[hashcash] Re: PR Problem?

  • From: "Eric S. Johansson" <esj@xxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Tue, 12 Dec 2006 01:44:34 -0500

Mario 'BitKoenig' Holbe wrote:
Eric S. Johansson <esj@xxxxxxxxxx> wrote:
DeLesley SpamBox wrote:
I'm not convinced that even a naive sender pays wouldn't be helpful.
make assumptions about the number of zombies, how much leakage you will permit and you can get the stamp size. It's quite entertaining.

I don't think this is a good argument. Even now/today all these zombies
could be used to generate spam mails directly. So the question should
rather be: how far would the amout of spam messages decrease when all
these zombies would additionally need to pay CPU for sender stamps.

stamps work in three ways in this context. As the load on the spammer, as an indicator of the quality of the e-mail source, and as an introducer.

The load on the spammer is self-evident. The more work they have to do to generate each piece of spam, the lower the profit margin by virtue of the lowered visibility of their traffic. The quality of the e-mail source is only apparent if you have a feedback mechanism between sender and receiver of e-mail. If I get spam from a variety of addresses, the cost of getting e-mail from that address goes up. I can also increase costs by specifying always stamp versus first time stamp. But like I said, this only works if the stamper queries the recipient domains/domains to find out how much postage should be. See previous conversation about DNS/HTTP-based mechanisms for communicating postage costs. The introducer model says that a stamp introduces you to somebody else as a way of bypassing filters. This allows you to bias your spam filter scores so that those with stamps get through in preference to those without. This may or may not be a good thing but I have been known to be a little biased at times.

you are falling into the classic trap of assuming that the cost of hardware mean something. This is the fallacy behind the Ben Laurie paper. It's important to remember that the cost per stamp drops with every stamp generated with a given piece of hardware. The first step is

I didn't read the Ben Laurie paper, if I should do, because it proves my
below aguments wrong, please tell me :)
Of course, sender stamps can only reduce the total amount of spam by a
linear factor. A big linear factor probably, but linear.
However, the nice thing about sender stamps is that this linear factor
is very easy adjustible to the average current hardware out there. And
this is why hardware costs begin to mean something.

stamp "size" shifts with time as hardware performance improves. But if you lay out $1000 for a fast machine, every stamp you calculate drops the cost per stamp. Ranging from a very expensive first stamp to the number stamps per day * 365 Which means stamps are frighteningly cheap if you use that metric. Even with power and cooling averaged in, it's still amazingly cheap. As a friend said, how expensive can it be to run a dozen PCs in a back room in Jakarta with the fan blowing in "cooler" air.

By just calculating the "average price" (quantiled average over the size
of stamps - quantiled to prevent DoS) of all emails you get, your MUA
can easily find out how much it *needs* to pay for the stamp to get a
good probability for the delivery of your mails. Of course, it can
always calculate bigger stamps, if it or his user likes. By using a
min() function over the above average and what the MUA is able to
calculate within a user-defined time, the above average slides over
time and thus adjusts to the average hardware out there and to what
users are willing to pay.

On the other side, MTAs, i.e. spam filters, can adjust their price-
acceptance function for sender stamps that simple as well.

this is why the feedback mechanism proposed is a good idea. You don't need to guess the cost of a stamp you just do it. In fact, the technique described as the vantage that it gradually renders all of the spam generating zombie addresses effectively useless. This is not to say they can't deliver spam, it's just that it costs a whole lot to do so.

Of course the average price is hard for PDAs, slow machines etc.
However, at any time MTAs can calculate sender stamps theirselves on
behalf of the sender (as sendmail-hashcash shows). So MTAs could
easily generate sender stamps for authenticated well-known clients.
Of course, the best solution would be some incremental algorithm, where
you can subsequently increase the stamp size just by investing a bit
more CPU time.

if you use the appropriate variable postage mechanism, once you establish communications with someone, postage ceases to be an issue. This becomes a freebie given to you by the service provider because you're paying them $30, $40, $75, or more a month. they can afford to spend some of the money you leave on the table for the five or 10 stamps a month you'll need. get you also have the option of saying "I'll take my chances" and not send a stamp.

stay in business. The number of zombies will decrease and be more easily targeted.

Well, then users need to be willing to pay more for their own stamps.

if you pay attention to basic human factors, sure, they will. Generate and background, the user doesn't see anything and if you use variable postage mechanisms, the number stamps per user per day will be trivially small.

this is probably a philosophical disagreement. I absolutely of abhor false positives. I look in the dumpster maybe once every couple of months if somebody tells me something was lost. I look in my spam trap about once a week. If somebody is going to send me a message with a stamp, I have no problem with it coming through directly. If it's a spammer, I want to be able to mark it as spam and then permanently blacklisted IP address and tell all of my friends about it automatically.

Well, I personally think this is a bit a blue-eyed point-of-view. If you
think this is really feasible, just think about why you don't just do
the same today without stamps.
The more stamps become widely accepted, the more spammers will use them
as well. And... wasn't this the idea anyways? Spammers should be forced
to use them to increase the cost for spam :)

well, it's how I live and without stamps. It's been rather successful I might add. Anyone who uses twopenny blue also basically lives the same way. if I didn't have this ability to not look at my spam trap, I probably would have ditched e-mail long time ago for something more useful like the telephone.

but the addition of stamps as filter bypass improves the quality of system behavior because it now becomes predictable. It used to be the e-mail was predictable, for the most part, in that it either was delivered or it wasn't. It was so reliable that people didn't care about the unreliability warnings, it just worked. But now with spam and the probabilistic content filters, e-mail has become unreliable because it's unpredictable. You have no idea if a customer's spreadsheet with HTML framework talking about the shipment of strawberries out of California is going to pass your content filter or not. This is unacceptable for businesses.

Lest you think I'm making this scenario up, this is one of many I've lived with one of my customers, a fruit and vegetable wholesaler. Their salespeople send invoices, quotes etc. and receive the same by e-mail. If e-mail is down, you can hear the thousand dollar counter clicking rather rapidly in the background. An e-mail lost in a spam trap for a day can literally cost them tens of thousands of dollars. And this is a small operation. If you want e-mail to become reliable again, you need a predictable and determine a deterministic event which says "this stamp will get through". If there is some way to combine the two models, I'm open. Let's see what can fly for those who don't really care if a message arrives versus those that do.

to use a stamp or even a stamp size as a scoring factor actually works in the spammers favor. By crafting a message the right way and just putting a little stamp, maybe 10 seconds worth, they would be able to almost guaranteed delivery. While at the same time, you would still end

Hehe, so there are methods out there to reduce the amount of work that
is needed to calculate a stamp? :)
If not: the automatic adaption of MUAs and MTAs to the stamp size works
against spammers using too small stamps.

I was concerned that stamps as a modifier for content filter scores could give spammers a leg up at making their messages more visible for very little work. It's very simple to analyze the reduction of spam on the net using a stamp as filter bypass. You can only know what effect a small stamp would have in conjunction with a filter if you looked at the scores of a test case and then offset some number of them with stamps. If I had the time to start analyzing, I would probably start with an even distribution of scores.

this is another reason for direct delivery on stamps. Your stamp is an introducer. It guarantees delivery to the inbox. This is a win. This mean customers don't have to worry about their mail getting through.

This is also a good reason for adaptive stamp sizes: You yourself can
increase the chance for your mail to get delivered by just paying more.
So on the one hand companies could accept small stamps in mails to their
support-addresses to increase their chance that they miss no customer
mail and on the other hand they could just pay enough for their own
mailings to make sure they get read.

come up with a model, I would like to see it. Personally I think a real-time dynamic pricing structure is far more appropriate because it can:

  o reduce stamp load on legitimate senders
  o increase costs on commercial and spam mail
  o make systems more resilient with regard to Moore's Law inflation
o makes systems more resilient in the face of concentrated computation attacks (i.e. lots of zombies generating stamps aimed at a very small number of machines)

remember, transition costs are really expensive. We want to do it good

Using stamps as just another spam +/- indicator plus it being adaptive
is IMHO a really simple transistion strategy.

read the archive. There's lots of geek psychological resistance to using stamps. I'm not going to go into it again.


PS, here are a few thoughts about the psychology of spam filters and their owners. I need to repost it somewhere and I'm not sure where quite yet.

--- Spam filters are like dogs. ---

Spam filters are very much like dogs. The similarity is apparent to anyone with experience with both. They both need training, they both need daily care, and they both require dedicated owners.

But the similarity goes beyond this. They are both used in competitive events where they are judged on how high a score they can get. Spam filters are rated on the percentage accuracy. One filter that I know quite well, CRM114 boasts a highly impressive 99.99% classification accuracy rate. For dogs there are competitive obedience trials where they are stored on how accurately the performed exercise. There are dogs I know scoring 198 out of 200 points at top-level difficulty dog obedience trials.

My dog on the other hand knows basic obedience, is reasonably well mannered yet barks her fool head off any time anyone makes a noise outside the house. My spam filter accuracy runs around 90%. Fortunately I have the rest of the [link [url http://www.camram.org] camram system] to make up the difference and make spam a non-issue.

But back to the comparison. What's the difference between my dog and the high-scoring obedience dogs? Breed, temperament, and most importantly, owner dedication. I'm willing to spend, in the beginning, the dedicated 15 week 5hrs/week effort it takes to train my dog to obey me. In that same 15 weeks, the dog teaches me to hear a little bit about how it works. Then, I spend the rest of its life communicating in the way that it wants to hear and reinforcing good behavior whenever possible. As a result, I have a reasonably well-behaved dog that is not the win any prizes at an obedience trial.

In contrast, the high-scoring obedience folks work with their dogs four or five hours every single day, really intense training of both themselves and the dog so that they can get those high scores. They get inside the dog's head and understand how it learns, how it will best hear the trainer. This training process is the owner's life. they live with and for the dog.

How does this relate to spam filters? High scoring spam filtration only happens if you dedicate your life to the spam filter, work with it every single day, and learn how to train it in the way it wants you to. A spam filter is not something you can train intensively in the beginning and then just kind of leave alone. It needs constant attention in order to keep it working right.

There's one more set of comparisons about spam filters and dogs. Dogs and spam filters both have accidents and leave something unpleasant where you need to deal with it. A major difference is that dogs can train you to recognize their signals and need to go outside so that they won't have accidents. Spam filters keep giving you little presents in your mailbox every so often. Dogs and spam filters also chew on things you don't want them to chew on. With dogs, you usually know when they've chewed on something. Not so with spam filters.

When it comes right down to it, most people find this concept of living for a piece of software repugnant. They want to come into work, get the job done and that does not involve satisfying the attentional demands of spam filters. Most people would also agree that any system which loses information silently or forces you to go through all the spam anyway to find what was lost is flawed.

given the choice, I, like most people, prefer to live with a dog because you get something worthwhile back from that relationship.

Other related posts: