Email Hurdle

I get too much spam. Perhaps if sending spam were more difficult, I would get less of it.

principles of the ideal email hurdle

the hurdle makes it impossible for anyone to send millions of emails per day.
invisible to end users -- sending a few emails per day is no more difficult than it used to be.
Strangers pay, friends fly free. (Eric S. Johansson, Keith Dawson)
Anyone you send mail to is your friend. (Eric S. Johansson, Keith Dawson)
An anti-spam system's operation should be transparent to the user. (Eric S. Johansson, Keith Dawson)
can be implemented piecemeal -- doesn't require everyone to upgrade to new email software simultaneously
decentralized -- "must not rely on a central resource that could be subjected to a denial of service (DoS) attack." (Eric S. Johansson, Keith Dawson)

Any other requirements/wishes I'm missing? I think we need one dealing with opt-in mailing lists.

implementations of email hurdle

Hashcash http://www.hashcash.org/ computes a partial hash collision unique to each outgoing message. It only takes a few seconds per email message for your computer to calculate the hash collision - but spammers depend on being able to send millions of messages a day per machine, so it destroys the economics of spam for them. http://www.cypherspace.org/~adam/hashcash/
Camram: http://www.camram.org/, http://camram.sf.net/. Yes, we have a lot of work to do. (Uses Hashcash)
TMDA (Tagged Message Delivery Agent) requires senders to do a little extra work (respond to a challenge) the first time they send spam before the receiver ever sees it: http://www.tmda.net/ . However, "Challenge-Response Anti-Spam Systems Considered Harmful" http://linuxmafia.com/faq/Mail/challenge-response.html claims that challenge-response systems are inherently flawed.
Microsoft's Penny Black project http://www.research.microsoft.com/research/sv/PennyBlack/ - though they are not the only party working on this idea. (http://www.hashcash.org/)
digitally sign the message using the recipient's public key and/or the sender's private key. GNU Privacy Guard "digital signature" http://gnupg.org/
challenge-response systems (ChallengeResponse?) -- see http://en.wikipedia.org/wiki/Stopping_e-mail_abuse , "Proper principles for Challenge/Response anti-spam systems" by Brad Templeton http://templetons.com/brad/spam/challengeresponse.html
the Teergrubing FAQ http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html suggests modifying the MTA so that it slows down when talking to a suspected spammer, taking an hour to send a single message.

It seems that these can be classified as:

"make-work", forcing the sender (or his computer) to do a little extra work that doesn't have any direct benefit, other than keeping out the riff-raff.
cryptographic authentication or challenge-response authentication, so that (fraudulent) email with forged "from" lines can be automatically disposed of. (See SpamSolutions under "Require Certification" )
"Require Small Fee On Emails", forcing the sender to pay money to directly benefit the receiver -- see SpamSolutions.

Are there any other possibilities?

Rather than pay me directly with money, or do some time-wasting calculation, would it be possible to force senders to donate 30 seconds or a minute of computer time to my favorite DistributedComputing project? (What happened to http://intel.com/cure/ ? Was it the same as http://www.chem.ox.ac.uk/curecancer.html ?) Such as http://distributed.net/ or http://setiathome.ssl.berkeley.edu/ or http://biology.polytechnique.fr/proteinsathome/ or http://www.hyper.net/dc-howto.html or http://fahwiki.net/ or http://worldcommunitygrid.org/ or some other http://en.wikipedia.org/wiki/List_of_distributed_computing_projects .

Please tell me about other methods, especially ones that don't fit into the above categories.

[DeletedUnlessDefended

How about a system like ParasiticComputing(which would be similar to the distributed computing comment), but more generalized?

I don't see how this is relevant.

I didn't make the suggestion, but ParasiticComputing is a form of distributed computing, so this makes sense as a direct followup to the other suggestion. ParasiticComputing doesn't require download of a specialized client program, so saying it is "more generalized" makes sense. On the other hand, ParasiticComputing is not currently reasonably practical, so it doesn't seem to help to suggest it without also suggesting a means of making it more practical.

]

"you need barriers to participation. ... ease of use is wrong." -- Clay Shirky http://www.shirky.com/writings/group_enemy.html

You're right, Shirky's principle not only applies, it applies in precisely the same way as the sense he made it.

I have an address that I freely publish on the web and usenet, but my MX will divert it straight to /dev/null unless you include the correct passphrase in the subject line. (the passphrase is "don't buy this".) Is this an example of an EmailHurdle ?

Contributors: DavidCary