On Sun, 23 Mar 2003, Thomas Shaddack wrote: > On Sat, 22 Mar 2003, J.A. Terranson wrote: > > > To date, my personal pet has been payment in computationally intensive > > solutions to questions posed by the recipient. This forced expenditure of > > effort, even if minor, removes the spammer's incentive for sending of > > email: the nature of the beast requires that the spam run be high volume and > > fast in order to pay off - slow down the run with computationally difficult > > questions, and the spammer will make no money. > > There is a problem here. There are different machines connected to the > Net, their CPU power often differing in orders of magnitude. Either you > will completely bog down the 486s still used as low-volume SMTP > servers, or you will use a 486-friendly formula that will get barely > noticed by a P4 machine, or you will have some CPU speed negotiating > protocol, which will rely on the other side not lying about who they are.
As you note, a speed negotiating protocol is just not feasable, and is therefore not worthy of further note. As to bogging down a 486 while creating no noticeable work for a P4... The disparity you note is likely not as severe as you think. You must realize that sites using 486s for SMTP servers are not likely to pushing much mail (MFN changed over to a P133 when we hit roughly 500 users, all of whom are very low volume). Lets say it takes a 486, oh, 30 minutes to perform the necessary computation to complete an SMTP delivery (to a non-whitelisted recipient - realize that most common recipients _will_ be whitelisted). What damage has been done? Zero. > We have to consider the very-low-end systems, eg. Nokia Communicators or > various PDAs, which can send mail too. Either we rule them out, or we open > a loophole, or we will implement a complicated classification system for > the devices that will end up as awfully hairy and still half-working after > unsuccessful attempts to iron out all its kinks and holes. Again, KISS... > And you most likely lose the ability to send mails using raw telnet. Do you have a compelling need to use raw telnet for mail? If you do, I would hope you are coming from a whitelisted address, or are *really* good at math ;-) > Besides, can't you achieve something vaguely similar with simple > tarpitting? Actually, yes - vaguely similar. Simple tarpitting doesn't really bog down the sending server as much, which is the central idea here: a single 486 sending an email will not be nearly as affected as a 2ghz Thunderbird trying to send out a million emails an hour. -- Yours, J.A. Terranson [EMAIL PROTECTED]
