What would be very helpful is for all SMTP relays to eventually adopt one of the (open and free) protocols on top of SMTP that requires the sending host of each SMTP relay to perform a non-trivial computation, like the computationally intensive "Hashcash" (http://www.hashcash.org/) for each recipient of the email such that the resulting signature is trivial for the receiving host to verify. The presence and validity of this result (hash) says to the receiver that the sender really valued the email enough to spend time on it.

Like other methods, this method is not perfect. There are two obvious limitations:

1. Spammers who use botnets have lots of computing power available.

2. The method has to be widely adopted before it has a big effect.

These limitations are not fatal:

1. Each computer in the botnet will be slowed down a lot in sending spam: this slow-down might even be noticed by the legal owner of the computer (who might then fix it).

2. Use of the method by SMTP relay hosts and clients can be phased in gradually. Email need not be rejected if it doesn't have the proper signature, but it can be categorized as suspicious, and SMTP relays can lower its forwarding priority compared to properly signed mail. (SMTP relays can also add signatures for their trusted users.)


Notes:

1. Signature methods such as Hashcash are not authentication or identification methods: they are like having to buy a stamp (but the cost is computational, rather than monetary).

2. Signatures such as Hashcash can be ignored by any client and pass through any relay that hasn't been upgraded. The only consequence is that it behaves as it does now.

3. Signature methods such as Hashcash apply to each individual instance of email AND recipient, whereas methods such as SPF applies to an entire domain. (And thus doesn't help against bots.)

4. Signature methods such as Hashcash can coexist with other methods, such as SPF and DomainKeys. (DomainKeys is primarily an identification and tracking method, which "cryptographically proves that the mail did in fact originate at the purported domain, and has not been tampered with in transit".)

5. The fact that a signature method such as Hashcash is free and open would encourage its use by everyone.

P.S. I don't know of any other implemented methods equivalent to Hashcash, but there are many computationally hard problems out there that might serve.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/404/33668#33668