David,
Michel Py wrote: Besides, the deployment is sketchy: before it can be activated, it needs to be deployed at the vast majority of servers that send legitimate mail, which means that in the interim one still has to accept emails that don't use the system, which in turn produces no incentive to deploy it in the first place.
David Schwartz wrote: While I think this scheme is a pretty bad idea, the argument above is just not correct. Obviously, until this scheme is widely-deployed, you have to accept email from sources that won't perform this validation, but that doesn't mean that there's no benefit to performing the validation or requesting it.
Your point is valid, but along with the benefits of performing the validation even if the deployment has not reached 100% yet comes major drawback: If it can be assumed that Microsoft or eBay will indeed shell out the resources to buy and operate a few rackfulls of 1U low-end servers to distribute the processing load, the same assumption does not apply to smaller entities. I have a relatively small customer (~200 employees) that has a 300,000 person mailing list; they effectively send 300,000 legitimate emails a day. If I stick to the figures proposed yesterday (10 seconds of CPU an email / 8000 a day for one CPU) what does it mean for these guys in the period before 100% deployment: They have to choose between: 1. Do nothing and risk being more filtered than they otherwise would be. 2. Bite the bullet, buy 37 new servers (while they were using one) and develop a mechanism to load share the computation of the puzzle. A large number of these guys won't go for the 37 extra servers. What does it mean for you and me in the decision to deploy or not to deploy such a scheme on our own mail servers: it means that the extended filtering capabilities you described (which are very valid) nevertheless have to be balanced with an increased number of false positives, that very number of false positives being greatly increased by the partial deployment. As of today, the way I see the challenge of spam is not in terms of how much you block, but in terms of the ratio of false positives to undetected spam. Unfortunately, in the interim period this enhanced filtering mechanism you describe would favor two categories: a) the big and/or wealthy (because they can buy the required resources) and b) the spammers (because they steal the resources) at the expense of the smaller organization. :-( Michel.