Can Computational Problems Stamp Out Spam?

Microsoft's other proposal for fighting spam is more esoteric than its caller-ID initiative. The idea is intellectually appealing, but it has some practical problems. Are they deal-killers? I'm not sure.

Many people have made the suggestion, without a whole lot of thought behind it, that we could solve the spam problem with a "sender pays" scheme. Just as with snail mail, the sender of an e-mail should pay a "postage" fee. It neednt be large; even a fraction of a penny would change the economics of spam to make it impractical.

These observers dont often move to the next obvious step of the proposal: Given that the e-mail infrastructure of the Internet doesnt provide for such payments, or even an authentication system to determine who actually sent a message, how would they implement postage? Ive written about this myself in the past. Such petty details are not the concern of big thinkers, I guess.

28571.gif

Microsoft Research has come up with a different angle on the idea of postage. Their "Penny Black" project describes a system wherein the recipient of a mail message requires that the sender perform some computational task and report on the results. The task neednt be meaningful, but it needs to be nontrivial. The basic idea of the proposal is that sending 1,000,000 messages will cost the sender a lot in terms of computing time. The project is named after the Penny Black postage stamp, which revolutionized snail mail after it was introduced to the British postal system in the 1830s.

Before I explain more about how it works and how cool it is, Ill point out that there are two main problems with the idea. First, it does little (or, depending on your point of view, nothing) to stop the use of hijacked open-proxy systems for sending spam. (These are systems infected, typically with a worm like SoBig that allows a spammer to take remote control and send spam.) Second, its not a replacement for an authentication system like Sender Policy Framework or caller ID or Yahoos Domain Keys, and in an environment where one or more of those schemes are implemented, Penny Black loses most of its appeal.

Next page: Gumming up the spam factories.