spf-discuss
[Top] [All Lists]

RE: Re: DEPLOY: SPF/Sender ID support in Courier.

2004-08-28 13:42:44
I guess the zombies will just need to upgrade! :)

What is an average client?  Maybe I need an upgrade too!

Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of AccuSpam
Sent: Saturday, August 28, 2004 1:53 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Re: DEPLOY: SPF/Sender ID support in Courier.

At 01:16 PM 8/28/2004 +0100, you wrote:
On Sat, 2004-08-28 at 10:51, AccuSpam wrote:
I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will
inconvenience spammers much less than legitimate bulk mailers.

Yes I am aware of that, but consider this counter-point which ties 
specifically into the requirement to per-user cryptography anti-forgery:

If you increase the calculation cost to say 15 seconds (0.25 min.) on 
average client, then it does not inconvenience the average sender much, 
*and* you tie the Sender, Recipient, and body to the signature, then the 
spammer has to calculate this for every combination.  Given 22 billion
spams 
per day for whole internet now (estimated from BrightMail.com's 16% share),

and assume they have 1 million zombies, that is 2200 * 0.25 = 550 minutes =

9.2 hours of computing time per day per zombie.

Thus "hashcash" can be very effective at eliminating the zombies, because

if a zombie loses 9 hours a day or processing power, I am confident the 
owner of the zombie will take action.

I wouldn't be too sure about that (remember lots of the zombies will be
in time zones where it is during the night when the spammer is using
them), but as I said before it'll be a big problem for legitimate bulk
mailers that don't have an army of zombies at their disposal, such as
the mailing list manager that runs this list for example.


Please note that I have a typo above and it should have been:

22,000 * 0.25 = 5500 minutes = 92 hours of computing time per day per
zombie.

Thus my respectful reply to you is it is impossible for spammer to get 92
hours of computing time out of a 24 hour night.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com