At 09:45 AM 8/28/2004 +0100, you wrote:
On Sat, 2004-08-28 at 08:36, AccuSpam wrote:
Note that Microsoft has made public announcements about the future value
of "hashcash" technique, where the cost of sending is increased by apply
some computer algorithm. Note that public key cryptography at the MUA with
huge keys is a way to accomplish this.
I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will
inconvenience spammers much less than legitimate bulk mailers.
Yes I am aware of that, but consider this counter-point which ties specifically
into the requirement to per-user cryptography anti-forgery:
If you increase the calculation cost to say 15 seconds (0.25 min.) on average
client, then it does not inconvenience the average sender much, *and* you tie
the Sender, Recipient, and body to the signature, then the spammer has to
calculate this for every combination. Given 22 billion spams per day for whole
internet now (estimated from BrightMail.com's 16% share), and assume they have
1 million zombies, that is 2200 * 0.25 = 550 minutes = 9.2 hours of computing
time per day per zombie.
Thus "hashcash" can be very effective at eliminating the zombies, because if a
zombie loses 9 hours a day or processing power, I am confident the owner of the
zombie will take action.
If I was Microsoft I would be stupid not to leverage their majority marketshare
in clients, and minimize the leverage of internet-wide (non local network)
servers where they are minority.