Reusable hashcash for spam prevention

Fearghas McKay fm at st-kilda.org
Tue May 18 06:41:31 PDT 2004 

and the data that Eric S. Johansson got:

-=-=- forwarded text -=-=-

this is frustrating.  I have run through the exact same calculations and
come up with a very different answer.  The answers I came up with the
show that at worst case, spammers with zombies would almost have enough
horsepower to generate enough stamps.  one of the difficult aspects of
this is that I have not been able to get hard numbers on the number of
zombies (it varies by an order of magnitude at least depending on the
source)

as I said at my MIT anti-spam conference talk, I do agree that proof of
work stamps are not a panacea but they are an important component in the
"drug cocktail" used to attack spam.  that's why I tried very hard to
build camram to be able to incorporate other anti-stamp techniques or
work in conjunction with them.

Another impression of a shortcoming is that they mix and match economic
models.  I need to go through in greater detail to find out if they have
found something I missed.  I do know that the cost of a PC and its
operation are insignificant to the rate limiting effect of stamp
generation.  they also did not seem to account for different degrees of
cost of doing business.  Proof of work stamps will take out the low-end
spammers first allowing us to concentrate efforts on higher end, better
financed spammers.  Fewer targets, easier to hit.

They did not account for automatic inflation of postage rates when
stamped Spam appears or the addition of a second tier of stamps (i.e.
signatures for familiar entities/mailing lists.

the problem with impact on low-end machines is important if you always
generate stamps.  However, for extreme low-end machines (PalmPilot and
cellphones) you can always defer the computational load to a for fee
service such as the ISP handling your e-mail for the device.  With the
rest of the low-end machines, stamped generation just takes longer, and
background and once you have white listed the entity, you never need to
send them a stamp again.

on eco damage caused by stamp generation, again, the transition between
stamps and white lists based on stamp activity illuminate that problem.
  It's only commercial entities who want to send you advertising
unsolicited that would incur such damage.  On the other hand, kill a
couple of SUVs and you can generate many more stamps without worry.  ;-)

on zombies: I think it might be useful if the anti-spam folks spent some
time developing zombie hunters and worked with various service providers
to identify and shut off those machines.  Additionally, ISPs should send
Microsoft an invoice for every machine found and repaired.  Get enough
people together, you could have a substantial lawsuit.  After all, the
real culprit in the zombie problem is not the owner of the PC.  Yes they
were stupid, yes they ran something they shouldn't have, but the system
should not have failed quite so easily!

so am I discouraged?  A little bit.  I'm going to continue but it's one
more naysayer I'm going to have to build arguments against.

-=-=- end forwarded text -=-=-

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list