Click the comments link on any story to see comments or add your own.
Subscribe to this blog
20 Jul 2006
Another paper from the Fifth Workshop on the Economics of Information Security, (WEIS 2006) is Proof of Work can Work by Debin Liu and L, Jean Camp of Indiana University. Proof of work (p-o-w) systems are a variation on e-postage that uses computation rather than money. A mail sender solves a lengthy computational problem and presents the result with the message. The problem takes long enough that the sender can only do a modest number per time period, and so cannot send a lot of messages, thereby preventing spamming. But on a net full of zombies, proof of work doesn't work.
The current definitive analysis of proof of work is a paper by Ben Laurie and Richard Clayton that looks at the amount of compute power available to spammers who use zombies compared to legitimate mailers who don't, and concludes that any p-o-w system demanding enough to deter spammers would prevent a significant number of legitimate users from sending their mail. I talked to Cynthia Dwork, who co-invented p-o-w in 1992, at the CEAS meeting a couple of years ago and she agreed that zombies made it unusable.
Camp and Liu attempt to address this situation by combining p-o-w with a reputation system. They note that most hosts on the Internet send no mail, and when a new host starts sending mail, there is an upwards of 95% chance that it's sending spam. So they track existing hosts, giving them a reputation score that increases every time they receive legitimate mail from a host and decreases or is reset when they get spam, and adjust the size of a p-o-w problem demanded of a sender based on its reputation. They show that a plausible reputation function would allow essentially all the legitimate mail through while keeping spam hosts from sending more than a trickle.
This is all well and good, but it misses a major point--spammers adapt. The number of zombie computers on the net is stupendously large, and it is reasonable to assume that only a small fraction of them are in use at any given time, and that the bad guys have a large number in reserve that they have never used. Assuming that the bad guys can query the reputation function for a given host, which is likely since a useful reputation system has to be a shared one that aggregates data from a lot of recipients, they can check to see what hosts have what reputation and send spam from the ones with good reputations. They already do this to circumvent blacklists, with people telling me they see zombies switching targets when they get blacklisted. They don't have to send spam at full speed to defeat a reputation system like this, merely screw it up enough to provoke a chorus of complaints from people who suddenly lose the ability to send mail. (In a more sensible world, the response would be "tough, fix your zombie" but ISPs have never been able to make that stick.)
So although this is an interesting idea and the analysis is fine as far as it goes, it's too simplistic, and I just don't believe that spammers would sit still for it. So proof of work still doesn't work.
My other sites
© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.