using PoW + filters to avoid false positives (Re: Re: A Trial Balloon to Ban Email?)

[Bill Stewart]

At 10:22 AM 05/16/2003 -0700, Eric Murray wrote:
>There is already a reasonably good proof-of-work mechanism built
>into SMTP-- START_TLS.
>
>Any server that is willing to do TLS with mine is very unlikely
>to be a spammer.  In fact a quick check of about 8000 spams I have
>shows that two of them used TLS.  (both in the last week.   hmm.)

Steve Bellovin pointed out that spammers who use open relays and
open proxies will happily burn those CPUs doing proof-of-work
as well as burning their bandwidth multiplying spam.
That's not necessarily a _bad_ thing, if it gets the attention of
the people running the relay/proxy machines (:-)

But it's a basic problem with link-based proof-of-work like START_TLS
as opposed to end-to-end proof-of-work mechanisms in the message itself.
If you do link-based, the pnly last relay site needs to do the work,
so the spammer can steal CPU from lots of machines without burning his own.
If you do message-based proof-of-work, it's much harder to get a proxy
or relay to do the work, as opposed to using the spammer's own machine.

START_TLS and other link-based mechanisms _do_ have the benefit of
harassing dialup and DSL spammers, who are using their own CPUs without relays,
so it at least gets rid of some of the ankle-biters and forces spammers
to abuse relays and proxies, which may be easier to identify
(especially because they're using START_TLS...)

This has the side benefit that it cuts down on the use of dial/dsl blacklists,
which are one of the extremely annoying sources of collateral damage
in the anti-spam world.