[hashcash] Re: status of hashcash version 1?
- From: "John Honan" <jhonan@xxxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Mon, 23 Aug 2004 09:44:18 -0500 (CDT)
>> A 24 bit stamp would then cost about 1/1000 of this or about five
>> milli-cents. I don't know how this would compare with the other
>> expenses
>> of a spammer.
>
> http://www.apache-ssl.org/proofwork.pdf
>
> Cheers,
>
> Ben.
1. Reaction to receiving stamped email
--------------------------------------
If I received a stamped email that didn't look spammy, I would be inclined
to open it and at least read the first few lines (before discovering it
was spam) - The fact the spammer has bothered to stamp it means that he
has actually added some value to the mail. It would be like receiving a
letter with a real stamp on it - You would probably open it, since someone
has actually paid to send it to you. Thus increasing the response rate.
2. Spammer direct mailing strategy
----------------------------------
If the spammers know they can only send a certain number of mails per day,
then they will need to increase their response rates to maintain their
profitability. One thing they will do is become more focussed in their
marketing. Just like real-life junk mailers. The junk mailers can't afford
to send letters to everyone in the country, but they do have lists which
help them target more defined market segments.
The combination of these two effects will contribute to the spammer
response rates / profitability model. 'Number of mails per day' is not the
only variable, there are other effects which should be considered.
The SenderID and Hashcash strategies as far as I understand are not
intended to eliminate spam completely. They are more about turning 'bad'
spammers into 'good' spammers. Minimising spam by making the spammers
think twice before sending (because they have to stamp each one), and
making them more accountable (because they can't hide behind open relays
anymore)
A hybrid system (as suggested in Ben Laurie's conclusions) is the only way
forward. Each part of the system addresses a different part of the
problem, and in total will reduce spam to bearable levels. SenderID +
Proof-of-work + 'good spammer' policies.
Microsoft's Coordinated Spam Reduction Initiative document discusses the
hybrid approach in more detail;
http://www.microsoft.com/mscorp/twc/privacy/spam_csri.mspx
They make references to Adam's original Hashcash proposals, although most
of the document concentrates on SenderID. I know Microsoft had a
'PennyBlack' proof-of-work project, but I've been able to find any more
information on this, or if it even progressed past the proposal stage (I
emailed someone on the project team a few months ago but didn't get a
reply)
John.
Other related posts:
