No they won't. All the ones I've seen are some variant on the "build a big wall around the Internet and only let the good guys in", which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to activate. For example MessageLabs recently reported that *two thirds* of all the spam it blocks is from infected PCs, with much of it coming from ADSL/cable modem IP pools. Given that these "spammers" are legitimate users, no amount of crypto will solve the problem. I did a talk on this recently where I claimed that various protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and the only dissent was from an anti-virus researcher who said it'd buy weeks and not months.
SPF will buy me one thing forever: I won't get email telling me I sent people spam and viruses.
The alternative proof-of-resource-consumption is little better, since it's not the spammers' resources that are being consumed.
Nevertheless these resources are limited, and better security would make them more limited.
There is one technological solution which would help things a bit, which is Microsoft implementing virus throttling in the Windows TCP stack. Like a firebreak, you can never prevent fires, but you can at least limit the damage when they do occur. Unfortunately I don't see this happening too soon, both because MS aren't exactly at the forefront of implementing security features (it took them how many years to add the most basic popup-blocking?), and because of liability issues - adding virus throttling would be an admission that Windows is a petri dish.
Duh. So viruses would fix the stack.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
