February 13th, 2005

Electronic stamps: Not a relevant way to stop junk e-mail

Commentary — Opposite to what Randall Stross suggests is his New York Times column, computational puzzles are not a relevant solution to stop spam.

What we need, in other words, is (…) a way to force a sender to pay every time a message was sent
- payment not in money, but in time, by applying the computer's resources to a computational puzzle, devised on the fly for that particular message.

Hijacking an end-user's machine to have it digitally stamp messages will let spammers bypass this stamp rule. In the end, ideas such as this will only cripple end-users even more. And this should have been obvious to the author given the considerable amount of coverage Spamhaus got for its warning on the threat from proxy hijackers.

Filed under Blog by

Print

Comments on Electronic stamps: Not a relevant way to stop junk e-mail

February 14th, 2005

Denis de Bernardy @ 4:23 pm

Randall Stross, the Digital Domain columnist who wrote the New York Times article, sent me the following answer by email:

Denis,

Computational puzzles will only work if spammers are unable to hijack machines and steal processing power, and that requires something radically different than our current system of relying upon individuals to purchase third-party antivirus software and keep subscriptions current. The enormous problems caused by hijacked Windows machines must be solved at the source: Microsoft, which should be required to build in antivirus protection and offer free, unlimited updates, as a condition of selling its operating system. But that's the topic for another column.

Cheers,

Randy Stross

February 15th, 2005

Denis de Bernardy @ 2:09 pm

http://www.k-otik.com
http://www.exploitwatch.org

Looks like CheckPoint and Unix/Linux make up for most advisories today.

February 27th, 2005

Denis de Bernardy @ 6:36 pm

March 28th, 2005

Denis de Bernardy @ 11:01 am

In the news:
Is Windows more secure than Linux for web serving?

This mentions the same report as the previous comment on Windows Server spanking Red Hat — a month after the fact.