http://news.bbc.co.uk/1/hi/technology/3324883.stm Ok so in summary you have to use a bit of CPU to solve a puzzle before it lets you send email. So either this doesnt work because spammers dont actually use their own PCs to send email or we are talking about a whole new mail protocol, either way I'm thinking this isnt going to work and its yet another publicity stunt. Steve
** Reply to message from "Stephen J. Wilcox" <steve@telecomplete.co.uk> on Fri, 26 Dec 2003 14:23:05 +0000 (GMT)
http://news.bbc.co.uk/1/hi/technology/3324883.stm
Ok so in summary you have to use a bit of CPU to solve a puzzle before it lets you send email.
So either this doesnt work because spammers dont actually use their own PCs to send email or we are talking about a whole new mail protocol, either way I'm thinking this isnt going to work and its yet another publicity stunt.
Steve
I'm sure I've heard this one before, so it's not even a new idea... hope whoever came up with it originally patented it. 8-) Then again, maybe it was MS that I heard about the first time, and the Beeb is simply late to the game here. Has anyone calculated the increased server load, the extra storage needed for the now lengthened outgoing mail queue, and the extra bandwidth required to handle all this extra back and forth puzzle thing? YahooGroups and the like would definitely be impacted. It would be interesting to see what protections will be built into the puzzle thing as well... I can see some joker setting up his server to require that the sending computer calculate PI to some ridiculous number of decimals... although that might make a good honeypot. Or, if the puzzle is open source (which would be a good thing), how soon before the spammers (or even legit MTA authors) hardcode the answers into the server software? I suppose there would have to be some random elements. It is interesting.... as an extension it might be nice to be able to set up a "whitelist" of trusted servers that don't have to go through the computational gyrations to send you mail - that way it would, hopefully, eventually impact the spammers more than it would impact legitimate e-mail servers. -- Jeff Shultz Loose nut behind the wheel.
In message <20031226163658.DE74E10DAD@gateway.wvi.com>, "Jeff Shultz" writes:
I'm sure I've heard this one before, so it's not even a new idea... hope whoever came up with it originally patented it. 8-) Then again, maybe it was MS that I heard about the first time, and the Beeb is simply late to the game here.
Yes, puzzles have been suggested before as defenses against SYN floods and SSL DoS attacks, and many other things as well.
Has anyone calculated the increased server load, the extra storage needed for the now lengthened outgoing mail queue, and the extra bandwidth required to handle all this extra back and forth puzzle thing? YahooGroups and the like would definitely be impacted. It would be interesting to see what protections will be built into the puzzle thing as well... I can see some joker setting up his server to require that the sending computer calculate PI to some ridiculous number of decimals... although that might make a good honeypot. Or, if the puzzle is open source (which would be a good thing), how soon before the spammers (or even legit MTA authors) hardcode the answers into the server software? I suppose there would have to be some random elements.
The usual way this is done is to pick a puzzle that's hard to compute but easy to verify. For example, the server could pick a random number, take the top N bits, and challenge the client to find *any* number whose SHA1 hash has the same high-order N bits *and* includes some other random string as the high-order bits of the answer. There are no known short cuts; the only feasible strategy is to calculate lots of SHA1 hashes for different input values. (The server sends some other random number to avoid precomputation attacks.) Bandwidth is probably not an issue; it's one extra round trip, and it's not very much text. Mail sender queues are more of an issue, as is the load on the sender; if I were doing this, I'd make it adaptive, with a high cost being required for unknown senders, or those that have sent suspected spam. For example, start with a 12-bit puzzle, i.e., one of client difficulty 4096. For each piece of non-spam, subtract some small value from the difficulty. For each piece of spam, double the difficulty rating for that client. There are lots of ways to do things like this; it will take more than back-of-the-envelope calculcations to understand all the knobs, let alone what countermeasures the spammers will deploy. For an introduction to schemes like this, see Stubblefield, A.., and D. Dean, "Using Client Puzzles to Protect TLS," Proceedings of the Tenth USENIX Security Symposium, Washington, DC, August 2001, available at http://www.csl.sri.com/users/ddean/papers/usenix01b.pdf .
It is interesting.... as an extension it might be nice to be able to set up a "whitelist" of trusted servers that don't have to go through the computational gyrations to send you mail - that way it would, hopefully, eventually impact the spammers more than it would impact legitimate e-mail servers.
According to the article, that is indeed part of the scheme. --Steve Bellovin, http://www.research.att.com/~smb
It's too easy to introduce a worm that gives a spammer access to many teraflops of unwittingly collaborative computing resources. I can't imagine a compute-intensive puzzle scheme is going to do much more than the average iteration of a rule-based anti-spam filter. They'll just provide a temporary dent in the total spam flow. A reliance on new puzzles to provide obstacles to such spammers will end up being very close to homomorphic to rule-based filter iterations. Perhaps even a little less useful, as the spammers will not need to analyze and change each individual bit of spam, but merely need to reload the distributed sending cluster with the new solvers. Microsoft could indeed wipe out spam, in the short and long run. And they can do so without schemes that are likely to end up building upon the substantial plaque that already clogs the arteries of the net. Doug On Fri, 26 Dec 2003, Steven M. Bellovin wrote:
In message <20031226163658.DE74E10DAD@gateway.wvi.com>, "Jeff Shultz" writes:
I'm sure I've heard this one before, so it's not even a new idea... hope whoever came up with it originally patented it. 8-) Then again, maybe it was MS that I heard about the first time, and the Beeb is simply late to the game here.
Yes, puzzles have been suggested before as defenses against SYN floods and SSL DoS attacks, and many other things as well.
Has anyone calculated the increased server load, the extra storage needed for the now lengthened outgoing mail queue, and the extra bandwidth required to handle all this extra back and forth puzzle thing? YahooGroups and the like would definitely be impacted. It would be interesting to see what protections will be built into the puzzle thing as well... I can see some joker setting up his server to require that the sending computer calculate PI to some ridiculous number of decimals... although that might make a good honeypot. Or, if the puzzle is open source (which would be a good thing), how soon before the spammers (or even legit MTA authors) hardcode the answers into the server software? I suppose there would have to be some random elements.
The usual way this is done is to pick a puzzle that's hard to compute but easy to verify. For example, the server could pick a random number, take the top N bits, and challenge the client to find *any* number whose SHA1 hash has the same high-order N bits *and* includes some other random string as the high-order bits of the answer. There are no known short cuts; the only feasible strategy is to calculate lots of SHA1 hashes for different input values. (The server sends some other random number to avoid precomputation attacks.)
Bandwidth is probably not an issue; it's one extra round trip, and it's not very much text. Mail sender queues are more of an issue, as is the load on the sender; if I were doing this, I'd make it adaptive, with a high cost being required for unknown senders, or those that have sent suspected spam. For example, start with a 12-bit puzzle, i.e., one of client difficulty 4096. For each piece of non-spam, subtract some small value from the difficulty. For each piece of spam, double the difficulty rating for that client. There are lots of ways to do things like this; it will take more than back-of-the-envelope calculcations to understand all the knobs, let alone what countermeasures the spammers will deploy.
For an introduction to schemes like this, see Stubblefield, A.., and D. Dean, "Using Client Puzzles to Protect TLS," Proceedings of the Tenth USENIX Security Symposium, Washington, DC, August 2001, available at http://www.csl.sri.com/users/ddean/papers/usenix01b.pdf .
It is interesting.... as an extension it might be nice to be able to set up a "whitelist" of trusted servers that don't have to go through the computational gyrations to send you mail - that way it would, hopefully, eventually impact the spammers more than it would impact legitimate e-mail servers.
According to the article, that is indeed part of the scheme.
--Steve Bellovin, http://www.research.att.com/~smb
It's an interesting concept... Now spammers will use a noticeable portion of the CPU on the boxes they've hijacked, instead of the currently virtually unnoticable portion of the resources, so, in that sense, it might help identify the owned boxes to their true owners. However, I think Micr0$0ft could do much more to reduce SPAM if they simply made their OS less 0wn-able. Owen --On Friday, December 26, 2003 2:23 PM +0000 "Stephen J. Wilcox" <steve@telecomplete.co.uk> wrote:
http://news.bbc.co.uk/1/hi/technology/3324883.stm
Ok so in summary you have to use a bit of CPU to solve a puzzle before it lets you send email.
So either this doesn't work because spammers dont actually use their own PCs to send email or we are talking about a whole new mail protocol, either way I'm thinking this isnt going to work and its yet another publicity stunt.
Steve
-- If it wasn't crypto-signed, it probably didn't come from me.
More than likely, spammers will have their hijacking programs spread out the load so as to remain unnoticeable. I think that's important to maintain control over a large number of machines: the jig is up once a user notices far more lagtime than ever before. I also think that "make your operating system more secure" is a specious request. To reduce spam, something as simple as highlighting email from addresses that you've written before, or that belong to a web-of-trust involving chains of such authorship, or many other fairly simple schemes wuld assist to minimize spam. And is something only Microsoft is in a good position to wield upon us. Doug On Fri, 26 Dec 2003, Owen DeLong wrote:
It's an interesting concept... Now spammers will use a noticeable portion of the CPU on the boxes they've hijacked, instead of the currently virtually unnoticable portion of the resources, so, in that sense, it might help identify the owned boxes to their true owners.
However, I think Micr0$0ft could do much more to reduce SPAM if they simply made their OS less 0wn-able.
Owen
--On Friday, December 26, 2003 2:23 PM +0000 "Stephen J. Wilcox" <steve@telecomplete.co.uk> wrote:
http://news.bbc.co.uk/1/hi/technology/3324883.stm
Ok so in summary you have to use a bit of CPU to solve a puzzle before it lets you send email.
So either this doesn't work because spammers dont actually use their own PCs to send email or we are talking about a whole new mail protocol, either way I'm thinking this isnt going to work and its yet another publicity stunt.
Steve
-- If it wasn't crypto-signed, it probably didn't come from me.
On Fri, Dec 26, 2003 at 09:28:38PM -0800, Owen DeLong wrote:
It's an interesting concept... Now spammers will use a noticeable portion of the CPU on the boxes they've hijacked, instead of the currently virtually unnoticable portion of the resources, so, in that sense, it might help identify the owned boxes to their true owners.
Me thinks you overestimate the coding quality of ANY commonly available program which deals to millions of sockets, and there is no reason spammers wouldn't be included. CPU is the only thing bounding the problem at "bad", instead of "insane". How much pipe do you think a new high end system can fill by sending out relatively short messages to millions of sockets, even with halfway decent code, by the time it finishes doing MX resolutions, the 3-way handshake, deals with unreachable or otherwise dead or blocked servers which don't send an RST, and handles all this concurrently? I'd put the number somewhere around 5Mbps, and this doesn't even touch people throwing together perl scripts, or who can't write asynchronous code and just throw threads at the problem. But to quote a line from the article:
"One of the fundamental problems with spam is that it costs nothing to send, but has associated costs for the recipient which include loss of bandwidth, problems with usage, and lost productivity," he said.
This is absolute nonsense. It costs the spammers the sum total of what it costs all the recipients, and probably more. Yes there are some people who abuse open relays, a dial account they were already paying for, or a hacked box, but what percentage of the spams do you think these account for? http://www.spamhaus.org/rokso/index.lasso Spamhaus says 10%, though that does sound like a number they just pulled out of their ass. :) Spammers pay the same way that receivers do, except without the luxury of dealing with only one millionth of the load. These don't apply to every situation obviously, but just off the top of my head we have: * Cost of commercial outbound bandwidth vs residential inbound bandwidth * Cost of the systems which send the e-mails, be they rented or purchased * Cost in money and time changing providers constantly * Cost of paying providers large sums of money far over market rate to stay * Cost in money and time to obtain e-mail lists * Cost in money and time to receive and sort bounces, and prune dead emails * Cost in money and time to continue to operate the site being advertised * Cost in money and time to deal with thousands of angry calls/emails if they try to keep the LOOK of legitimacy by claiming they don't spam Obviously these are very real costs, of the exact same legitimacy as the receivers "costs". Yes spam is a cheaper way to reach millions than other advertising methods like direct mailing, but that doesn't mean that it is free. The point here is that spam is used, not because it is free, but because it WORKS as an advertising method. If you sell a $50 product (like say software, or a subscription to a porn site, or even some $0.10 penis growth sugar pills), and you spam 100 million email addresses at a cost of $5000, and if even 0.01% of the people click the link and buy the product, you've just netted $495,000. As long as it is making people that kind of money, there will be sufficient reason to find a way to get around these poorly thought out ideas of Microsoft. P.S. Are there any MTA hacks which keep the socket of messages identified as spam tied up as long as possible? I haven't seen them, but it seems like a good idea. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
participants (6)
-
Doug Luce
-
Jeff Shultz
-
Owen DeLong
-
Richard A Steenbergen
-
Stephen J. Wilcox
-
Steven M. Bellovin