[Cryptography] Good private email

Jerry Leichter leichter at lrw.com
Mon Aug 26 15:23:20 EDT 2013


On Aug 26, 2013, at 2:54 PM, Ray Dillinger <bear at sonic.net> wrote:

> On 08/26/2013 10:39 AM, Jerry Leichter wrote:
>> On Aug 26, 2013, at 1:16 PM, Ray Dillinger <bear at sonic.net> wrote:
> 
>>> Even a tiny one-percent-of-a-penny payment
>>> that is negligible between established correspondents or even on most email
>>> lists would break a spammer.
> 
>> This (and variants, like a direct proof-of-work requirement) has been proposed
>> time and again in the past.  It's never worked, and it can't work, because the
>> spammers don't use their own identities or infrastructure - they use botnets.
>> They don't care what it costs (in work or dollars or Bitcoins) to send their
>> message, because they aren't going to pay it - the machine they've taken over
>> is going to pay.
> 
> Possible, but Doubtful.  The bitcoin "wallet" is extraordinarily secure
> as software goes....
You're arguing about the security of the wrong component.  The user runs some program that can send mail.  *You* have required that it have the ability to access the user's Bitcoin wallet.  At best, if everything about the wallet is implemented correctly, that just means the spammer has to slip-stream in a bunch of messages along with messages the user is already sending - while the sending is being done, there's a window during with the wallet has to be open, and you can't restrict it *too* much or the interface becomes annoying (how many times do you want to type your passphrase while sending a bunch of replies to different recipients in different domains?).

Keep in mind that individual spammer bot's don't have to send a very high volume of mail; in fact, they don't *want* to as that trips too many alarms in too many places.  They want to look like the person whose machine they have control of - and they want that machine to look the same as it always has to the user. The line between me sending n messages a day, and me sending (say) 3n messages a day, over many "me" instances, is enough to keep the spam masters going - but without a really intrusive interface it's hard to see how you're going to stop that.  If you manage such an interface, the spammers will adjust (as they have many time before) and maybe go after high-volume mailers - who will have to have a high-threshold interface from their mail agent to their Bitcoin wallets, and cannot rely on a user regularly typing a passphrase.

Somewhere or another on the net, there's a document that's intended to be sent in response to someone with a brilliant idea for finally ending spam - showing how what they thought of has not only be thought of before, but was actually tried and didn't work.  I can't seem to find it again, but the last time I read it, I found it quite convincing.  There's no one golden solution to the spam problem; there's just the ongoing, boring, back and forth of attack and defense.  (Actually, relative to a number of years back, spam doesn't seem to be all that bad - see Perry's and my messages on a parallel thread about our own experiences.)  (And if you find a contradiction between my claim that we should be able to build a provably secure system, and this claim that there's no final solution to spam:  The difference between the problems is that "spam or ham" is ultimately a *human* decision which we're trying to model.  Some spam these days is sophisticated enough that even humans aren't sure!  That's by its nature a problem that will never have a completely automated solution - well, maybe not until we can through close-to-human-level AI at it.)

                                                        -- Jerry



More information about the cryptography mailing list