Can't see how thats going to work. Surely some software got to be installed on the spammers pc in the first place???

Anyway I got spammed 100 times by 3com support yesterday saying they haven't recieved the rma back.

Daft becuase it's the holiday period and even more daft I only need telling once that it's not arrived. Dafter still cos it pisses me off.

well, they'll need to create a new email standard using that features, and make it substitute the SMTP on all the ISPs. It'll be only possible if they work together with the other big players in the servers market.
Personally I think it to be a good idea, as soon as it's implemented by a non-proffit organization (W3C perhaps). At least for me, having spam filters doesn't make me save much time, I still need to check if what it thought was Spam, really is.

somehow I doubt that it will get adopted.......

and I also seriously doubt that it will STOP spamers

now if they stopped the patch/virus announcements hitting my mailbox i get 15 a week still

oops, just read the next one

Well, if all destination SMTP servers forced a client to perform a realitively expensive crypto puzzle (1/2 sec) for each email recepient they want to send through it, I can see it working well.

One possible problem that could be used is the RSA problem. The server could randomly choose some data, and encrypt it with 2048bit RSA. Then it can ask the client to decrypt the data, which would take seconds on most fast processors. The client returns the decrypted results, and the server checks them against the original. This operation requires MUCH more work on the client side because the decryption exponent would be 2048bits, while the encrpytion exponent is a low prime number, like 63. (which is 6 or so bits long) Microsoft will likely choose a different problem though, as RSA easily fits into CPU caches and does not hit the memory bus hard.

For this to work though:

1) Clients will need to have a full SMTP/DNS client installed, they will not be able to use their ISP's SMTP server unless the receipient was on the ISP. This is because the traditional forwarding used in SMTP won't work when each SMTP server on the path expects the client to waste CPU time for it. I don't really mind this. Another possiblity is that there will be a trust network with certificates that says what SMTP servers will be allowed to send messages to other SMTP servers without incurring a crypto puzzle.

2) At first, the crypto puzzle will not be a required part of the standards. Therefore, messages that undergo the crypto puzzle would be marked somehow, and the user could decide what to do with unmarked messages.

Anyway, I think microsoft may be onto something. If nothing else, it could make spamming too expensive for most people to partake in. The extra processing time and energy required to deliver 10000's of messages may be just enough to make spam unprofitable.

Note: all this is said after my disgust in receiving the 5th pron spam email advertising the same fkn free pron site today. (and I have 2-3 dozen more over the last week that I have deleted already)

Edit: make that the 9th pron spam email :/ *I wonder wtf is going on*

and I see that this can be another "this will only irritate the legal non spamming user since the spammers are using a hacked smtpserver/client"™

Done properly, the receiver's SMTP server will at some point require a crypto puzzle to be solved from the sender.

If a certificate athority is set up, and when a message reaches a server with certificate, it will force the sender into a crypto puzzle. Once the crypto puzzle has been solved by the client and verified by the server, the server will sign the message with its certificate. From here, the message can be forward to the client with no further checks. When the client retreives the message, the mail client and verify the signature. Messages with a fake signature or with no signature can be marked so the user can do whatever he/she wants with them. Of course, how such a certificate authority is setup and run is an very important question, but with microsoft running the show, I am not sure I want the answer.

If there is no certificate athority, then senders will have to contact the receivers SMTP server directly (using DNS MX records) and solve a crypto puzzle there to prove that the message has been "paid for". This is probably not a terrible thing, but mail clients are ussually not sophisticated enough to handle their own mail forwarding.

Problem is a lot of proper users are going to get pissed off by being asked to do the puzzle while the spammers will bypass this either by hacking or whatever.
A better way would be to fine companies that pass your details on heavily. Also it would help if companies etc removed your email address from thier websites.
No doubt thats why I get tons of spam to my work address becuase it no doubt on their website.

The user doesn't need to do the crypto puzzle as such, the mail client does. Since most mail clients send/receive mail in the background, that shouldn't be a big problem. I know of no-one that would get very upset if their email took another 5 seconds to send. I would be very happy to sacrifice a few seconds of CPU time to get rid of most/all of the spam I get. I would consider it a very cheap price to reduce the evil of spam.

Fining companies/people who distribute your email address acheives nothing. It will not stop the spammers adding your email address to their lists the moment they find it. It won't stop spammers from flooding my email box with spam. At the end of the day, the only people can I winning out of this is the lawyers.

I am very sceptical about microsoft being able to pull this off correctly and without costing everyone an arm and a leg. However the theory seems correct.

If companies got fined large amounts they would stop it believe me. Companies like profits that why they sell your details on.

Well too be honest I don't want my client pissing around when it should be downloading. Again it isn't going to deter the spammer either is it. Just delay the end user.
The only spam I get at my own personal account is from companies that have my details passed on by insurance companies giving me quotes even though I told them not too. Again fines would stop this.
At work I get tons of porn spam no doubt from the email being trawled off our website.

Well, maybe in your case, fines may help. But then again, they may not either. Once a spammer gets your email address, its pretty much over. You will get spam till the day you put the email address in the bin.

However, the "fines" you talk about isn't going to stop these pornograhic spams I have so far gotten 10 today of. The measures microsoft are persuing may though.

If it costs the spammer 10 seconds of processing time to send a single message, then they are limited to about 8000 messages a day outbound on a single machine. For a comparison, my pitiful 64kb upload could send more then 100000 email messages a day unrestricted. Higher upload accounts can send an increadibly large amount of spam. On my pitiful connection, given the above restriction, I would be forced to run more then 10 fast machines at full pelt to send 100000 spams a day. 10 machines chewing in excess of 100W (because the high end CPU has to run at full pelt 24/7) is a nontrival cost, and one that most useless, illegal spam will never pay for.

I am not going to say that this method will stop all spam, because somewhat stupid statement that completely ignores security history and practice, but it should help a great deal.

But you still got to force them to use the software. Okay you can do it centrally but then you're hitting everyone else. Another factor since computers are now cheap you just setup more base units and leave them running.