[hashcash] Re: PR Problem?

  • From: Mario 'BitKoenig' Holbe <Mario.Holbe@xxxxxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Mon, 11 Dec 2006 13:11:03 +0100


Initially I have to admit that I'm not really proof in the theory
backgroundi of sender stamps, client puzzles or whatever you'd like to
call it. The idea of increasing costs for senders just came to my
mind two nights ago and after little web crawling I found the idea is
not that new at all :)

Eric S. Johansson <esj@xxxxxxxxxx> wrote:
> DeLesley SpamBox wrote:
>> I'm not convinced that even a naive sender pays wouldn't be helpful.
> make assumptions about the number of zombies, how much leakage you will 
> permit and you can get the stamp size.  It's quite entertaining.

I don't think this is a good argument. Even now/today all these zombies
could be used to generate spam mails directly. So the question should
rather be: how far would the amout of spam messages decrease when all
these zombies would additionally need to pay CPU for sender stamps.

> you are falling into the classic trap of assuming that the cost of 
> hardware mean something.  This is the fallacy behind the Ben Laurie 
> paper.  It's important to remember that the cost per stamp drops with 
> every stamp generated with a given piece of hardware.  The first step is 

I didn't read the Ben Laurie paper, if I should do, because it proves my
below aguments wrong, please tell me :)
Of course, sender stamps can only reduce the total amount of spam by a
linear factor. A big linear factor probably, but linear.
However, the nice thing about sender stamps is that this linear factor
is very easy adjustible to the average current hardware out there. And
this is why hardware costs begin to mean something.

By just calculating the "average price" (quantiled average over the size
of stamps - quantiled to prevent DoS) of all emails you get, your MUA
can easily find out how much it *needs* to pay for the stamp to get a
good probability for the delivery of your mails. Of course, it can
always calculate bigger stamps, if it or his user likes. By using a
min() function over the above average and what the MUA is able to
calculate within a user-defined time, the above average slides over
time and thus adjusts to the average hardware out there and to what
users are willing to pay.
On the other side, MTAs, i.e. spam filters, can adjust their price-
acceptance function for sender stamps that simple as well.

Of course the average price is hard for PDAs, slow machines etc.
However, at any time MTAs can calculate sender stamps theirselves on
behalf of the sender (as sendmail-hashcash shows). So MTAs could
easily generate sender stamps for authenticated well-known clients.
Of course, the best solution would be some incremental algorithm, where
you can subsequently increase the stamp size just by investing a bit
more CPU time.

> stay in business.  The number of zombies will decrease and be more 
> easily targeted.

Well, then users need to be willing to pay more for their own stamps.

>> flooded with zombie-stamped spam.  Instead, just treat the stamp as
>> another piece of data that's input into the learning algorithm.  The
>> filter will learn how much postage spammers are willing to pay, and
>> filter mail accordingly.

I totally agree to these both statements.

> this is probably a philosophical disagreement.  I absolutely of abhor 
> false positives.  I look in the dumpster maybe once every couple of 
> months if somebody tells me something was lost.  I look in my spam trap 
> about once a week.  If somebody is going to send me a message with a 
> stamp, I have no problem with it coming through directly.  If it's a 
> spammer, I want to be able to mark it as spam and then permanently 
> blacklisted IP address and tell all of my friends about it automatically.

Well, I personally think this is a bit a blue-eyed point-of-view. If you
think this is really feasible, just think about why you don't just do
the same today without stamps.
The more stamps become widely accepted, the more spammers will use them
as well. And... wasn't this the idea anyways? Spammers should be forced
to use them to increase the cost for spam :)

> to use a stamp or even a stamp size as a scoring factor actually works 
> in the spammers favor.  By crafting a message the right way and just 
> putting a little stamp, maybe 10 seconds worth, they would be able to 
> almost guaranteed delivery.  While at the same time, you would still end 

Hehe, so there are methods out there to reduce the amount of work that
is needed to calculate a stamp? :)
If not: the automatic adaption of MUAs and MTAs to the stamp size works
against spammers using too small stamps.

> this is another reason for direct delivery on stamps.  Your stamp is an 
> introducer.  It guarantees delivery to the inbox.  This is a win.  This 
> mean customers don't have to worry about their mail getting through.

This is also a good reason for adaptive stamp sizes: You yourself can
increase the chance for your mail to get delivered by just paying more.
So on the one hand companies could accept small stamps in mails to their
support-addresses to increase their chance that they miss no customer
mail and on the other hand they could just pay enough for their own
mailings to make sure they get read.

> remember, transition costs are really expensive.  We want to do it good 

Using stamps as just another spam +/- indicator plus it being adaptive
is IMHO a really simple transistion strategy.

There are two major products that come from Berkeley: LSD and UNIX.
We don't believe this to be a coincidence.    -- Jeremy S. Anderson

Other related posts: