Impoverish a Spammer Today

esj at harvee writes "Recently the Camram project released its latest version of a hybrid sender-pays anti-spam system. The project has proven that sender-pays works and has demonstrated how to make it work with existing e-mail systems. Camram has developed hybrid sender-pays techniques that scale down to the desktop and up to the enterprise. It's a completely decentralized system that can put spam-fighting power in the hands of individuals. It gives you control of not only the current generation of spam, but also any future commercial spam -- why replace Viagra ads from a scam artist with Viagra ads from Pfizer?"

Re:Two Words

[skiflyer]

RTFA, it handles mailing lists fine. You whitelist the sender and then they don't need to stamp the mail.

The technology is a hybrid solution to avoid the problem of universal adoption... a nice side-effect of this is you don't demand stamps from your white-list.

I have to say, I think it's quite an interesting combination of concepts, but still requires mass adoption to be useful.

Re:The problem is...

[The0retical]

The FAQ says that there is a white list. I assume from reading it that it means that they do not have to pay.

I will save you one step...

[TuringTest]

They have a page with Frequently Raised Objections [camram.org]. Now I've made redundant 40% of the remaining posts to this article.

There is no problem here.

[Jim McCoy]

Why is this a problem? If what you are expected to pay depends on volume then it means that a non-spammer who only sends a few emails a day will have almost nothing to pay while a spammer will be unable to afford the work required to send thousands of emails. Since this is based upon proof of work and not an actual monetary amount, it will not be a cost that is difficult to bear.

Yes, some people who run email lists out of their account will be inconvenienced, but not as much as they claim. They will just need to change the signup message to say "this is a mailing list that you signed up for, so add us to your whitelist because we will not be performing proof of work challenges and will drop you from the list when the first proof of work request arrives."

Some will claim that the hordes of spam zombies out there will be able to do the work on the spammer's behalf so this is not a solution, but it will at least provide some rate limiting for that zombie and it will also make it much more likely that the zombie will be noticed by the user when it starts to chew up CPU cycles.

Re:E-postage is not the answer...

[skiflyer]

I agree, but this project isn't exactly e-postage... it's more like E-e-postage... you pay in computational cycles, not dollars (or pounds or lira or whatever you trade in your part of the world).

So as long as you're not sending out several thousand messages to new and different recepients on a daily basis, you needn't really worry.

Most of your questions are raised here...

[Anonymous Coward]

Camram FRO (Frequently Raised Objections)

A system such as sender-pays, which proposes a radical change in the email environment, inevitably generates objections. This is positive because it helps identify the strengths and weaknesses of the system. However, once objections have been worked through and the developers have answered the same questions approximately 10^20 times, a listing of Frequently Raised Objections is appropriate.

Isn't universal adoption necessary for a sender-pays system?

For a classic sender-pays system, the answer is yes--any system requiring universal adoption is a non-starter.

Because of this problem, the Camram project (and probably others) expanded the classic sender-pays model to a hybrid sender-pays model. One of the many strong features of the hybrid model for sender-pays is that it solves the problem of universal adoption. This new model provides anti-spam benefits to the very first user, and the benefits increase as you add users. Hybrid sender-pays lets you incrementally introduce an anti-spam device that will take a serious chunk out of the economic foundations of spam.

What kind of attacks are possible against a hybrid sender-pays system?

There are four known attacks on this system. Two of them attack the sender-pays system, one attacks the friend filter (i.e. the white list), and the last attacks the content filter. Content filter attacks are nothing new; we are in the middle of one right now where spammers are trying to bypass Bayesian filters. As the number of stamps increase, the "harshness" of the content filter can increase and eventually the need for content-filtering can go away.

The friend-filter attack comes from the implementation of white lists by name. If you know the content of the white list, then a simple forgery will let you bypass the filters. The trick of course is determining the content of the white list. One longer-term solution is to move to white listing by public key. Unfortunately, as long as there are folks not using the system, there will always be a need for white-listing by name.

Attacks on the sender-pays system involve trying to generate stamps faster. The first is the classic hardware accelerator. The best estimate we have for today is a 500 times speed up over software. There are both hardware and software responses to this attack but both responses effectively devalue the stamp or the means of production, which in turn restores the economic balance. The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.

How do you deal with large-scale legitimate mail sources (i.e. mailing lists, mail houses, etc.)?

There are two issues here. Mailing lists don't really have a good solution with the first generation of stamps. The traffic mailing lists generate is fundamentally indistinguishable from spammers, therefore whatever hurts spammers will hurt mailing lists. The answer for right now is to not do anything with mailing lists. Let them send unstamped mail and let the user whitelist mailing lists or deal with the trapped message issue manually.

In the future, it will become easier to deal with mailing lists because of the second generation of stamps (opportunistic signatures). If the list is signed with its own stamps, then it would be let through without problem. Spammers would still be barred because their signatures would be ignored.

The second issue is

Re:Hobbiests

[lpret]

As long as people whitelist you there's no cost to you. You're fine.

Re:What happens...

[Dark Paladin]

According to the FAQ, the calculations are that even with the number of "zombie" machines out there, there still isn't enough processing power to generate all of the necessary "stamps" - or at least it's enough to reduce the time.

If nothing else, at least it's something, right?

Re:Hobbiests

[Jim McCoy]

You will have to change your signup mechanism to notify the user that they have to add you to the whitelist, and you will need to change the list admin email to first send a message to a user reminding them of this fact and only after they reply to this standard response to all complaints message will the message filter up to your mailbox. This is a couple of hours of coding for anyone maintaining a mailing list package.

READ THE PROPOSAL FIRST PLEASE!

This is not asking you to spend money, it is asking you to perform a proof of work. This is hashcash, not real money.

Re:Two Words

[Anonymous Coward]

RTFA, it handles mailing lists fine.

I'm reading TFA [camram.org] and it states quite clearly "Mailing lists don't really have a good solution"

Read the website!

[jschottm]

This is a calculation based stamp, not anything financial. It's not going to cost anything. It allows for white-listing on a per user basis that exempts senders from the stamp requirement. Therefore, if you wanted to get on a mailing list, you'd add them to your white-list. Yes, it's an extra step, but what's one extra step when you sign onto a mailing list compared to having to dig through hundreds of spam messages a day?

Have some (slightly out of date) documentation:
One section [billerica.ma.us]
Another section [billerica.ma.us]

RTF-FRO !

[LordPixie]

Ripped right from their website's Frequently Raised Objections [camram.org]:

If anybody can generate a stamp, what is to stop a spammer from generating stamps?
Nothing. In fact, we want spammers to spend as much time as they can generating stamps because it will undermine their economic foundations. As a spammer generates messages with stamps, people can raise their postage based on the spam. Everyone's rates will increase and it'll only affect the spammer and stranger-to-stranger e-mail. Friend-to-friend e-mail doesn't use work stamps and will be unaffected by any postage increases. "

And....

The second attack utilizes zombies as a compute array. But if you run the numbers, you'll find out that the number of zombies known, if run perfectly and full tilt, cannot generate enough stamps for all of the spam in the world today. A tremendous number of stamps would be generated, but not enough for everybody. One benefit of zombies being used to generate stamps is that the machines will become hot, slow, and probably unreliable, all of which will be noticeable to the end-user. With luck, this means some people will get their machines fixed and reduce the zombie issue. Again, if the zombies the start generating stamps, one can always change stamp definitions or value.
[all emphasis theirs]

It's almost like they anticipated this sort of thing. Or, like, thought out their design beforehand. Crazy concept, no ?


--LordPixie

simple

[TamMan2000]

Require your users to whitelist your address, and then don't stamp your messages.

postage does not work

[danmart]

This is microsoft's dream come true, but it does not work.

Look at your mail box. All that junk mail was paid with postage. It does nothing to deter them from continually bombarding you with the junk mail.

The only think it does is hurt the little guy. Big advertisers will always pay the price to spam you with junk mail and junk email.

This will just mean the little spammers will be replaced with big spammers. And the company controlling the postage meter will get quite rich. And your email will still contain just as much spam. Only it will be called targeted marketing material that you are interested.

Re:Hobbiests

[jrutley]

It isn't talking about money at all -- only computation. The only extra money you would spend is on your electric bill since your CPU load will be higher. Besides, you wouldn't need to stamp since you're on their whitelist. ;)

There's a better variant

[btempleton]

Combining challenge/response with cpu stamps, java and other factors. It allows the problem to change over time, requires no new software at the sender's end (which is the big non-starter) and still allows anonymous mail.

It's at this page on cpu stamps and challenge response [templetons.com].

Re:Two Words

[skiflyer]

Yes, it states that, then states several solutions. I guess the developer doesn't consider whitelisting your mailing lists to be a good solution. I disagree, I think bulk mail is exactly the type of mail I don't mind whitelisting, while I would find it a major inconvenience to have to whitelist personal mail.

Re:The problem is...

[brunes69]

Also, white lists dont deal with the fact that a lot of email is from first time corresponders such as online retail outlets.

Er, if an "online retial outlet" is sending me email I did not sign up for, then that is SPAM and is exactly the thing this is supposed to prevent!.

If you *do* want email from a certain company, and you signed up for it, then you should add that domain/email to your white list. Simple as that.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Pay to send, but not with money!

[KyleHa]

You might have a point if this scheme involved using money. In this case, however, the "payment" is a proof-of-work [hashcash.org]. The user is paying in CPU cycles "spent" to send the message.

Re:Many Major Flaws

[loxosceles]

As for low-power devices, sure, that's a problem. Unless you have a better idea, though, you'll just have to live with TMDA or some other solution that doesn't require as much cpu time. You could even send your key to recipients ahead of time and get them to pre-whitelist it.

As for the other comments, you ought to read about camram. camram whitelists by pgp keys, not by sender. Initial messages have both a hashcash stamp and a pgp key. If the hashcash stamp has enough bits, the pgp key gets whitelisted. Spam operations would have to generate a high-value stamp for each recipient. Sure, they could send to the same recipient address twice, but why would they?

Furthermore, any pgp keys that spammers manage to get people to whitelist could be added to a DNSBL-type blacklist. The spammer would then have to generate a new key and generate hashcash stamps for every recipient all over again to get that new key whitelisted. Think RAZOR with a feature that feeds obvious spammers' keys into a dnsbl.

Numerical Assumptions make it succeed or fail

[billstewart]

Tweaking the numbers differently can make this kind of system look like it will succeed or fail. Some recent reputable papers have been looking like it's more likely to fail - too many zombies out there, so if the zombies bother to include CAMRAM support, they can win. It's harder for the zombies to win if every message requires computation, but if each sender only has to do the computation once per recipient, and not on every message, then it's way too easy for the zombies. On the other hand, that makes it easier to detect and blacklist the zombies as well.

It's obviously a bad idea to build a system that only lets a reasonable machine send 10 messages per day - probably even 100 per day is too low, depending on your applications. 1000 is usually fine. It turns out that there are calculations that scale based on memory speed rather than CPU speed, so there's a much lower spread between the slowest non-palmtops and the fastest CPUs out there (like 4:1 rather than 20:1). But even if each zombie can send out 10,000 messages/day instead of 10,000,000, that slows them down enough that you can detect them and kill them (or at least blacklist them...)