At 01:16 PM 8/28/2004 +0100, you wrote:
On Sat, 2004-08-28 at 10:51, AccuSpam wrote:
I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will
inconvenience spammers much less than legitimate bulk mailers.
Yes I am aware of that, but consider this counter-point which ties
specifically into the requirement to per-user cryptography anti-forgery:
If you increase the calculation cost to say 15 seconds (0.25 min.) on
average client, then it does not inconvenience the average sender much,
*and* you tie the Sender, Recipient, and body to the signature, then the
spammer has to calculate this for every combination. Given 22 billion spams
per day for whole internet now (estimated from BrightMail.com's 16% share),
and assume they have 1 million zombies, that is 2200 * 0.25 = 550 minutes =
9.2 hours of computing time per day per zombie.
Thus "hashcash" can be very effective at eliminating the zombies, because
if a zombie loses 9 hours a day or processing power, I am confident the
owner of the zombie will take action.
I wouldn't be too sure about that (remember lots of the zombies will be
in time zones where it is during the night when the spammer is using
them), but as I said before it'll be a big problem for legitimate bulk
mailers that don't have an army of zombies at their disposal, such as
the mailing list manager that runs this list for example.
Please note that I have a typo above and it should have been:
22,000 * 0.25 = 5500 minutes = 92 hours of computing time per day per zombie.
Thus my respectful reply to you is it is impossible for spammer to get 92 hours
of computing time out of a 24 hour night.