On Sat, 2004-08-28 at 10:51, AccuSpam wrote:
I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will
inconvenience spammers much less than legitimate bulk mailers.
Yes I am aware of that, but consider this counter-point which ties
specifically into the requirement to per-user cryptography anti-forgery:
If you increase the calculation cost to say 15 seconds (0.25 min.) on average
client, then it does not inconvenience the average sender much, *and* you tie
the Sender, Recipient, and body to the signature, then the spammer has to
calculate this for every combination. Given 22 billion spams per day for
whole internet now (estimated from BrightMail.com's 16% share), and assume
they have 1 million zombies, that is 2200 * 0.25 = 550 minutes = 9.2 hours of
computing time per day per zombie.
Thus "hashcash" can be very effective at eliminating the zombies, because if
a zombie loses 9 hours a day or processing power, I am confident the owner of
the zombie will take action.
I wouldn't be too sure about that (remember lots of the zombies will be
in time zones where it is during the night when the spammer is using
them), but as I said before it'll be a big problem for legitimate bulk
mailers that don't have an army of zombies at their disposal, such as
the mailing list manager that runs this list for example.
Paul.
--
Paul Howarth <paul(_at_)city-fan(_dot_)org>