[extropy-chat] About SPAM again

Alan Eliasen eliasen at mindspring.com
Fri Jan 23 06:42:51 UTC 2004 

Paul Grant wrote:
> What would be the point; spammers would just buy faster processors (in
> case of computationally intensive "tokens");

   The cost of generating the token can be made arbitrarily large; that is,
economically unfeasible for the spammer to generate.  For almost everyone on
the planet, even a full minute of processor time is quite reasonable to expend
the first time you send an e-mail to someone you've never contacted before.
This would limit spammers to, say, sending 1440 e-mails a day per machine,
which would soon put them out of business by making their business model
economically unfeasible, as I mentioned before.

   Your comments indicate you haven't read the proposals.  A spammer can buy a
processor that's twice as fast, in which case you simply increase the
computational capacity required to solve your challenge by a factor of ten.
For the proposed hashcash scheme, the size of the challenge can be extended to
any desired value.

   As I mentioned before, a more restrictive "challenge" could be sent back
for more questionable messages.  If my Bayesian filter found a message to be
very probable spam, I'll send back a challenge that says, "if you really want
me to read this, generate a really big hash."  For real people who really
wanted to contact me out of the blue, this would likely be no problem.  The
hasher could run in the background while they did other stuff.  If people set
the bar too high, real people will just say "what a jerk--I'm not going to
file this bug or buy his product."  And that problem's solved too.

> either that, or forge the headers (in case of honor-bound, I waited ten
> seconds).

   "Forging" the header would mean putting in an invalid hashcode, which would
be automatically rejected.  Implemented correctly, this is a
mathematically-strong hash value, one that will be different for each message
and recipient.  There's no shortcut around it.

   Alternately, and perhaps better, other proposals would require sending some
digital drawing rights with each e-mail message--say ten cents.  The validity
of this could be verified with cryptographic techniques.  For unsolicited
messages, you could decide whether or not to draw the cash, or whether you'd
refund it if it was a message you wanted to see from someone you wanted to be
on good relations with.  Even a penny per message would put most spammers under.

-- 
  Alan Eliasen                 | "You cannot reason a person out of a
  eliasen at mindspring.com       |  position he did not reason himself
  http://futureboy.homeip.net/ |  into in the first place."
                               |     --Jonathan Swift

More information about the extropy-chat mailing list