[wordup] hash cash as a way of stopping spam.

Wed May 7 13:30:46 EDT 2003

i'm incredibly leary of anything that makes email not get to people, 
this especially includes blacklists (which have become a complete 
freaking disaster) but also includes challenge response systems like the 
ones discussed below or the increasingly popular TMDA system.

i get very valuable (and completely unsolicited) email about community 
wireless networking all the time.  i also send messages that i believe 
are valuable to people all the time.  if i get a message which says 
"sorry you have to do X before you're allowed to email me" my general 
response is "rude bastard ... bye".

anyway, the hash cash proposal below is more interesting because it 
could be automated on the client yet might still stop spammers.  of 
course it might also stop email from web mail servers (i don't image 
hotmail will be thrilled about performing X calculations on your behalf) 
and 386's.

adam.

From: http://news.com.com/2010-1071-999561.html

Want to stop spammers? Charge 'em
By Declan McCullagh
May 5, 2003, 4:00 AM PT

WASHINGTON--I spent last week at the Federal Trade Commission's 
three-day spam summit where hundreds of people, fed up with the 
skyrocketing amount of unsolicited bulk e-mail, gathered to figure out 
how to stop it.

The suggestions were predictable: As they have each year since 1997, 
with nothing to show for it so far, members of Congress vowed to enact a 
law restricting spam. People selling spam blockers touted their 
products, and so-called e-mail marketers complained that their bulk 
messages were being unfairly tossed in the trash. Poor things.

On Friday morning, though, FTC Commissioner Orson Swindle said something 
that made a lot of sense. "I don't care if it's commercial, religious or 
entertainment (spam). It's all pollution," he said.

That's exactly right, and it's how we need to start thinking about spam. 
Spam is not primarily a technological or legal problem: It's an economic 
one.

 From an economic perspective, spam is just another form of pollution, 
an activity that imposes costs on people without their permission. Like 
all polluters, spammers impose these costs because of the benefits to 
them--in this case, the profits they make from sales, however few.

Like many victims of dirty air and befouled water, spam recipients are 
mostly powerless against the polluters. To curb pollution, we need to 
figure out how to change a polluter's cost-benefit calculations.

Yet for victims, the time and effort needed to shift costs back to where 
they belong typically wipe out any theoretical benefits. Because my home 
e-mail address has stayed the same since 1995, I receive hundreds of 
spam-o-grams per day, and I don't report each one to the FTC or an 
Internet provider's abuse address. It's just not worth my time.

It is worth something to the spammers. Here's why: Because of the low 
cost of bulk e-mail, a response rate as low as one-thousandth of 1 
percent can mean profits. A paper by the ePrivacy Group notes that the 
cost per message for postal mail declines because of printing 
efficiencies and bulk postage, and then levels out. "Conversely, 
per-message costs for spammers start out low and decline rapidly with 
volume. Indeed, some spammers pay nothing for sending their messages, 
hijacking resources that belong to others," according to the ePrivacy Group.

The usual way to address pollution problems is for the government to 
step in and raise costs. Rep. Zoe Lofgren, D-Calif., wants to give those 
who report spam to the FTC a "bounty" that would come out of a judgment 
collected from a spammer. Other proposals would raise the costs for 
spammers by making it easier to sue them.
To curb pollution, we need to figure out how to change a polluter's 
cost-benefit calculations.

That's a good start, but it's not good enough. Roughly half of spam 
already comes from overseas, panelists at the FTC confab said last week, 
and they estimated that it's doubling every month or two. Even if we 
managed to get rid of all domestic spam tomorrow, in a few months we'd 
be back up to current levels. And we can't wait a decade for an 
international treaty to be drafted, ratified and implemented.

Fortunately, there's a second way to raise costs for spammers: Charge them.

Imagine a system that lets you set up a kind of electronic guard dog 
that would police incoming e-mail. Using a set of user-defined rules, 
e-mail from preprogrammed domain names, such as yourcompany.com, would 
be sniffed and automatically approved. So would messages from friends, 
family, prior correspondents and known mailing lists.

Unknown correspondents, on the other hand, could contact you only if 
they paid for the privilege. Without bothering you, your guard dog would 
reply and tell the sender how much "postage" he owed. It's likely that a 
polite custom would arise: If the message you received from an unknown 
sender was sufficiently interesting, you'd return the payment or simply 
not deposit it.

I'm hardly the first person to suggest this idea. Brad Templeton, the 
chairman of the Electronic Frontier Foundation, wrote an influential 
essay around 1995 on "e-stamps," though he no longer likes the idea. A 
1997 patent granted in the United States to Todd Sundsted covers some 
uses of filtering e-mail through "an attached electronic stamp." Scott 
Fahlman, a computer scientist at Carnegie Mellon University, recently 
published a paper titled "Selling interrupt rights: A way to control 
unwanted e-mail and telephone calls." And an Australian entrepreneur 
recently launched a pay-to-send service that works in part as I described.
Imagine a system that lets you set up a kind of electronic guard dog 
that would police incoming e-mail.

Whatever the system, if enough people use it, you'll only have to charge 
as little as a penny to effectively ban spam from your in-box forever. 
The higher cost of watchdog-protected accounts suddenly would make spam 
uneconomical by shifting some of the cost of dealing with spam back to 
the sender, where it belongs. Payment systems like PayPal, E-Gold and 
GoldMoney.com would make the system feasible.

Then again, the postage would not have to be paid in legal tender. Any 
activity that cost the sender enough would do the trick. One scheme 
that's been proposed uses computation instead of currency. Called 
"HashCash," it requires the sender not to send money, but to instruct 
his computer to perform an arbitrarily complex calculation that would 
take a few seconds even on a fast microprocessor. Think of it: If a 
would-be spammer had to perform even three seconds of computation for 
each person she spammed, the pace of spam would slow to glacial.

"This can be used as the basis for an e-cash system measured in burnt 
CPU cycles," writes Adam Back, a British cryptographer who invented 
HashCash. "Such cash systems can be used to throttle systematic abuses 
of unmetered Internet resources...On a global scale, use of bandwidth 
and CPU resources is wasted. The spam recipient's time is wasted as 
well, and in the case of people using commercial service providers, some 
recipients have metered phone calls, and some service providers charge 
hourly rates for connection time."

Back told me on Friday that he envisions a transition from filters to 
HashCash. "What do you do, when you receive mail from people who are not 
using HashCash? Deleting that mail is not really acceptable," Back said.

"What people have proposed to do is to combine HashCash with filtering 
software solutions like SpamAssassin and the like," he said. "If you 
used HashCash to send a message, it wouldn't be filtered at all. That 
gives you an incentive to install HashCash. Every person gets extra 
value from it because they get extra reliability when sending e-mail."

Whether we end up using HashCash or some form of micropayment, we 
desperately need to raise the cost of spamming. New laws and new 
filtering technologies aren't good enough: Spam can be canned only 
through economics.