Friday, 26 December, 2003, 03:29 GMT
Microsoft aims to make spammers pay
By Jo Twist
BBC News Online technology reporter
Despite efforts to stem the billions of spam e-mails flooding inboxes,
unwanted messages are still turning e-mail into a quagmire of misery.
Spammers send out tens of millions of e-mails to unsuspecting computer
users every day, employing a myriad of methods to ensure their pills, loans
and "requests for our lord" pleas fox e-mail filters.
Some are even turning to prose and poetry to fool the technological
safeguards people put in place.
But a group of researchers at Microsoft think they may have come up with a
solution that could, at least, slow down and deter the spammers.
The development has been called the Penny Black project, because it works
on the idea that revolutionised the British postage system in the 1830s -
that senders of mail should have to pay for it, not whoever is on the
Stamp of approval
"The basic idea is that we are trying to shift the equation to make it
possible and necessary for a sender to 'pay' for e-mail," explained Ted
Wobber of the Microsoft Research group (MSR).
The payment is not made in the currency of money, but in the memory and the
computer power required to work out cryptographic puzzles.
"For any piece of e-mail I send, it will take a small amount computing
power of about 10 to 20 seconds."
" For this scheme to work, it would want to be something all mail agents
would want to do "
Ted Wobber, MSR
"If I don't know you, I have to prove to you that I have spent a little bit
of time in resources to send you that e-mail.
"When you see that proof, you treat that message with more priority."
Once senders have proved they have solved the required "puzzle", they can
be added to a "safe list" of senders.
It means the spammer's machine is slowed down, but legitimate e-mailers do
not notice any delays.
Mr Wobber and his group calculated that if there are 80,000 seconds in a
day, a computational "price" of a 10-second levy would mean spammers would
only be able to send about 8,000 messages a day, at most.
"Spammers are sending tens of millions of e-mails, so if they had to do
that with all the messages, they would have to invest heavily in machines."
As a result of this extra investment, spamming would become less profitable
because costs would skyrocket in order to send as many e-mails.
All this clever puzzle-solving is done without the recipient of the e-mail
Bogging them down
The idea was originally formulated to use CPU memory cycles by team member
Cynthia Dwork in 1992.
But they soon realised it was better to use memory latency - the time it
takes for the computer's processor to get information from its memory chip
- than CPU power.
That way, it does not matter how old or new a computer is because the
system does not rely on processor chip speeds, which can improve at rapid
A cryptographic puzzle that is simple enough not to bog down the processor
too much, but that requires information to be accessed from memory, levels
the difference between older and newer computers.
It all sounds like a good idea, said Paul Wood, chief analyst at e-mail
security firm MessageLabs.
"One of the fundamental problems with spam is that it costs nothing to
send, but has associated costs for the recipient which include loss of
bandwidth, problems with usage, and lost productivity," he said.
"Microsoft's idea is to shift this cost burden from the recipient to the
sender, which in itself seems like a reasonable sentiment."
But, he said, for such a scheme to be all-encompassing, there would have to
be some provision for open standards, so that it is not proprietary to
Work for all
MSR is in talks with various people to put the system into a useful
It could easily be built into e-mail software like Outlook, e-mail servers
or web browsers, said Mr Wobber.
"For this scheme to work, it would want to be something all mail agents
would want to do," explained Mr Wobber.
And because it is the receiver who sets the puzzle requirement, spammers
will not have any advantage by using non-Microsoft products.
It is certainly not going to stop all spam for good, admitted Mr Wobber.
"I don't think any one spam scheme is a panacea, we have to use a wide
variety of schemes to be successful in stopping spam."
"Spam is probably going to get worse before it gets better, and I really
hope it does not get to a point that it deters people using e-mail."
E-mail this to a friend
Related to this story:
Top UK sites 'fail privacy test' (11 Dec 03 | Technology )
New laws on spam come into force (11 Dec 03 | Technology )
US anti-spam law edges closer (09 Dec 03 | Technology )
Spammers turn to classic prose (01 Dec 03 | Technology )
Spam watchdog 'needs more bite' (06 Oct 03 | Technology )
Spam 'turning people off e-mail' (24 Oct 03 | Technology )
Virus writers turn to spam (30 Jul 03 | Technology )
How to spot and stop spam (26 May 03 | Technology )
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]