Here's a forward of parts of an email I sent to Richard with comments on his and Ben's paper (sent me a pre-print off-list a couple of weeks ago): One obvious comment is that the calculations do not take account of the CAMRAM approach of charging for introductions only. You mention this in the final para of conclusions as another possible. My presumption tho don't have hard stats to measure the effect is that much of email is to-and-fro between existing correspondents. So if I were only to incur the cost of creating a stamp at time of sending to a new recipient, I could bear a higher cost without running into limits. However the types of levels of cost envisaged are aesthetically unpleasing; I'd say 15 seconds is not very noticeable 15 mins is noticeable and 1.5 hrs is definately noticeable. Of course your other point that we don't know how spammers will adapt is valid. My presumption is that spam would continue apace, the best you could hope for would be that it is more targetted, that there are financial incentives in place to make it worth while buying demographics data. (After all when you consider the cost of sending junk paper mail is way higher, printing plus postage, and yet we still receive plenty of that). Also as you observe if the cost of spamming goes up, perhaps they'll just charge more. We don't know how elastic the demand curve is. Profitability, success rates etc are one part of it. There is an interplay also: if quantity goes down, perhaps the success rate on the remaining goes up. Another theory is that a sizeable chunk of spam is just a ponzi scheme: the person paying does not make money, but a lot of dummy's keep paying for it anyway. Another potential problem with proof-of-work on introductions only, is that if the introduction is fully automated without recipient opt-in, spammers could also benefit from this amortized cost. So I would say something like the sender sent a proof-of-work, and the recipient took some positive action, like replying, filing otherwise than junk or such should be the minimum to get white-listed. On the ebiz web site problem, I think these guys present a problem for the whole approach. An ebiz site will want to send lots of mail to apparent new recipients (no introductions only saving), a popular ebiz site may need to send lots of mail. Well it is ebiz so perhaps they just pass the cost on to the consumer and buy some more servers. Another possibility is the user has to opt-in by pre-white-listing them, however the integration to achieve this is currently missing and would seem a difficult piece of automation to retrofit. One of the distinguishing characteristics of a spammer is the imbalance between mail sent and mail received. Unfortunately I do not see a convenient way to penalize people who fall into this category. Also because of network effect concerns my current hashcash deployment is to use it as a way to reduce false positives, rather than directly requiring hashcash. Well over time this could come to the same thing, but it gives it a gentle start, so we'll see how long it is before the 1st genuine spam with hashcash attached. CAMRAM's approach is distinct and is literally going straight for the objective of bouncing mail without some kind of proof (hashcash or reverse-turing, or short term ability to reply to email challenge-response). Adam Richard Clayton wrote:
[...] Ben Laurie) and I have recently been doing some sums on proof-of-work / client puzzles / hashcash methods of imposing economic constraints upon the sending of spam...
Ben wanted to know how big a proof was needed for a practical scheme he was considering -- and I told him it wasn't going to work. We then carefully worked through all the calculations, using the best data that we could obtain -- and we did indeed come to the conclusion that proof-of-work is not a viable proposal :(
Paper: