In message <200305130152.h4D1qC1F007097@syn.hamachi.org>, Bill Sommerfeld write s:
The other side of this equation is what a second of CPU costs in monetary terms to a spammer. (To an end user it is essentially free because his CPU is mostly idle anyway; the limiting factor for the user is his preference for fast mail delivery (and in the dialup case an unwillingness to sit waiting for tokens to be calcluated before his mail can be sent).
If you believe http://news.bbc.co.uk/1/hi/technology/2988209.stm, spammers are beginning to use viruses to deploy spam relays.
If a spammer has a zombie army of a few thousand compromised systems, the spammer's cpu time costs for hashcash will also essentially be free.
The spammers are doing that and more. For example, recent traffic on the NANOG list suggests that they are using false BGP advertisements on stolen address blocks to shoot and run. (There is a proposal to stop that via cryptographic authentication of BGP advertisements, but SBGP hasn't gotten any traction with most of the operator community yet. Just why is a subject for a separate thread.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)