Can Computational Problems Stamp Out Spam?

By Larry Seltzer  |  Posted 2004-03-21 Print this article Print

Microsoft's other proposal for fighting spam is more esoteric than its caller-ID initiative. The idea is intellectually appealing, but it has some practical problems. Are they deal-killers? I'm not sure.

Many people have made the suggestion, without a whole lot of thought behind it, that we could solve the spam problem with a "sender pays" scheme. Just as with snail mail, the sender of an e-mail should pay a "postage" fee. It neednt be large; even a fraction of a penny would change the economics of spam to make it impractical. These observers dont often move to the next obvious step of the proposal: Given that the e-mail infrastructure of the Internet doesnt provide for such payments, or even an authentication system to determine who actually sent a message, how would they implement postage? Ive written about this myself in the past. Such petty details are not the concern of big thinkers, I guess.

Microsoft Research has come up with a different angle on the idea of postage. Their "Penny Black" project describes a system wherein the recipient of a mail message requires that the sender perform some computational task and report on the results. The task neednt be meaningful, but it needs to be nontrivial. The basic idea of the proposal is that sending 1,000,000 messages will cost the sender a lot in terms of computing time. The project is named after the Penny Black postage stamp, which revolutionized snail mail after it was introduced to the British postal system in the 1830s.

Before I explain more about how it works and how cool it is, Ill point out that there are two main problems with the idea. First, it does little (or, depending on your point of view, nothing) to stop the use of hijacked open-proxy systems for sending spam. (These are systems infected, typically with a worm like SoBig that allows a spammer to take remote control and send spam.) Second, its not a replacement for an authentication system like Sender Policy Framework or caller ID or Yahoos Domain Keys, and in an environment where one or more of those schemes are implemented, Penny Black loses most of its appeal.

Next page: Gumming up the spam factories.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel