Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Researching Anti-Spam Technique

michael posted more than 10 years ago | from the penny-for-your-thoughts dept.

Spam 660

Tim C writes "Microsoft's Research group are working on a technique to combat spam. Dubbed the 'Penny Black project', it involves making email senders perform a computation taking around 10 seconds, which their recipients can then check for. This delay would limit bulk emailing speeds to around 8000 a day, meaning that to spam all of those 'fresh, guaranteed 25 million addresses' would take approximately 8.5 years." We've reported on this before.

cancel ×

660 comments

Sorry! There are no comments related to the filter you selected.

Born On The Bayou (-1)

The Lyrics Guy (539223) | more than 10 years ago | (#7812606)

CCR - Born on The Bayou

Now, when I was just a little boy,
Standin' to my Daddy's knee,
My poppa said, "Son, don't let the man get you
Do what he done to me."
'Cause he'll get you,
'Cause he'll get you now, now.

And I can remember the fourth of July,
Runnin' through the backwood, bare.
And I can still hear my old hound dog barkin',
Chasin' down a hoodoo there.
Chasin' down a hoodoo there.

Born on the bayou
Born on the bayou
Born on the bayou

Wish I was back on the Bayou.
Rollin' with some Cajun Queen.
Wishin' I were a fast freight train,
Just a chooglin' on down to New Orleans.

Born on the bayou
Born on the bayou
Born on the bayou

I can remember the fourth of July,
Runnin' through the backwood bare.
And I can still hear my old hound dog barkin',
Chasin' down a hoodoo there.
Chasin' down a hoodoo there.

Born on the bayou
Born on the bayou
Born on the bayou

i ate acorns for lunch (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7812608)

wanna see my pooooooooo?

h to the gizzoatse (-1)

Trolling Stones (587878) | more than 10 years ago | (#7812609)

c to the penis fish. thought i was gonna say bird, didn't you. fools

Have some xmas TOAST! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7812612)

toaster,toaster toaser, do you have toast in you yet i think [rowdyruff.net]
so!!!!!!!!!!!!!!!!!!!Im not a toaster!!!!!!!!!!And one more
thing........YOUR A TOASER!!!!!!!!!!!!!! AND A COOKIE WITH MILK SOAGE
MILK!!!!!!!!!!AND A BUTT WITH POOP IN IT!!!!!!!!!!!!!!!!

Question... (3, Insightful)

Xpilot (117961) | more than 10 years ago | (#7812614)

How do you "make" senders do anything?


Re:Question... (2, Funny)

notque (636838) | more than 10 years ago | (#7812621)

How do you "make" senders do anything?

With large pointy sticks....

Re:Question... (1, Insightful)

Sc00ter (99550) | more than 10 years ago | (#7812631)

you don't understand, once the sender does this there will be some type of key. If the client doesn't see this key in the headers or wherever then it will be seen as spam by the reciving client.

Re:Question... (1)

DShard (159067) | more than 10 years ago | (#7812679)

So I would have to give up on linux to send email?

Re:Question... (0, Troll)

ArsonSmith (13997) | more than 10 years ago | (#7812638)

by maintaining a monopoly on software.

Re:Question... (4, Informative)

tomstdenis (446163) | more than 10 years ago | (#7812673)

The technique is on page 426 of Advances in Cryptology -- Crypto 2003 [LLNCS2729].

Not exactly a monopoly here as anyone else can implement it.

Tom

Re:Question... (1)

SkArcher (676201) | more than 10 years ago | (#7812715)

Not having access to that text I will have to take your word on it. Do you know of any web resources describing the method? Still, if what you say is true... Mod Parent +1 Informative

Re:Question... (2, Informative)

tomstdenis (446163) | more than 10 years ago | (#7812771)

Don't take my word for it...

read the paper yourself! [weizmann.ac.il]

Tom

Re:Question... (2, Interesting)

tomstdenis (446163) | more than 10 years ago | (#7812640)

By rejecting their emails otherwise. D'uh.

You really want to email me [or get priority over other emails] you will do as I say.

Of course you can get to the point where it's too much hassle. I think MSFT is seeking to have this built into OE [e.g. integrated]

Tom

Re:Question... (0)

Anonymous Coward | more than 10 years ago | (#7812643)

Simple, make everyone Hotmail users. Microsoft has already announced that outlook express is going the way of the dodo.

Re:Question... (2, Informative)

asquared256 (637499) | more than 10 years ago | (#7812646)

by automatically rejecting any emails where the computation's results aren't present, like using cryptographic signatures?

Re:Question... (2, Insightful)

Kierthos (225954) | more than 10 years ago | (#7812656)

Oh, they could roll it out as part of a "required" patch that fixes other security holes, it could be part of the next version of Outlook, and as part of MSN... there are ways.

What concerns me is how this would affect people who use Eudora, or yahoo-mail, or any of the host of other systems that don't require the Lords of Redmond holding their hands to send e-mail.

It seems that it would be a stop-gap measure for anyone using MS products or services to spam, but unless it was adopted by every major (and many minor) e-mail services, it would have very little actual effect.

Kierthos

Proposed "Sender do Something" technique. (5, Interesting)

conner_bw (120497) | more than 10 years ago | (#7812729)

I haven't read the story in question (this is slashdot, after-all) but while on the toilet i came up with this:

I use a service called Spam Interceptor [si20.com] which uses SpamAssassin [taint.org] as it's scoring filter to judge if it should send an authentication message to the original sender.

How about instead of doing that on the recipient's end, it was done at the SMTP server?

The email is sent and the server runs it through the scoring process. If the message scores more than 6/10 the server sends the sender an authentication message, asking to validate the email [si20.com] .

This would require spammers to manually intervene and waste tons of their time. if they forged the sender email, their email would go to someone else's email and they would just trash it (and complain to a service like spamcop)

A winner? Or a loser?

--
Kill all spammers. [si20.com] Let the irony of this sig sort em' out.

Re:Proposed "Sender do Something" technique. (0, Troll)

BasilBrush (643681) | more than 10 years ago | (#7812782)

RTFA

Re:Proposed "Sender do Something" technique. (3, Informative)

hashinclude (192717) | more than 10 years ago | (#7812808)

While this seems useful at first glance (at least open relays would stop working), how does your technique address these issues:

1. Clueless admins (of windows or *nix servers) who refuse to use SA or similar? These are the same who leave the mail servers as open relays in the first place.

2. People who use their own SMTP server

Sure, go ahead and say that you can add reverse domain lookups. But registering a domain is quite cheap these days ($4.95 a year) and point the NS to your machine, set up MX records, and you're on your way.

Your solution is useful, but not comprehnsive. I doubt there is a comprehensive solution short of making the spammers incapable of accessing the internet.

--
Clueless People? Everywhere I look, I see them. And some of them, they WORK here!

Re:Question... (2, Informative)

Geoffreyerffoeg (729040) | more than 10 years ago | (#7812757)

By refusing connections or refusing to send e-mail unless they do. Kind of like how SMTP servers "make" the senders do a HELO before sending the message. Like:
220 mail.example.com SMTP server ready
HELO client.example.com
250-Hello client.example.com, calculate
250 1+2+3+4
ANSR 10
250 Answer correct, continue
MAIL FROM:<foo@example.com>
...
or
...
250 Hello spammer.example.com, calculate
250 1+2+3+4
MAIL FROM:<user@example.com>
503 You didn't answer my question, go away
although the computation would be a lot harder than just 1+2+3+4. Disclaimer: I have no idea how the system works in practice. This is just a possible way.

Oh yeah they invented this... (5, Insightful)

tomstdenis (446163) | more than 10 years ago | (#7812616)

Well actually yeah they did. At Crypto'03 a method for memory bound HC was presented.

So while MSFT didn't invent the original HashCash concept MSFT did improve upon it. So before anyone gets the bright idea of flaming MSFT ignorantly.... know your facts!

Tom

Re:Oh yeah they invented this... (-1, Troll)

codepunk (167897) | more than 10 years ago | (#7812697)

I believe you 100%, only Microsoft would come up with a solution that artificially induces inefficiency. If they could get everyone to buy in to this is would mean they could sell more exchange servers.So am I flaming MS? NO, I am not suprised it seems normal that they would suggest something stupid that increases sales.

Re:Oh yeah they invented this... (2, Insightful)

tomstdenis (446163) | more than 10 years ago | (#7812730)

Um? The point, my small minded ignorant little friend is if it takes you 10 seconds to send an email it takes spammers 10 seconds to send an email.

The real contribution MSFT made was their memory-bound HashCash which was designed to perform comparably on the latest machines [e.g. P4-3000] and the oldest machines [e.g. P2-233].

And this is part about sales but the research is freely available off the web as well as part of the Crypto'03 proceedings.

Tom

Re:Oh yeah they invented this... (1)

SkArcher (676201) | more than 10 years ago | (#7812759)

The point I belive the other poster is making is that this won't solve the issue, it will simply result in the Spammers either faking the method (as at least part of the method is public domain), or distributing the workload among several computers.

You point out quite correctly that the Method takes exactly the same amount of time on an old machine as a new one.

Now, Imagine a Beowulf Cluster of 386's....

Re:Oh yeah they invented this... (2, Interesting)

tomstdenis (446163) | more than 10 years ago | (#7812805)

That's just it, reductions. HC is based on the difficulty of finding collisions in a hash. If you break HC you break the hash.

This memory-bound one doesn't have such a nice reduction but it's conjectured to be similar.

So you can't "fake the method". Sure they could put a fake header in there, e.g.

X-MBHC: BLAH

But the verifier could trivially see it was faked.

Tom

Re:Oh yeah they invented this... (1)

Euler (31942) | more than 10 years ago | (#7812783)

I guess I'm not the only one who believes that Microsoft has expertise with slow-down code. Isn't it funny that no matter how clean I keep my Windows install, it always keeps slowing down? Even on a fast machine, after 6 months I can't even open the 'Start' button without waiting 10 seconds.

Average joe computer user, from my experience, thinks this means time to buy a new computer... (with a new OS liscense, of course.)

what's your point? (3, Insightful)

penguin7of9 (697383) | more than 10 years ago | (#7812740)

Microsoft Research is no different from other industrial research labs: IBM, Bell Labs, etc. They hire the same kinds of people and get the same kinds of inventions out of them. One can't expect any more or less from any big company with a lot of money to spend. However, so far, MSR has not had much positive impact when it comes to driving innovation into the marketplace.

If Penny Black is all there is, it doesn't look like that's going to change. It will probably be decades before we know whether MSR will have had lasting impact. By that time, Microsoft will probably be a benign, lumbering giant, just like its monopolistic predecessors, AT&T and IBM.

Adding to the 'Microsoft Minute' (0, Insightful)

ayahner (696000) | more than 10 years ago | (#7812617)

Typical. Delay the time it takes to send an email to make email less profitable. Ever notice that whenever Microsoft says, "1 minute remaining" you end up waiting for about three?

Re:Adding to the 'Microsoft Minute' (0)

Anonymous Coward | more than 10 years ago | (#7812790)

When using dial-up, the Microsoft Minute takes longer, depending on the speed of your computer, and the dial up connection. There, I said it.

yo fp! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7812618)

yo fp!

not a solution (2, Insightful)

Quasar1999 (520073) | more than 10 years ago | (#7812625)

This is not a solution... as *I* still have to check for something on my end, and then discard if that condition is not met... my bandwidth and time are still wasted.

Re:not a solution (4, Insightful)

notque (636838) | more than 10 years ago | (#7812654)

This is not a solution... as *I* still have to check for something on my end, and then discard if that condition is not met... my bandwidth and time are still wasted.

Whine!

It may not be the end all be all solution, but obviously we haven't found that yet. This seems like a pretty good solution for the moment. There may be a better one that comes out, making this one null and void, but we are continuing to find ideas which are a little better than the last.

How can that be a bad thing?

Re:not a solution (0)

DShard (159067) | more than 10 years ago | (#7812709)

It would be bad because it would take 10 seconds of my cpu time per email _I_ receive to verify it's authenticity... And I can't opt out if I want my emails to be received. This is not a solution, it is an ugly hack that further wastes cpu time at the alter of bad ideas.

Re:not a solution (1)

johnburton (21870) | more than 10 years ago | (#7812801)

No, it takes 10 seconds to *send* the email. Not to verify it when it's received.

Re:not a solution (1)

schon (31600) | more than 10 years ago | (#7812745)

It may not be the end all be all solution, but obviously we haven't found that yet.

Maybe because people keep misidentifying the problem.

The problem isn't that email is easy to send. The problem is that there are people who want something for nothing, and don't care who they harrass or steal from in order to get it.

Solve that problem, and spam will go away!

Re:not a solution (2, Interesting)

tomstdenis (446163) | more than 10 years ago | (#7812662)

Your server can do the calculations for you. That's the point. You pay for email right? [if you don't run your own server]. Then why not expect your ISP to actually provide service.

The idea though is that you can automate the process. E.g. unless the email has a tag on it that's valid you delete/filter the message.

Tom

Re:not a solution (1)

DShard (159067) | more than 10 years ago | (#7812728)

I should expect the ISP to have one server per 8000 emails? Why should they spend 100 times as much when the can just put in spam filters?

Re:not a solution (2, Insightful)

tomstdenis (446163) | more than 10 years ago | (#7812753)

I'd think the server would verify and the users would generate.

Recall that verification is trivial while generation is what takes the time.

Or the server could put the burden on the users.

The idea is not to stop spam it's to make it easier to filter out. Spammers won't take a 10,000x fold penalty increase to spam with valid tags...

Tom

Re:not a solution (3, Insightful)

dustman (34626) | more than 10 years ago | (#7812667)

No, it *is* a solution...

Some of your bandwidth and time is being wasted in the short term, because spam is still being circulated.

But in the long term, spam ceases to be an effective business model.

Re:not a solution (4, Insightful)

walt-sjc (145127) | more than 10 years ago | (#7812723)

Um, maybe you don't realize what spammers have been doing lately. They use huge networks of compromized machines to spam FOR them (thank you MS and your wonderful security model). There is plenty of horsepower out there to handle any kind of HC type system. The bottom line is that spammers ALREADY have the resources to make a HC system useless.

Re:not a solution (1)

JFMulder (59706) | more than 10 years ago | (#7812691)

It depends, maybe it's the kind of problem that is really hard to solve, but simple to verify, something like a NP problem. So validating the email would be very quick on the receiving end.

Re:not a solution (2, Insightful)

xigxag (167441) | more than 10 years ago | (#7812707)

No, *you* don't have to check for anything. Your email client will check, and could easily be programmed to discard the email sight unseen if it doesn't contain the appropriate validation code.

Re:not a solution (1)

Liselle (684663) | more than 10 years ago | (#7812718)

It's also not a solution becuase there isn't an easy way to have widespread adoption (yet), which would be required for it to work. Also, it would just give birth to a new generation of email worms, only this time the zombie computer it infected would be used for DDoSing AND for computing hashes.

Technique? (2, Insightful)

conner_bw (120497) | more than 10 years ago | (#7812627)

This technique is only good for (closed source) Exchange servers. Also, what good is this research if Exchange is the recipient of spam, not the sender?!

--
Kill all spammers. [si20.com] Let the irony of this sig sort em' out.

Re:Technique? (1)

johnburton (21870) | more than 10 years ago | (#7812758)

Why do you say it's only good for exchange server? It could be implemented on anything just as easily.

I RTFA, but what exactly is it? (4, Interesting)

monadicIO (602882) | more than 10 years ago | (#7812629)

Is it something that will require using Outlook on Windows to work? Alternatively, will I be force to use some MS software just to send mail to people who are using MS based web/mail/etc client/server programs?

Re:I RTFA, but what exactly is it? (1)

SkArcher (676201) | more than 10 years ago | (#7812809)

Well, in theory the Method could be used by any e-mail program to so encode the e-mail to comply, so any e-mail software could send to any other with this 10 second delay.

On the other hand MS could keep it to themselves and only alows MS mail senders to send to MS mail recievers, and so on.

If MS do this, then I would expect that the words Anti-Trust will start to be mentioned again, especially in the light of the number of governments who are moving over to Linux based offices.

A spammer researching anti-spam? (-1, Troll)

xv4n (639231) | more than 10 years ago | (#7812633)

Come on!!!

Expert Advice (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7812634)

Whether you are attending a private sex party or a public club, there are some good manners that should be followed. Obviously these rules will vary for different parties, but here are a few good rules to follow so that you don't become an unwanted guest and never get invited back again.
  • Don't be a sling lizard - In other words, don't get into a sling unless you have a play partner. And if slings are limited, give other people a change to use the sling.
  • Lay down paper towels on the floor before playing to collect any spilled lubrication. You may also want to place a paper towel under the bottoms butt. Wipe off the play area and the bottom completely before leaving the play area. It is the tops responsibility to make sure the lube is wiped off the bottoms butt and that the floor and sling or table is wiped off and clean for the next person.
  • Ask your host what the house rules are This includes where you are allowed to play and what supplies you should bring (I always bring my own lube, beverage, paper towels and other party supplies to private parties). At THE SLING you can bring your own lube or we sell it there. Bring your own beer if desired, we provide sodas, paper towels, gloves, condoms and shower. For all parties it's polite to bring your own towel in case you want to shower
  • Don't just walk up to a play session and join in It's best to try to get some eye contact to see if they want you to join in. It can be very distracting to be in a scene and have somebody just join in especially if you don't want them there.
  • Keep unnecessary conversation and noises out of the play area Try not to have regular conversations where people playing can hear you. Also, if you are a screaming or make loud noises during play, this may disturb other guests. Some people enjoy the loud moans and groans but many find it disturbing.
  • If you move any equipment around return it to the original spot when done For example, if you raise or lower the sling, return it to where it was when you got there. Or if you move a table or chair, return it.
  • Do not share lube. This can lead to the transmission of HIV and other diseases. The cans can become contaminated while playing so it's good to write you name on the jar of crisco or lube.
  • Wash off hands and arms and dick when done playing Preferrably with an antibacterial soap.
  • Don't walk around the party in street clothes or be a gawkerAt most play parties the guys are usually in jocks or chaps so that their butts are exposed
Proper Fisting Technique Photograph [nero-online.org]

Involves calculating hashes (5, Interesting)

baseinfinity (18023) | more than 10 years ago | (#7812636)

We studied this in a computer security course I took. This technique has been proposed to TCP establishment as well. It involves the server calculating a hash of a particular nonce (random value). The server then provides the hash and a certain number of bits of the nonce. It becomes the clients job to complete the nonce such that the value hashes out correctly. The server can vary the number of bits it provides to vary the difficulty of the puzzle...

Re:Involves calculating hashes (1)

SpaceRook (630389) | more than 10 years ago | (#7812680)

So how in the world does this work with a new email program sending mail to an old email program? Or vice versa?

Re:Involves calculating hashes (2, Informative)

baseinfinity (18023) | more than 10 years ago | (#7812713)

It's transparent to that. All this has to do with is if you want to use a service of a server (sending mail). This strategy doesn't have to be global, you could tack it onto any authentication protocol and it would only be the senders job to get the required software. However the reciever authenticates is the buisiness of the server they recieve from.

Outsourcing (-1, Troll)

tsanth (619234) | more than 10 years ago | (#7812637)

Wouldn't this mean that spammers, like Dell, would have to now outsource their operations to India?

Phew (3, Funny)

Lord_Dweomer (648696) | more than 10 years ago | (#7812639)

From the article:
"The payment is not made in the currency of money, but in the memory and the computer power required to work out cryptographic puzzles. "

Phew!!! For a second there I thought I was going to have to do a math problem for each email I was going to send. I woulda been fucked!

Compliance is manditory... (1)

Yoda2 (522522) | more than 10 years ago | (#7812644)

...and I'm sure all the spammers in countries I've never heard of with .xyz top-level domains would be happy to use their $0.28 copies of the latest and greatest Microsoft OS to comply.

Eventually... (0, Troll)

Anonymous Coward | more than 10 years ago | (#7812645)

The spammers will find a way to automate it. Or, they'd take advantage of an Outlook bug to spam via other messages. An infected client could send out spam with every regular message you send! Perhaps they can just use an MS backdoor that lets any messages from billg@microsoft.com through.

Why not charge per message? (1, Interesting)

codepunk (167897) | more than 10 years ago | (#7812647)

I know, I think microsoft should charge the customer for each and every message that is routed through a exchange server. Just think of the money they could make and help curb spam.

I'll save them the trouble ... (0)

Anonymous Coward | more than 10 years ago | (#7812648)

close Hotmail

Why does microsoft have to do this? (0)

Worldly Iconoclast (724498) | more than 10 years ago | (#7812652)

Can't we get any laws so any spam asshole gets publically humilated/executed for their crime? I don't see why microsoft has to work around with this (and there is always being an alterior motive to their actions), shouldn't the governments just kill these assholes so we don't have to worry about spam? Take care of the problem at it's root : the spammers.

10 seconds (0, Insightful)

MagPulse (316) | more than 10 years ago | (#7812663)

Problem is, if it takes 10 seconds on a modern computer, it takes three minutes for Aunt Edna to send you photos of her dog, and a distributed spamming network will still churn out spam. I think real cash is the only cost that makes sense if you want to go that route.

Re:10 seconds (4, Informative)

tomstdenis (446163) | more than 10 years ago | (#7812693)

Mod parent down [-1,unsightful]

The research this is based on [presented at crypto'03] is designed to level the difference between a P4-3000 and a P2-233. They use problems where cache hits will be lower [e.g. use a 8MB buffer or something] so you end up computing at the speed of your memory bus.

If you had done some research before posting your crap you'd know this.

Tom

MOD PARENT UP, MOD PARENT OF PARENT DOWN!!!! (0)

Anonymous Coward | more than 10 years ago | (#7812772)

THISN IS A BODY SLAM AND A HALF.

THIS GUY TOTALLY TOOK THE PARENT, RIPPED HIS ARMS OFF, AND PISSED ALL OVER HIS STUBS.



  • I GOT HARD THE MINUTE I READ THIS POST!!!!!

    Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

Then put your money where your mouth is. (0)

Anonymous Coward | more than 10 years ago | (#7812752)

I think real cash is the only cost that makes sense

Then how many spammers have you taken to court so YOU get some of thier money?

Spammers don't use their own computers (4, Insightful)

UnderAttack (311872) | more than 10 years ago | (#7812666)

Even today, the most annoying spammers are not using their own computers, but insteady they are bouncing e-mail off virus infected and trojaned PCs.

So 8,000 emails / day is fine, if you have a couple thousands relays to pick from.

Re:Spammers don't use their own computers (1)

h00pla (532294) | more than 10 years ago | (#7812687)

This is what I was thinking. I like the idea of making email expensive - it's a good idea in theory, but I am also thinking that spammers might be able to use trojan boxes not only to send their batches 8000 mails but to even do their calculations, like many distributed networks already function.

Re:Spammers don't use their own computers (1)

DShard (159067) | more than 10 years ago | (#7812785)

Maybe we should make a boinc application to help them. Look for aliens? check. Fold Protiens? check. Search for marseine primes? check. Send gajillions of spam? check.

Re:Spammers don't use their own computers (2, Informative)

Apreche (239272) | more than 10 years ago | (#7812763)

Damn straight. All the spam I get is from stupid people on campus who have insecure computers that spammers gain control over and send spam with.

Let's say you leave your gun safe unlocked and someone comes in and takes your guns and kills somebody. You're going to get sued for big moneys. If you leave your computer "unlocked" and someone sends spam with it you should be held accountable in some way.

Spam is an international problem and is very difficult to stop. But there are known spammers in the united states. Make a law that punishes them with federal prison time. Then enforce that law and lock them up. Spam wont go away, but it will definitely decrease. To solve spam on the international level we will need a new international organization that governs the net. They tried, but I think they'll get it on one of the next few go arounds.

A bit of foresight... (1)

LucidityZero (602202) | more than 10 years ago | (#7812668)

Qouted from the article:
But, he said, for such a scheme to be all-encompassing, there would have to be some provision for open standards, so that it is not proprietary to Microsoft.

Glad the guy from MessageLabs hit the nail on the head right away... what are the chances Microsoft will go along with THAT idea? They'll implement this as an Exchange/Outlook only feature, if they can get away with it...

And, a poster above me states that Microsoft basically invented this, giving me reason to believe there is no reason why they couldn't get away with keeping it all to themselves.

And (getting WAY ahead of myself here, but...) since it's encryption oriented, it would most likely be against the DMCA by default to even attempt to reverse engineer, and provide an open and compatible alternative...

This not only isn't going to work, it's a disaster (5, Insightful)

FreeUser (11483) | more than 10 years ago | (#7812670)

Count on Microsoft's "cure" to be worse than the disease itself. You would think for $40 billion they could buy just a little more intelligence than that.

SMTP needs to be redesigned. Not by Microsoft, who will use any change in the protocol to tighten their monopoly grip, locking in their customers (and locking out the non-Microsoft world), but by the IETF.

Spammers having to do a computation before delivering email isn't going to limit them to 8000 pieces of mail a day, it simply means they're going to cluster all of those Windoze boxes their custom worms have infected, and let those millions of PCs do the work for them in parallel. SPAM won't decrease one bit, but the load and toll it places on those who use the net will go up significantly.

The solution isn't to increase the cost of email (computationally, bandwidth-wise, or financial), the solution is to repair the design flaws in SMTP (and, for that matter, USENET, something that remains the most useful medium on the 'net despite its widespread abuse) that make SPAM a viable methodology.

Nothing really new here (-1)

Karamchand (607798) | more than 10 years ago | (#7812671)

It's sort of the already known tarpit.

10 seconds, eh? (0)

Anonymous Coward | more than 10 years ago | (#7812675)

so, mr spammer with his swarm of zombie WinP4s will have to up the number of machines, while i'm still on my 486 linux machine...

is that 10 seconds p4 3Ghz time, or 10 seconds 486 66/2Mhz time?

and if it depends on the sending computer, how hard will it be to get the sending machine to lie, and clame to be a 8080 10Khz?

Grid computing (0)

Anonymous Coward | more than 10 years ago | (#7812685)

In a completely unrelated press release, Microsoft announced that they plan to sell processor time in quantities of thousand years, beginning march 1st...

Stupid solution (0, Insightful)

dybdahl (80720) | more than 10 years ago | (#7812692)

Making e-mails "expensive" to send is stupid. There are many ways to fight spam effectively without doing that.

We could start by adding sender e-mail address verification to smtp - the recipient looks up the e-mail address's MX record, and asks if that specific e-mail was sent from that mail server. If not, it's probably spam.

The more server that implement this scheme, the more points will be given to those e-mails (by spamassassin etc.) that do not have this sender verification set up. Within a year or two, all serious mail providers, companies etc. will have sender address verification.

Combined with law enforcement, blacklists etc., this can become extremely effective.

Dybdahl

MOD PARENT DOWN - DIDNT RTFA - lbd@dybdahl.dk (0)

Anonymous Coward | more than 10 years ago | (#7812797)

Please, sir, before you post your outsourced retard punjab here, please read the article.

PARENT IS SPAMMER

Parent IS a spammer.

So, in other words... (1)

aeiz (627513) | more than 10 years ago | (#7812694)

We'll be do Microsoft's math for them

Safe list? (1)

placeclicker (709182) | more than 10 years ago | (#7812695)

Once senders have proved they have solved the required "puzzle", they can be added to a "safe list" of senders.
Great, so who's going to be maintaining this "safe list"?

How about my old hardware? (3, Informative)

bigberk (547360) | more than 10 years ago | (#7812702)

How is my older hardware (or even pretty recent hardware on a huge ISP, with lots of SMTP activity) supposed to be able to handle this? Bah. It seems to me that adding computational difficulty is not such a great way to combat spam. Do you have any idea how effective IP blocklists [openrbl.org] and statistical filters [sourceforge.net] alone are? (Or, you could combine them as this project [pc9.org] is doings).

Okay.. (5, Insightful)

NegativeK (547688) | more than 10 years ago | (#7812704)

If this works as stated, then I can see issues.. For instance, large mailing lists. Would they have to be white-listed? 3000 seconds of computation is a heavy tax on a community based program like the Linux Kernel Mailing List, which averages 300 messages to my inbox a day. Also, there's the issue of viral spammers.. Those that send out viruses to do the spamming for them. If you infect enough, 8000 mails per day per computer can still be quite a bit.

Personally, my whole take on spam is that everything needs to be done on the user end. Laws have loopholes in every situation (foreign spammers being a large one,) server restrictions are either too restrictive on small servers, or can be defeated with distributed computing.. I say we stick with Bayesian filtering. It works _wonders_ for me, and I'd love to see more people use it.

Re:Okay.. (1)

scrytch (9198) | more than 10 years ago | (#7812786)

Officials say at least one of three suicide bombers who barely missed the presidential convoy appears to have been a foreigner, raising suspicions that the attack that killed 15 people whole take on spam is that everything needs to be done on the user end. Laws have loopholes in every situation (foreign spammers being a large one,) It works _wonders_ for me, and I'd love to see more people use it retailers wished for mountains of plastic gift cards on Friday as they kicked off their annual after-Christmas blitz, the last chance to salvage a disappointing holiday season.

Check out the action here http://getyerpornhere.com

Also, there's the issue of viral spammers.. Those that send out viruses to do the spamming for them. If you infect enough, 8000 mails per day per computer

Bayes that.

Let me be clear about one thing... (1, Insightful)

Noryungi (70322) | more than 10 years ago | (#7812708)

I don't want spammers to pay to have the right to send spam... I want them to stop sending spam!!

I seriously don't think this will work as (a) spammer won't use Microsoft products to send their wares or (b) because they will find a way to crack the security of this system (I mean, come on, this is Microsoft we are talking about here!).

This sounds very similar to IKE handshake. (0)

Anonymous Coward | more than 10 years ago | (#7812717)

This sounds almost exactly what Checkpoint implemented for IKE DOS prevention. When the client sends a request to the server, the server in turn returns a cookie like algarithm that must be decoded by the client before the server will accept the next request. Or at least thats how it was explained at a CP convention.

The technique seems to work and could be easy standardized I would think.

Standards (1)

Tremanhil (246867) | more than 10 years ago | (#7812722)

If they build this into Outlook, a spammer using Windows will just switch to another e-mail program.

If they build this into Exchange Servers, will it comply with e-mail standards so that my co-workers will still get e-mail I send from my Linux box at home, or will it lock out e-mails sent from any non-Microsoft box?

If so then this is another example of closed source/proprietary technology being created in opposition to already existing standards.

Could be good *if* (1)

Rupert (28001) | more than 10 years ago | (#7812738)

1) Needs to work between MTAs. Your Exchange server might trust the Outlook client, but my exim server doesn't trust your Exchange server. Be prepared to pay again.
2) No-one discovers a mathematical short cut for the hash.
3) What are the calculation costs on the recipient?
4) The Intel "Spammer Edition" Pentium 5 with a half gig of L1 cache. Memory bandwidth is no longer a bottleneck.

Fine for users but what about companies? (1)

Stonent1 (594886) | more than 10 years ago | (#7812741)

My group alone generates hundreds of e-mails to people outside our domain every day. I'm sure they whole company easily exceeds the 8000 mark mentioned here.

New market oppotunity. (0)

Anonymous Coward | more than 10 years ago | (#7812742)

Expect spam advertising e-mail accelerators.

Send email in just 1 second not 10. Get email accelerator pro today.

Spam on MSN (1)

Lost Penguin (636359) | more than 10 years ago | (#7812743)

I wrote to abuse@msn.com about an ongoing spam stream from 241272@msn.com.
The fact that this account is a string of numbers should tell MSN something. The fact that 5 million e-mails per day come from one account should also be a clue. MSN is a spam factory, the best spam solution would be to blacklist msn.com

I still recieve spam from 241272@msn.com
(Yes it gets filtered and deleted)

what about mailing lists? (1)

SuperBanana (662181) | more than 10 years ago | (#7812755)

What about mailing lists? Until we recently upgraded, we were doing reasonably OK with a Axil 320(Sun Sparc clone. No, not an UltraSparc, a sparc. Yes, that slow) for about 3,000 subscribers. One of our lists was at least 30-40 messages a day.

Ten seconds of P4 3ghz time is about....half a year for a 110mhz microsparc ;-)

We've since upgraded- but I can tell you right now that anyone who tries to make us leap through these hoops will simply find themselves removed by Mailman for bouncing. Like those challenge-response things. Etc.

I wonder how well it will work? (1)

A_Non_Moose (413034) | more than 10 years ago | (#7812762)

I searched the article for Mozilla and Thunderbird, but Firebird reported the words were not found.

Hummm...doesn't look like Microsoft is really serious.

:)

No research involved (2, Funny)

psychoid (568115) | more than 10 years ago | (#7812766)

This is just a fancy way of saying "Microsoft is trying to figure out how to turn off Hotmail"

we need hybrid solutions, with whitelists (1)

astrashe (7452) | more than 10 years ago | (#7812773)

This is an interesting idea -- I don't know how it works in a world where some people are running 133 Mhz computers and others are up at 3Ghz. But it's interesting.

I think that any postage scheme should be hybridized with a white list to avoid imposing burdens on people you want to talk to. The postage (economic or computational) should only apply to people who you don't know.

In other words, if I know you, you should be able to email me for free, but if I don't know you, it should cost something -- not much, but something.

With a hybrid system, most of the problems I would have with having to pay some small amount of real money evaporate.

People could pick charities -- if you want to email me and I don't know you, you have to give a nickel to the salvation army, or whatever. Or maybe just a tenth of a penny. Whatever number makes sense.

GPU's? (2, Interesting)

Naksu (689429) | more than 10 years ago | (#7812778)

The idea was originally formulated to use CPU memory cycles by team member Cynthia Dwork in 1992.
But they soon realised it was better to use memory latency - the time it takes for the computer's processor to get information from its memory chip - than CPU power.


Don't GPU's have a lot smaller memory latency?

hmm, whats this?
BrookGPU: General Purpose Programming on GPUs [slashdot.org] ;)

What is the spread?? (0)

Anonymous Coward | more than 10 years ago | (#7812779)

Would this technology be applied to microsoft products and services only, or would it be pushed down everyones throats in true microsoft style??

Forced Time Delays Won't Work (1)

yancey (136972) | more than 10 years ago | (#7812780)

Microsoft is putting this in the mail client? Why not put it in the mail server? Either way, this isn't going to combat spam. Spammers will simply not use Microsoft mail programs.

Uhm (4, Insightful)

geeveees (690232) | more than 10 years ago | (#7812784)

If it takes a long time to send out bulk email, what about all the mailinglists people subscribe to? How would lkml or sourceforge lists continue to operate?

SpamBayes (1)

mdfrq (594528) | more than 10 years ago | (#7812789)

Microsoft should implement an smarter method, such as a replica of SpamBayes [sf.net] , which works already well.

Why are people too lazy to read the article? (2, Informative)

Koatdus (8206) | more than 10 years ago | (#7812791)

Do any of you actually read the articles before you open your mouths?

The idea was originally formulated to use CPU memory cycles by team member Cynthia Dwork in 1992.

But they soon realised it was better to use memory latency - the time it takes for the computer's processor to get information from its memory chip - than CPU power. That way, it does not matter how old or new a computer is because the system does not rely on processor chip speeds, which can improve at rapid rates. A cryptographic puzzle that is simple enough not to bog down the processor too much, but that requires information to be accessed from memory, levels the difference between older and newer computers.

Well ... this has existed for YEARS!! (0)

GNUALMAFUERTE (697061) | more than 10 years ago | (#7812792)

Have you ever tried to send an e-mail using outlook through a m$ exchanger?? ... it may take several minutes to get out!!!! = )

It's not an anti-spamming technique (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7812793)

It's an attack on Open Source development. If SourceForge was limited to that few emails a day it would kill many projects run by mailing lists. Worse, think about LKML - it would take years for the latest BK patches to be distributed via email. Wait, maybe this is Larry McVoy's subterfuge and not Microsoft's...or they're in cahoots...after all, they're both on the dark side (i.e., non-open or closed) of the source.

Can Multiple Email Processes be Spawned ... (1, Insightful)

leoaugust (665240) | more than 10 years ago | (#7812795)

Mr Wobber and his group calculated that if there are 80,000 seconds in a day, a computational "price" of a 10-second levy would mean spammers would only be able to send about 8,000 messages a day, at most.

I was just wondering (and I hate to play the Devil's Advocate but ....) what it would take to spawn multiple independent processes on one computer each running its own email client ... I know something like this should be easy with *nix ...

The nub of using memory is that it is question of "time." You can't fit "generated time" serially as the day is only 24 hours, but you can fit the "generated time" by putting it in parallel to fit within 24 hours with multiple processes ... and the parallel processes ONLY have to run the lightweight email client and nothing much else.

  • So 1 process on the computer can send out 8,000 emails.
  • 10 parallel processes can send out 80,000 emails
  • 100 parallel processes send out 800,000 emails
  • and so on ...

Microsoft made antispam software in 97 (0)

Anonymous Coward | more than 10 years ago | (#7812798)

MS Research labs made an antispam technique in 97, no one cared about spam so they put it in storage. I heard that the technique was encorporated in Outlook 2003.

Anyway, MS is trying to find a blanket solution to spam. There is none. Blacklists do more harm than good. Not to mention IPs can be spoofed. Spammers could start using bush@whitehouse.gov is they wanted to and spoof the IP to make it look like it is from him.

The best way to limit spam would be to have every router, switch and hub in the world check to see if packets coming from an IP block have IPs from that IP block. That way the origin can't be spoofed.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?