homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

Encryption Puzzle to Stop Email Spam
Penny Black Solution

 5:27 pm on Oct 6, 2006 (gmt 0)

The most compelling solution I've heard for stopping (or at least severely slowing down) email spam is the encrypted puzzle idea. Basically when you send an email for the first time their server sends back an encryption puzzle, which your server must solve before sending the email. If this extra step takes your server 5 seconds and you're trying to send 1,000,000 spams this would probably slow you down a bit.
This is also called the Penny Black Solution (named after the first 'standardized' stamp in Britain) and is supported by Microsoft:

I think this is a good idea, especially since it takes the burden off of my mail server (running anti-spam software) and puts it on the spammer's server. What do you think of it?



 10:50 am on Oct 7, 2006 (gmt 0)


Sounds fairly pointless. Most spam is probably sent from compromised home computers. That's a distributed computation grid -- just the thing for handling a problem like this.


 1:03 pm on Oct 7, 2006 (gmt 0)

So everybody else would have to invest an effort to help you filter your spam.
Definitively NOT a good idea.


 7:11 am on Oct 8, 2006 (gmt 0)

So everybody else would have to invest an effort to help you filter your spam.

What happens now is that everyone else has to invest effort to stop your spam. What would happen in this case is that the burden of proof would fall on the sender.
I realize that there is a distributed grid of compromised computers but requiring those computers to solve the encryption puzzle would still greatly the amount of spam that can be sent.


 8:01 am on Oct 8, 2006 (gmt 0)

What happens now is that everyone else has to invest effort to stop your spam.

All legitimate mail users together have to invest efforts to stop spam. That is not the same thing as other people helping you decide whether a message you receive is spam or not. After all, those people's definition of spam may well differ from yours.

the burden of proof would fall on the sender

First of all, the automatic solution of some computational task doesn't prove anything. Spammers already hijack and use other people's machines (spambots) to do the work for them. It would be trivial for them to update their software for this. The only current bottleneck of those spambots is network bandwidth, with almost no CPU use. Adding some computation to the mix is very unlikely to slow them down at all.

What makes it an outright bad idea (beyond just not working) is the challenge/response concept. There are already systems out there that force the sender to eg. click a link before his message is delivered to a specific address for the first time. People who use something like this will not receive any mail from me (and from many other people). They expect me to maintain their spam filters for them, which I consider extremely rude.

The only long term solution is in actual sender authentication. The only workable (even if still somewhat imperfect) solution to this is currently SPF. Use that, and the amount of spam you receive will be drastically reduced. As an additional benefit, even other people will receive less spam, because spammers can't use your domain anymore in their fake From: headers.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved