At 09:19 PM 4/21/2002 -0400, Jim Paris wrote: >... > > So let's > > say it's closer to 8 billion pieces of spam per day. >... > > we are still looking at > > somewhere between 30,000 and 100,000 additional machines necessary for > > spammers to be able to deliver their wares. > >Total. For 8 billion pieces of spam. That's nothing. > >You said it yourself -- at 3 seconds per hashcode, a single computer >can send 28,800 spams per day. That's a single spammer, with a single >computer. That's still a LOT.
as I wrote on another mailing list about unencumbered spammer traffic... """ In order for the hashcash portion of camram to be effective, it must slowdown spammers (i.e. cost them time and or money). The bigger the slowdown factor, the bigger the impact. So let's start with looking at how fast unencumbered spammers can send messages. A fundamental number is "messages per second" and is calculated using the equation below. Messages per second = pipe speed/(message size*8) Pipe speed is bps message size is bytes For the purposes of this discussion, I've chosen three different speeds and three different message sizes. The speeds are modem (56 K.), typical cable/DSL upload (384k) and T1 (1.54M). The spam message sizes are 1k, 2k, 4k bytes. As I'm writing this message, I'm building a spreadsheet and you are more than welcome to a copy of it to verify these numbers. the first column on the table below is the pipe speed, the second, third, and fourth columns are the messages per second for that pipe with a 1k, 2k, 4k message size respectively. 56000 6.84 3.42 1.71 384000 46.88 23.44 11.72 1540000 187.99 93.99 47 now that we know how fast one can send messages, let's figure out what the performance hit would be if one had to generate a hashcash stamp for every message. the slowdown factor is calculated using the equation below: Slowdown factor = messages per second/stamps per second running the numbers for the messages per second matrix into the spreadsheet yields the following matrix. As in the previous matrix, the first column is the size of the pipe and the second, third, fourth columns are the slowdown factors for message sizes of 1k, 2k, 4k respectively. 56000 20.51 10.25 5.13 384000 140.63 70.31 35.16 1540000 563.96 281.98 140.99 The matrix shows that the worst-case slowdown is the larger message on a slow pipe. The spammer can't send very many messages very fast and therefore hashcash created slowdowns do not have much of an effect. However, on fast pipes and medium sized messages, slowdown factor is quite significant. """ so, in contrast to 28,800 possible messages in the day, an unencumbered spammer could deliver between 147744 and 4060800 pieces of spam. yes, 28,000 messages is a lot but it's one helluva lot less than 150,000. At worst, it means the spammer will now need to run four or five machines to do the work of 1. For higher volume spammer's, it means they will need to deploy between 35 and 140 machines where before they once had one. There are other models of service bureaus for postage stamps that gets into a whole other set of modeling. Hopefully, now you understand why I'm trying to get a handle on the size of the problem. If you can characterize the problem, you can determine how effect of certain measures will be. For example, I really love spamassassin as a filter. However, it does have some shortcomings and I still need to manually handle about five to 10 pieces of spam a day as well as filter through the trapped mail list for anything that might be important. The combination of an antispam filter and proof of work postage would provide an almost unstoppable barrier to spam yet at the same time, allow legitimate e-mail through. We would be hitting the spammers from two different directions and creating significant evolutionary pressures that would give them significant pause. my modeling is also trying to go after worst-case scenarios i.e. everyone has a Pentium IV/1.9 gigahertz and can stay on line for unlimited amounts of time. The reality is that most small-scale spammers are probably still sitting in the Pentium II/Pentium III class of system and are more likely to be calculating coins at a rate of one every 10 seconds. If this assumption is correct, then the numbers look even better. One other nice thing about camram/hashcash is that it provides a nice barrier to transport. If the mail message does not have a digitally signed message or a postage stamp, it can be held up for delivery as long as the administrator wants to. granted this is not practical during early phase of the adoption process but it is something that would be possible. Anyway, this is becoming way off topic for the Spamassassin mailing list. I do appreciate the feedback I get and at worst, I will only disagree with it politely. ---eric _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
