allowing us to concentrate efforts on higher end, better financed spammers. Fewer targets, easier to hit. They did not account for automatic inflation of postage rates when stamped Spam appears or the addition of a second tier of stamps (i.e. signatures for familiar entities/mailing lists. the problem with impact on low-end machines is important if you always generate stamps. However, for extreme low-end machines (PalmPilot and cellphones) you can always defer the computational load to a for fee service such as the ISP handling your e-mail for the device. With the rest of the low-end machines, stamped generation just takes longer, and background and once you have white listed the entity, you never need to send them a stamp again. on eco damage caused by stamp generation, again, the transition between stamps and white lists based on stamp activity illuminate that problem. It's only commercial entities who want to send you advertising unsolicited that would incur such damage. On the other hand, kill a couple of SUVs and you can generate many more stamps without worry. ;-) on zombies: I think it might be useful if the anti-spam folks spent some time developing zombie hunters and worked with various service providers to identify and shut off those machines. Additionally, ISPs should send Microsoft an invoice for every machine found and repaired. Get enough people together, you could have a substantial lawsuit. After all, the real culprit in the zombie problem is not the owner of the PC. Yes they were stupid, yes they ran something they shouldn't have, but the system should not have failed quite so easily! so am I discouraged? A little bit. I'm going to continue but it's one more naysayer I'm going to have to build arguments against. -=-=- end forwarded text -=-=- --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'