Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Researching Anti-Spam Technique

Posted by michael on from the penny-for-your-thoughts dept.

Tim C writes "Microsoft's Research group are working on a technique to combat spam. Dubbed the 'Penny Black project', it involves making email senders perform a computation taking around 10 seconds, which their recipients can then check for. This delay would limit bulk emailing speeds to around 8000 a day, meaning that to spam all of those 'fresh, guaranteed 25 million addresses' would take approximately 8.5 years." We've reported on this before.

6 of 660 comments (clear)

  1. Oh yeah they invented this... by tomstdenis · · Score: 5, Insightful

    Well actually yeah they did. At Crypto'03 a method for memory bound HC was presented.

    So while MSFT didn't invent the original HashCash concept MSFT did improve upon it. So before anyone gets the bright idea of flaming MSFT ignorantly.... know your facts!

    Tom

    --
    Someday, I'll have a real sig.
  2. Involves calculating hashes by baseinfinity · · Score: 5, Interesting

    We studied this in a computer security course I took. This technique has been proposed to TCP establishment as well. It involves the server calculating a hash of a particular nonce (random value). The server then provides the hash and a certain number of bits of the nonce. It becomes the clients job to complete the nonce such that the value hashes out correctly. The server can vary the number of bits it provides to vary the difficulty of the puzzle...

  3. This not only isn't going to work, it's a disaster by FreeUser · · Score: 5, Insightful

    Count on Microsoft's "cure" to be worse than the disease itself. You would think for $40 billion they could buy just a little more intelligence than that.

    SMTP needs to be redesigned. Not by Microsoft, who will use any change in the protocol to tighten their monopoly grip, locking in their customers (and locking out the non-Microsoft world), but by the IETF.

    Spammers having to do a computation before delivering email isn't going to limit them to 8000 pieces of mail a day, it simply means they're going to cluster all of those Windoze boxes their custom worms have infected, and let those millions of PCs do the work for them in parallel. SPAM won't decrease one bit, but the load and toll it places on those who use the net will go up significantly.

    The solution isn't to increase the cost of email (computationally, bandwidth-wise, or financial), the solution is to repair the design flaws in SMTP (and, for that matter, USENET, something that remains the most useful medium on the 'net despite its widespread abuse) that make SPAM a viable methodology.

    --
    The Future of Human Evolution: Autonomy
  4. Okay.. by NegativeK · · Score: 5, Insightful

    If this works as stated, then I can see issues.. For instance, large mailing lists. Would they have to be white-listed? 3000 seconds of computation is a heavy tax on a community based program like the Linux Kernel Mailing List, which averages 300 messages to my inbox a day. Also, there's the issue of viral spammers.. Those that send out viruses to do the spamming for them. If you infect enough, 8000 mails per day per computer can still be quite a bit.

    Personally, my whole take on spam is that everything needs to be done on the user end. Laws have loopholes in every situation (foreign spammers being a large one,) server restrictions are either too restrictive on small servers, or can be defeated with distributed computing.. I say we stick with Bayesian filtering. It works _wonders_ for me, and I'd love to see more people use it.

    --
    This statement is false.
  5. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  6. Re:Proposed "Sender do Something" technique. by John+Hasler · · Score: 5, Insightful

    > The email is sent and the server runs it through
    > the scoring process. If the message scores more
    > than 6/10 the server sends the sender an
    > authentication message, asking to validate the
    > email.

    So you are one of those resposible for bomabarding me with those damn things.

    > This would require spammers to manually
    > intervene and waste tons of their time. if they
    > forged the sender email...

    They always do. My domain is a favorite.

    > ...their email would go to someone else's
    > email...

    Yes. Mine.

    > ...and they would just trash it...

    Isn't that what the spammers say? "If you don't want it, just delete it. What's the big deal?"
    The big deal is that about a quarter of my email is bogus bounces and useless "confirmation" message from systems such as yours.

    _NEVER_ _REPLY_ _TO_ _SPAM_

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.