Welcome to WebmasterWorld Guest from 54.205.170.21

Forum Moderators: phranque

Message Too Old, No Replies

Encryption Puzzle to Stop Email Spam

Penny Black Solution

   
5:27 pm on Oct 6, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The most compelling solution I've heard for stopping (or at least severely slowing down) email spam is the encrypted puzzle idea. Basically when you send an email for the first time their server sends back an encryption puzzle, which your server must solve before sending the email. If this extra step takes your server 5 seconds and you're trying to send 1,000,000 spams this would probably slow you down a bit.
This is also called the Penny Black Solution (named after the first 'standardized' stamp in Britain) and is supported by Microsoft:
[research.microsoft.com...]

I think this is a good idea, especially since it takes the burden off of my mail server (running anti-spam software) and puts it on the spammer's server. What do you think of it?

10:50 am on Oct 7, 2006 (gmt 0)

10+ Year Member



Eh.

Sounds fairly pointless. Most spam is probably sent from compromised home computers. That's a distributed computation grid -- just the thing for handling a problem like this.

1:03 pm on Oct 7, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So everybody else would have to invest an effort to help you filter your spam.
Definitively NOT a good idea.
7:11 am on Oct 8, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member




So everybody else would have to invest an effort to help you filter your spam.

What happens now is that everyone else has to invest effort to stop your spam. What would happen in this case is that the burden of proof would fall on the sender.
I realize that there is a distributed grid of compromised computers but requiring those computers to solve the encryption puzzle would still greatly the amount of spam that can be sent.
8:01 am on Oct 8, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



What happens now is that everyone else has to invest effort to stop your spam.

All legitimate mail users together have to invest efforts to stop spam. That is not the same thing as other people helping you decide whether a message you receive is spam or not. After all, those people's definition of spam may well differ from yours.

the burden of proof would fall on the sender

First of all, the automatic solution of some computational task doesn't prove anything. Spammers already hijack and use other people's machines (spambots) to do the work for them. It would be trivial for them to update their software for this. The only current bottleneck of those spambots is network bandwidth, with almost no CPU use. Adding some computation to the mix is very unlikely to slow them down at all.

What makes it an outright bad idea (beyond just not working) is the challenge/response concept. There are already systems out there that force the sender to eg. click a link before his message is delivered to a specific address for the first time. People who use something like this will not receive any mail from me (and from many other people). They expect me to maintain their spam filters for them, which I consider extremely rude.

The only long term solution is in actual sender authentication. The only workable (even if still somewhat imperfect) solution to this is currently SPF. Use that, and the amount of spam you receive will be drastically reduced. As an additional benefit, even other people will receive less spam, because spammers can't use your domain anymore in their fake From: headers.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month