Vernon Schryver wrote:
The idea of forcing your correspondents to jump through hoops that
spammers' computers can't is fundamentally wrong and crazy.
Correspondents are also computers, humans don't do SMTP.
A spammer's computer will happily continue trying to guess the
answer to your puzzle as long as you let it, or look for it
in a crib sheet of 1,000,000,000 clues.
Spammers need scale (because they get a very low return). Therefore,
part of the solution should be to deny scalability to spammers. You
seem to think that is not possible. However, it is trivial for a
receiver to impose and enforce *both* work and time burdens to receive
emails from strangers -- at the MTA *and* at the MUA levels.
For example, my MTA could enforce large time delays at every step to
complete the SMTP session if the headers contain something suspicious
like "Received: from ([127.0.0.1])". Also, my MTA could require message
encryption and/or MAC using *my* PK (imposing a burden per message).
Look up tables and computational power cannot help spammers in such
case. "Jumping through the hoops" is not optional and will take work
and time, that my MTA can increase at will -- as much as might be
necessary to be an effective deterrent to abuse by strangers.
Cheers,
Ed Gerck