A frequently proposed method of reducing unsolicited bulk email (“spam”) is for senders to pay for each email they send. Proof-ofwork schemes avoid charging real money by requiring senders to demonstrate that they have expended processing time in solving a cryptographic puzzle. We attempt to determine how difficult that puzzle should be so as to be effective in preventing spam. We analyse this both from an economic perspective, “how can we stop it being cost-effective to send spam”, and from a security perspective, “spammers can access insecure end-user machines and will steal processing cycles to solve puzzles”. Both analyses lead to similar values of puzzle difficulty. Unfortunately, realworld data from a large ISP shows that these difficulty levels would mean that significant numbers of senders of legitimate email would be unable to continue their current levels of activity. We conclude that proof-of-work will not be a solution to the problem of spam.
[1]
Ari Juels,et al.
$evwu Dfw
,
1998
.
[2]
Markus Jakobsson,et al.
Curbing Junk E-Mail via Secure Classification
,
1998,
Financial Cryptography.
[3]
Richard Clayton.
Stopping Spam by Extrusion Detection
,
2004,
CEAS.
[4]
Moni Naor,et al.
Pricing via Processing or Combatting Junk Mail
,
1992,
CRYPTO.
[5]
Rajesh Krishnan,et al.
Mitigating distributed denial of service attacks with dynamic resource pricing
,
2001,
Seventeenth Annual Computer Security Applications Conference.
[6]
Moni Naor,et al.
On Memory-Bound Functions for Fighting Spam
,
2003,
CRYPTO.
[7]
Markus Jakobsson,et al.
Proofs of Work and Bread Pudding Protocols
,
1999,
Communications and Multimedia Security.
[8]
Matthew K. Franklin,et al.
Auditable Metering with Lightweight Security
,
1997,
J. Comput. Secur..