Peeking ‘Round the Corner:  Does the Future Hold a Puzzling Solution to Email SPAM?


Greetings, NSDCAR Members!


While remaining ever vigilant for the “Lion Coming Over the Hill”, I often notice some seemingly benign but impactful critters among the herd.  One of these is an anti-spam technology initiative currently in the research and development phases, under the auspices of the large ISP companies such as Microsoft, AOL, Yahoo, and Earthlink.  Microsoft terms this the “Penny Black Project”, after the 1830 reform of the British postal system, which shifted responsibility for mail delivery to the sender, and introduced the “Penny Black” postage stamp.


The present research is examining methodologies for levying a toll on email senders, not in monetary exchange but rather in CPU (central processing unit) cycles, which, of course, have a cost attached.  Methods being explored include “puzzling”, Turing tests,  “ticketing” schemes, and memory-cycle loading.


Currently, senders of UCE (Unsolicited Commercial Email), commonly known as “spam”, can purchase fairly sophisticated hardware and software which allows them to flood the Internet with literally billions of email messages per day, resulting in an unfair cost to the recipient of this garbage, whose CPU must churn through the thousands of daily transmissions and deliver the unwanted messages along with legitimate business email.  The Penny Black Project is exploring ways to shift these costs to the sender, and to limit the ability of any single email server to generate nearly limitless amounts of outbound email.


One solution, which looks promising, is a “puzzle solving” program that would require that every outbound email contain a little piece of software containing the solution to a puzzle, which permits the email to reach its destination.  Just solving the puzzle for each email increases the amount of computer power required to send each item, thus reducing the number of outbound emails in a given time frame.  This also puts the burden of computing effort on the sending machine, rather than the recipient, and would require “spammers” to invest hugely in sophisticated server technologies, in order to sustain their marketing efforts.  With their servers limited to sending only 360 emails per hour, as opposed to the 100,000 per hour possible with a fairly inexpensive system today, the practice of pursuing the “numbers racket” of bulk email solicitation would be seriously impacted.


For business entities sending reasonable quantities of email on a daily basis, the added processing requirements would produce no appreciable load on existing email servers, other than the necessary background processing of the puzzle solutions, which produces a slight delay in outbound mail.


These methods, all of which incur some cost to all email users, do a fairly good job of shifting the majority of cost of email transmission to the sender, as in the “snail mail” postal system used for letters today.  They also do a good job of changing the face of Internet marketing as we know it presently, and portend a great deal of change to present business models, including real estate sales.


Prospecting by email will soon have a calculable cost associated with it, and this cost will trigger other sequelae down the road… the IRS requirements for reportable business expenses come to mind, as well as things like operating expense for our ISP’s and email hosting companies.  The use of email as a “chat” platform will seriously decline; if every email has an identifiable cost, you won’t see too many one-liners flying ‘round the Internet anymore.  Those who currently would reply to an email with the word “Thanks” as the only content will certainly be forced to think twice about such frivolous use of the system.  This, in my opinion, is a good thing.


Forcing a shift to IM (Instant Messaging) or IRC (Internet Relay Chat) technologies for Internet  “conversation” would be another side effect of these initiatives.  From a network security perspective, this could be a negative, but IM technologies have been steadily improving since gaining acceptance in the corporate network environment over the past few years, and there are now many such products designed specifically for corporate use and containing the necessary logging, monitoring, and security features to protect against misuse.


In summation, the moldiest of cheese is moving once again, and it’s time.  It won’t be comfortable, at first, and will impact everyone who communicates via email.  With Bill Gates calling for the elimination of the “spam” problem by 2006, and with brilliant minds from MIT, Stanford, and Silicon Valley all bending to the task of accomplishing that goal, we can rest assured that change is still the only constant, and that relief from the burden of Inbox clutter and unwanted, vulgar, or downright criminal activity being supported by our hard-earned infrastructure is just ‘round the bend.


I will post further updates on the coming landmarks of this issue, as the information becomes available.  For those with a taste for the technical, check out the links below for more detailed information: