On Thu, 26 Feb 2004, Ed Gerck wrote:
Spammers need scale (because they get a very low return). Therefore,
part of the solution should be to deny scalability to spammers. You
seem to think that is not possible. However, it is trivial for a
receiver to impose and enforce *both* work and time burdens to receive
emails from strangers -- at the MTA *and* at the MUA levels.
a) Moore's law
b) Economics
c) Arithmetic
d) Clustering
e) Human nature
among many other reasons why this idea will not fly.
Work and time burdens are not uniform or static because of Moore's law
-- a modern system might be eight to thirty-two times more powerful than
a nearly obsolete system on the same network. Are we going to deny
people on the obsolete system the ability to send mail because we're
trying to slow down the fastest system enough to make a difference?
Economics alone would crush the idea. A large institution is already
paying large sums of money supporting its primary MTAs because they are
receiving hundreds of thousands to millions of messages a day. You
propose to ask them to what -- double? triple? ntuple where n is
whatever integer you think it has to be to STOP SPAM? They'd implement
institutional-level MTA-based spam filters before they did that -- it
would be cheaper.
Then there is arithmetic. What, exactly, is enough of a work burden
sufficient to be a burden to a spammer? A spammer who sends anywhere
from 10000 to 10000 messages a day can make money, from what I've read.
That is order of a message every 1 to 10 seconds, and very little of
this time would be spent consuming bandwidth. Note that this is a
tens to hundreds of times as much time as is currently required, and is
NOT easy to arrange. Since the amount of arithmetic determines the
ntupling of server expenses for every large mail operation on the
planet, you are facing pressure from above to keep it cheap and from
below to make it effective.
Clustering, alas, will frustrate you. A spammer can afford to add cheap
hardware for solving the problem at the high end of Moore's Law faster
than legitimate shops can afford to add expensive and reliable hardware
to handle enterprise mail. It won't even cost them more bandwidth,
since they can easily make their 100K/day nugget with a fairly cheap ISP
connection fronting their whole cluster.
Finally, there is human nature. You proposed solution is cumbersome and
expensive, a cure literally worse than the disease. Spam now is a
hassle, but automated tools ameliorate it to a large extent for most
users. Too many agencies at all levels of the internet would find it a
hindrance with little advantage. So it will never be adopted.
For example, my MTA could enforce large time delays at every step to
complete the SMTP session if the headers contain something suspicious
like "Received: from ([127.0.0.1])". Also, my MTA could require message
encryption and/or MAC using *my* PK (imposing a burden per message).
Or it could just reject them out of hand. Remember, the burden per
message simply cannot be scaled to where a spammer would care without
bringing the entire Internet's mail transport system to its knees.
Look up tables and computational power cannot help spammers in such
case. "Jumping through the hoops" is not optional and will take work
and time, that my MTA can increase at will -- as much as might be
necessary to be an effective deterrent to abuse by strangers.
It would indeed, and that's the problem. In order to be effective, your
MTA has to increase it to where it is as big a "deterrent" to use by
strangers as it is to abuse by strangers.
rgb
Cheers,
Ed Gerck
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525
email:rgb(_at_)phy(_dot_)duke(_dot_)edu