Gates on Spam

pvt_medic writes "Microsoft is proposing a new system that would require people to pay to send e-mails. Postage would be in the form of allowing others to use your computer to make calculations, similar to the SETi@home project. There are other systems being suggested that would include monetary stamps and people could decide on accepting an e-mail based off the value of the stamp. (story has great picture of Bill Gates as well)" Gates' proposed system will be Microsoft patent-encumbered, unsurprisingly.

Re:Gates/Chong/Pope?

It is possible to suggest technical solutions without patenting them, so yes, I'd say it's worth mentioning that patents are involved.

Re:Cha ching, reloaded.

[helmutjd]

If you read the article, it's actually nothing to do with anything like Seti@Home, or any distributed computing application. The computation is simply there to consume time, so that it takes longer to send a message. The mail server knows the answer in advance, and if the client provides the correct answer, the message is relayed... if not, it's denied. That way, spammers HAVE to perform the expensive computation, which significantly slows their mass-mailing efforts. Typical users wouldn't even notice the delay (it could be done in the background or whatever, after the user clicks send). The results of the computation itself are meaningless... so nobody benefits from them, including Microsoft.

Re:Gates/Chong/Pope?

[Gr0nk]

Instead of paying a penny, the sender would "buy" postage by devoting maybe 10 seconds of computing time to solving a math puzzle. The exercise would merely serve as proof of the sender's good faith.

Even if it takes 10 seconds to perform the calculation on todays hardware, within a few years we are talking about 0.1 seconds or less. So why go with a temporary solution, let's nip the problem in the bud!

Personally, I use the Cloudmark plugin for that nasty M$ program which effects a /.-like Karma system. Until we have a system with staying power, I don't see an end to this problem.

Re:Arg.

[Yobgod+Ababua]

This article is a decent brief overview of what I was referring to: http://www.techweb.com/wire/story/TWB20031205S0009

Paying for email would do one thing

[yoshi_mon]

Forcing some sort of email "stamp" in any way will do one thing, fragment the email standard as those who don't want to pay/can't afford to pay will adopt a new standard of sending messages.

Then I'm sure the lawyers would muck it up even more by trying to enforce ISPs to regulate the new email/message sending system and we would get into the very thorny issue of what constitutes an email?

What about IRC chat, or Instant Messaging, or message board messaging systems? Would those fall under the email stamp tax?

Spam is annoying but I personally will not pay again for my service. I pay for my bandwidth and I know how to filter my email properly. Forcing me to pay again for email will only insure that I will be one of those who switches to another standard.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Make it universal.

The only way the problem would work is if it's universal. This means not requiring some arbitrary code execution.
Here are some criteria for the problem:
-The problem would be something where the code for execution would reside on the sender's machine.
-The code for execution must be somewhat computatively intensive.
-The code for execution must accept a large range of input data values, which must be of relatively small size.
-The output data of the execution must be of a relatively small data size.
-The code for verifying the corectness of the output must not be computatively intensive.

Are there mathematical problems like this?
Yes

Examples: Breaking encryption.
Require the sender to break an encrypted message of some size with a relatively weak (but not too weak) encryption algorithm. Say, RSA with only 12 bits (this is a total wild guess I have no idea what # of bits and what input size would give something on the order of seconds for modern computers).

Use an NP-hard problem

[lysander]

Coming up with a problem is the least of our worries, just pick a problem that's NP-complete or at least NP-hard. Let's pick an example problem you've heard of: factoring is believed to be NP-hard, and would work fine for this purpose.

The mail server comes up with two random primes, large but not "cryptographically large", sends their product, and waits for the factorization. The mail server could even precompute what random primes it will be using for future questions, or offload that task to another server if it is too busy.

Re:Use an NP-hard problem

[giblfiz]

mod parent up!! (informative)

The post which he is responding too could stand to learn a little about number theory. There are are all sorts of problems that are easy to generate with a known answer and hard to solve. The prime exsample is just one (which isn't too well suited for the task, but is one of the easiest to understand and exsplain)

Re:Use an NP-hard problem

[Jason1729]

This is a positive point from Microsoft's point of view. Your 10 year old computer is now completely useless for sending email, so you must now buy a brand new computer, complete with a new Windows license (you don't think they'll let you use linux to run their protocol, do you? :) )

Jason
ProfQuotes

Re:Use an NP-hard problem

[SDPlaya]

The NP complete statement is simply wrong. There are NO computers in existence (except quantum and DNA computers) that can efficiently compute NP-Complete problems (at least that we know of, since NP != P is still open). What this means is that for any sized computer (even one bigger and faster than Deep Blue), it's easy to construct an NP-Complete that is tough to solve, but easy to verify. That's pretty much complexity 101.

Your point about scalability is odd. It's correct, but meaningless. There are no class of problems that you can't compute faster when the computer is faster. But saying a computer is faster is a vague statement since computers almost never uniformly get faster. CPUs get faster (even then there are tradeoffs with things like pipeline depth), memory gets faster, buses get faster, disks get faster, etc... The reason why problem scalability is an issue is because usually there is a bottleneck along one of the resources.

Now it is true that computers which are 10 years apart in age will have a different level of compute available. I imagine the amount of time it would take to construct the solution would be on the order of 1/10 second for a fast computer, and say 1-2 seconds for an old 486 (estimates). Sure not great for the 486, but how fast are you sending email with the 486? The point is that now the spammer who sends a million emails now must wait 1000000/10 seconds.

Re:Use an NP-hard problem

[kasperd]

Just for your edification, O(NP-hard) = O(NP-complete).
That is not correct.

That is, all NP-complete problems are NP-hard, but not visa versa.
That is correct.

So it's misleading to say "NP-Complete or at least NP-hard".
Yes, I agree with that.

To be a litle more precise NP-complete is defined to be the intersection of NP and NP-hard. And P is a subset of NP which is very easilly shown from the definition. If there exist a problem which is in both P and NP-complete, then it will follow that P=NP (and for all practical purposes NP-complete will be the same set), however even if P=NP there will be NP-hard problems that are outside P.

Re:Cha ching, reloaded.

[antientropic]

You either have two choices -- either the mail server does the same computation, which will either bog the hell out of any high volume mail server

Of course not. It will be the sort of problem that's easy in one direction and hard in the other - like factorisation. The server would just have to pick two large primes (relatively easy, although probabilistic), send the product to the client, have the client factor the product, and verify that the primes the client sends back are the right ones.

Does anyone even read the snippet?

[Yankovic]

I know no one on /. reads the article, but what about the snippet at the top. You don't actually exchange cash at all, it's all about provably dedicating computer time. Money is NOT exchanged. This also would not affect DLs and other wide lists, because it would be the initial mail that would be computed, rather than all the redirected ones. As far as mailing to lots of people, that is a concern, but how many lists out there are >10000 in size? What this really limits is people who want to send to 1M people, and, yes, you're screwed there.

Re:Cha ching, reloaded.

[TheFrood]

There are all kinds of problems that are much harder to do in one direction than in the other.

Example: Factor 56,029,043 into primes. You're welcome to use Matlab, octave, xcalc, or whatever.

Answer: 7 times 19 times 43 times 97 times 101.

How long did it take you to solve? A lot more time than it took me to come up with the problem, because all I had to do was pick five primes and multiply them together. Obviously, a computer could factor that number trivially, but the concept scales easily to much bigger primes.

TheFrood

Re:Cha ching, reloaded.

Couldn't the calculation to generate the question from the answer be orders of magnitude easier than the reverse?

Its public-key crypto in reverse! Generate several big primes and multiply them together. Send the product and ask for the factors.

Microsoft gets all your work for free

[ministeroforder]

Check out the fine print. "Microsoft and its Affiliates hereby grant you ("Licensee") a fully paid, royalty-free, non-exclusive, worldwide license under Microsoft's Necessary Claims to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations, provided, Licensee, on behalf of itself and its Affiliates, hereby grants Microsoft and all other Specification Licensees, a reciprocal fully paid, royalty-free, non-exclusive, worldwide, nontransferable, nonsublicenseable, license under Necessary Claims of Licensee to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations." basically whatever code you write, you must give to microsoft for free. Good deal eh?

Re:Cha ching, reloaded.

[ivan256]

You could whitelist those senders so they didn't have to perform the computation.

Either way, a patent encumbered system is unacceptable, no matter how technologically sound it is.

Re:I don't get it

[npsimons]

2. lookup domain of sender. If does not resolve, discard.

There is already a patch for this (at least for qmail). The others wouldn't be too tricky.

Re:Cha ching, reloaded.

[Coryoth]

Example: Factor 56,029,043 into primes. You're welcome to use Matlab, octave, xcalc, or whatever.

You need to pick bigger primes:

$ factor 56029043

56029043: 7 19 43 97 101

$


never underestimate the effectiveness of a little GNU tool like factor - sitting waiting right at your nearest bash prompt (which can be surprisingly close).

Your point is entirely valid of course, the example is just a little too easy.

Jedidiah.

Microsoft Proposal is Spam Friendly, Like CANSPAM

[WryCoder]

Here's what I get from the MS docs:

Four categories:

1. Zombie Windows PC attempts SMTP with recipient MTA. Latter looks up published IPs (as XML in DNS "text" field) for "responsible" sender's domain MTA, finds the sender isn't one of these, drops the session.

2. Large ISP's MTA attempts SMTP with recipient MTA. Sender IP verifies. Recipient MTA looks up *certificate* of ISP and verifies it. Email delivered.

3. Small domain MTA attempts SMTP with recipient MTA. IP verifies, but there is no certificate. Recipient MTA asks sender *MTA* (not necessarily PC of originator) to factor a medium sized prime, or some such. Good sender solves problem, spam sender disconnects.

4. Roaming laptops, mail forwarders, anonymous remailers, etc. These are more problematic, but are handled by adding headers which identify the original responsible sender.

Problem: The Independent Email Certifying Authority. These verify that the large organization is following "proper email policies". But you can bet that these policies will be something rather consistent with the CAN SPAM act. In other words, you are still going to get a lot of "legal" spam.

Finally, MS will grant anyone a reciprocal license to use, modify, distribute, etc. *except* everyone must get their own license. So it appears at some point in time MS can start charging for the license, or bundling it, or whatever. The early adopters will still have good licenses, but MS can use the code they developed, put it in Windows, and then limit new use of the patented technology to the Windows platform.

For those who did RTFA, did I get it right?