Thursday, 18 September, 2003

It annoys me when people say the solution to spam is to tax e-mails.. I’ve seen this suggested on Slashdot a few times and it’s just silly.. Here are a few reasons its a bad idea:

• Most spam doesn’t originate from western countries - so a tax would be ineffective anyway
• The point of e-mail is that it is very low cost. Taxing could damage the economy
• How on earth would you enforce it?

A much better idea is this one that has been circulated on sci.crypt a few times. Here are he steps:

• Get a strong cryptographic hash, MD5 or SHA-1 will do
• Compute the hash of the message, the from to address, the time sent and any attachments.
• By Brute-force, find another value that generates a hash that matches in the first 20-bits.
• Append this value to the bottom of the message and send

How does this stop spam? Well, the brute-force step takes time. A time short enough for any legitimate sender not to be held up too long but a time that become crippling when you’re sending millions of mails.

Notice how the computation time is done at the senders end. The receiver can check the answer in exactly two hash executions. If the hash checks out..let the mail survive the first round of filtering, if the hash fails.. dump the message..

This would cut spam amounts by huge fractions. What I want to know is why no-one does this?