Hello, Initially I have to admit that I'm not really proof in the theory backgroundi of sender stamps, client puzzles or whatever you'd like to call it. The idea of increasing costs for senders just came to my mind two nights ago and after little web crawling I found the idea is not that new at all :) Eric S. Johansson <esj@xxxxxxxxxx> wrote: > DeLesley SpamBox wrote: >> I'm not convinced that even a naive sender pays wouldn't be helpful. > make assumptions about the number of zombies, how much leakage you will > permit and you can get the stamp size. It's quite entertaining. I don't think this is a good argument. Even now/today all these zombies could be used to generate spam mails directly. So the question should rather be: how far would the amout of spam messages decrease when all these zombies would additionally need to pay CPU for sender stamps. > you are falling into the classic trap of assuming that the cost of > hardware mean something. This is the fallacy behind the Ben Laurie > paper. It's important to remember that the cost per stamp drops with > every stamp generated with a given piece of hardware. The first step is I didn't read the Ben Laurie paper, if I should do, because it proves my below aguments wrong, please tell me :) Of course, sender stamps can only reduce the total amount of spam by a linear factor. A big linear factor probably, but linear. However, the nice thing about sender stamps is that this linear factor is very easy adjustible to the average current hardware out there. And this is why hardware costs begin to mean something. By just calculating the "average price" (quantiled average over the size of stamps - quantiled to prevent DoS) of all emails you get, your MUA can easily find out how much it *needs* to pay for the stamp to get a good probability for the delivery of your mails. Of course, it can always calculate bigger stamps, if it or his user likes. By using a min() function over the above average and what the MUA is able to calculate within a user-defined time, the above average slides over time and thus adjusts to the average hardware out there and to what users are willing to pay. On the other side, MTAs, i.e. spam filters, can adjust their price- acceptance function for sender stamps that simple as well. Of course the average price is hard for PDAs, slow machines etc. However, at any time MTAs can calculate sender stamps theirselves on behalf of the sender (as sendmail-hashcash shows). So MTAs could easily generate sender stamps for authenticated well-known clients. Of course, the best solution would be some incremental algorithm, where you can subsequently increase the stamp size just by investing a bit more CPU time. > stay in business. The number of zombies will decrease and be more > easily targeted. Well, then users need to be willing to pay more for their own stamps. >> flooded with zombie-stamped spam. Instead, just treat the stamp as >> another piece of data that's input into the learning algorithm. The >> filter will learn how much postage spammers are willing to pay, and >> filter mail accordingly. I totally agree to these both statements. > this is probably a philosophical disagreement. I absolutely of abhor > false positives. I look in the dumpster maybe once every couple of > months if somebody tells me something was lost. I look in my spam trap > about once a week. If somebody is going to send me a message with a > stamp, I have no problem with it coming through directly. If it's a > spammer, I want to be able to mark it as spam and then permanently > blacklisted IP address and tell all of my friends about it automatically. Well, I personally think this is a bit a blue-eyed point-of-view. If you think this is really feasible, just think about why you don't just do the same today without stamps. The more stamps become widely accepted, the more spammers will use them as well. And... wasn't this the idea anyways? Spammers should be forced to use them to increase the cost for spam :) > to use a stamp or even a stamp size as a scoring factor actually works > in the spammers favor. By crafting a message the right way and just > putting a little stamp, maybe 10 seconds worth, they would be able to > almost guaranteed delivery. While at the same time, you would still end Hehe, so there are methods out there to reduce the amount of work that is needed to calculate a stamp? :) If not: the automatic adaption of MUAs and MTAs to the stamp size works against spammers using too small stamps. > this is another reason for direct delivery on stamps. Your stamp is an > introducer. It guarantees delivery to the inbox. This is a win. This > mean customers don't have to worry about their mail getting through. This is also a good reason for adaptive stamp sizes: You yourself can increase the chance for your mail to get delivered by just paying more. So on the one hand companies could accept small stamps in mails to their support-addresses to increase their chance that they miss no customer mail and on the other hand they could just pay enough for their own mailings to make sure they get read. > remember, transition costs are really expensive. We want to do it good Using stamps as just another spam +/- indicator plus it being adaptive is IMHO a really simple transistion strategy. regards Mario -- There are two major products that come from Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson