[hashcash] Re: PR Problem?
- From: "Eric S. Johansson" <esj@xxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Tue, 12 Dec 2006 01:44:34 -0500
Mario 'BitKoenig' Holbe wrote:
Eric S. Johansson <esj@xxxxxxxxxx> wrote:
DeLesley SpamBox wrote:
I'm not convinced that even a naive sender pays wouldn't be helpful.
make assumptions about the number of zombies, how much leakage you will
permit and you can get the stamp size. It's quite entertaining.
I don't think this is a good argument. Even now/today all these zombies
could be used to generate spam mails directly. So the question should
rather be: how far would the amout of spam messages decrease when all
these zombies would additionally need to pay CPU for sender stamps.
stamps work in three ways in this context. As the load on the spammer,
as an indicator of the quality of the e-mail source, and as an introducer.
The load on the spammer is self-evident. The more work they have to do
to generate each piece of spam, the lower the profit margin by virtue of
the lowered visibility of their traffic. The quality of the e-mail
source is only apparent if you have a feedback mechanism between sender
and receiver of e-mail. If I get spam from a variety of addresses, the
cost of getting e-mail from that address goes up. I can also increase
costs by specifying always stamp versus first time stamp. But like I
said, this only works if the stamper queries the recipient
domains/domains to find out how much postage should be. See previous
conversation about DNS/HTTP-based mechanisms for communicating postage
costs. The introducer model says that a stamp introduces you to
somebody else as a way of bypassing filters. This allows you to bias
your spam filter scores so that those with stamps get through in
preference to those without. This may or may not be a good thing but I
have been known to be a little biased at times.
you are falling into the classic trap of assuming that the cost of
hardware mean something. This is the fallacy behind the Ben Laurie
paper. It's important to remember that the cost per stamp drops with
every stamp generated with a given piece of hardware. The first step is
I didn't read the Ben Laurie paper, if I should do, because it proves my
below aguments wrong, please tell me :)
Of course, sender stamps can only reduce the total amount of spam by a
linear factor. A big linear factor probably, but linear.
However, the nice thing about sender stamps is that this linear factor
is very easy adjustible to the average current hardware out there. And
this is why hardware costs begin to mean something.
stamp "size" shifts with time as hardware performance improves. But if
you lay out $1000 for a fast machine, every stamp you calculate drops
the cost per stamp. Ranging from a very expensive first stamp to the
number stamps per day * 365 Which means stamps are frighteningly cheap
if you use that metric. Even with power and cooling averaged in, it's
still amazingly cheap. As a friend said, how expensive can it be to run
a dozen PCs in a back room in Jakarta with the fan blowing in "cooler" air.
By just calculating the "average price" (quantiled average over the size
of stamps - quantiled to prevent DoS) of all emails you get, your MUA
can easily find out how much it *needs* to pay for the stamp to get a
good probability for the delivery of your mails. Of course, it can
always calculate bigger stamps, if it or his user likes. By using a
min() function over the above average and what the MUA is able to
calculate within a user-defined time, the above average slides over
time and thus adjusts to the average hardware out there and to what
users are willing to pay.
On the other side, MTAs, i.e. spam filters, can adjust their price-
acceptance function for sender stamps that simple as well.
this is why the feedback mechanism proposed is a good idea. You don't
need to guess the cost of a stamp you just do it. In fact, the
technique described as the vantage that it gradually renders all of the
spam generating zombie addresses effectively useless. This is not to
say they can't deliver spam, it's just that it costs a whole lot to do so.
Of course the average price is hard for PDAs, slow machines etc.
However, at any time MTAs can calculate sender stamps theirselves on
behalf of the sender (as sendmail-hashcash shows). So MTAs could
easily generate sender stamps for authenticated well-known clients.
Of course, the best solution would be some incremental algorithm, where
you can subsequently increase the stamp size just by investing a bit
more CPU time.
if you use the appropriate variable postage mechanism, once you
establish communications with someone, postage ceases to be an issue.
This becomes a freebie given to you by the service provider because
you're paying them $30, $40, $75, or more a month. they can afford to
spend some of the money you leave on the table for the five or 10 stamps
a month you'll need. get you also have the option of saying "I'll take
my chances" and not send a stamp.
stay in business. The number of zombies will decrease and be more
easily targeted.
Well, then users need to be willing to pay more for their own stamps.
if you pay attention to basic human factors, sure, they will. Generate
and background, the user doesn't see anything and if you use variable
postage mechanisms, the number stamps per user per day will be trivially
small.
this is probably a philosophical disagreement. I absolutely of abhor
false positives. I look in the dumpster maybe once every couple of
months if somebody tells me something was lost. I look in my spam trap
about once a week. If somebody is going to send me a message with a
stamp, I have no problem with it coming through directly. If it's a
spammer, I want to be able to mark it as spam and then permanently
blacklisted IP address and tell all of my friends about it automatically.
Well, I personally think this is a bit a blue-eyed point-of-view. If you
think this is really feasible, just think about why you don't just do
the same today without stamps.
The more stamps become widely accepted, the more spammers will use them
as well. And... wasn't this the idea anyways? Spammers should be forced
to use them to increase the cost for spam :)
well, it's how I live and without stamps. It's been rather successful I
might add. Anyone who uses twopenny blue also basically lives the same
way. if I didn't have this ability to not look at my spam trap, I
probably would have ditched e-mail long time ago for something more
useful like the telephone.
but the addition of stamps as filter bypass improves the quality of
system behavior because it now becomes predictable. It used to be the
e-mail was predictable, for the most part, in that it either was
delivered or it wasn't. It was so reliable that people didn't care
about the unreliability warnings, it just worked. But now with spam and
the probabilistic content filters, e-mail has become unreliable because
it's unpredictable. You have no idea if a customer's spreadsheet with
HTML framework talking about the shipment of strawberries out of
California is going to pass your content filter or not. This is
unacceptable for businesses.
Lest you think I'm making this scenario up, this is one of many I've
lived with one of my customers, a fruit and vegetable wholesaler. Their
salespeople send invoices, quotes etc. and receive the same by e-mail.
If e-mail is down, you can hear the thousand dollar counter clicking
rather rapidly in the background. An e-mail lost in a spam trap for a
day can literally cost them tens of thousands of dollars. And this is a
small operation. If you want e-mail to become reliable again, you need
a predictable and determine a deterministic event which says "this stamp
will get through". If there is some way to combine the two models, I'm
open. Let's see what can fly for those who don't really care if a
message arrives versus those that do.
to use a stamp or even a stamp size as a scoring factor actually works
in the spammers favor. By crafting a message the right way and just
putting a little stamp, maybe 10 seconds worth, they would be able to
almost guaranteed delivery. While at the same time, you would still end
Hehe, so there are methods out there to reduce the amount of work that
is needed to calculate a stamp? :)
If not: the automatic adaption of MUAs and MTAs to the stamp size works
against spammers using too small stamps.
I was concerned that stamps as a modifier for content filter scores
could give spammers a leg up at making their messages more visible for
very little work. It's very simple to analyze the reduction of spam on
the net using a stamp as filter bypass. You can only know what effect a
small stamp would have in conjunction with a filter if you looked at the
scores of a test case and then offset some number of them with stamps.
If I had the time to start analyzing, I would probably start with an
even distribution of scores.
this is another reason for direct delivery on stamps. Your stamp is an
introducer. It guarantees delivery to the inbox. This is a win. This
mean customers don't have to worry about their mail getting through.
This is also a good reason for adaptive stamp sizes: You yourself can
increase the chance for your mail to get delivered by just paying more.
So on the one hand companies could accept small stamps in mails to their
support-addresses to increase their chance that they miss no customer
mail and on the other hand they could just pay enough for their own
mailings to make sure they get read.
come up with a model, I would like to see it. Personally I think a
real-time dynamic pricing structure is far more appropriate because it can:
o reduce stamp load on legitimate senders
o increase costs on commercial and spam mail
o make systems more resilient with regard to Moore's Law inflation
o makes systems more resilient in the face of concentrated
computation attacks (i.e. lots of zombies generating stamps aimed at a
very small number of machines)
remember, transition costs are really expensive. We want to do it good
Using stamps as just another spam +/- indicator plus it being adaptive
is IMHO a really simple transistion strategy.
read the archive. There's lots of geek psychological resistance to
using stamps. I'm not going to go into it again.
---eric
PS, here are a few thoughts about the psychology of spam filters and
their owners. I need to repost it somewhere and I'm not sure where
quite yet.
--- Spam filters are like dogs. ---
Spam filters are very much like dogs. The similarity is apparent to
anyone with experience with both. They both need training, they both
need daily care, and they both require dedicated owners.
But the similarity goes beyond this. They are both used in competitive
events where they are judged on how high a score they can get. Spam
filters are rated on the percentage accuracy. One filter that I know
quite well, CRM114 boasts a highly impressive 99.99% classification
accuracy rate. For dogs there are competitive obedience trials where
they are stored on how accurately the performed exercise. There are
dogs I know scoring 198 out of 200 points at top-level difficulty dog
obedience trials.
My dog on the other hand knows basic obedience, is reasonably well
mannered yet barks her fool head off any time anyone makes a noise
outside the house. My spam filter accuracy runs around 90%. Fortunately
I have the rest of the [link [url http://www.camram.org] camram system]
to make up the difference and make spam a non-issue.
But back to the comparison. What's the difference between my dog and
the high-scoring obedience dogs? Breed, temperament, and most
importantly, owner dedication. I'm willing to spend, in the beginning,
the dedicated 15 week 5hrs/week effort it takes to train my dog to obey
me. In that same 15 weeks, the dog teaches me to hear a little bit
about how it works. Then, I spend the rest of its life communicating in
the way that it wants to hear and reinforcing good behavior whenever
possible. As a result, I have a reasonably well-behaved dog that is not
the win any prizes at an obedience trial.
In contrast, the high-scoring obedience folks work with their dogs four
or five hours every single day, really intense training of both
themselves and the dog so that they can get those high scores. They get
inside the dog's head and understand how it learns, how it will best
hear the trainer. This training process is the owner's life. they live
with and for the dog.
How does this relate to spam filters? High scoring spam filtration only
happens if you dedicate your life to the spam filter, work with it every
single day, and learn how to train it in the way it wants you to. A
spam filter is not something you can train intensively in the beginning
and then just kind of leave alone. It needs constant attention in order
to keep it working right.
There's one more set of comparisons about spam filters and dogs. Dogs
and spam filters both have accidents and leave something unpleasant
where you need to deal with it. A major difference is that dogs can
train you to recognize their signals and need to go outside so that they
won't have accidents. Spam filters keep giving you little presents in
your mailbox every so often. Dogs and spam filters also chew on things
you don't want them to chew on. With dogs, you usually know when
they've chewed on something. Not so with spam filters.
When it comes right down to it, most people find this concept of living
for a piece of software repugnant. They want to come into work, get the
job done and that does not involve satisfying the attentional demands of
spam filters. Most people would also agree that any system which loses
information silently or forces you to go through all the spam anyway to
find what was lost is flawed.
given the choice, I, like most people, prefer to live with a dog because
you get something worthwhile back from that relationship.
Other related posts:
