Microsoft has been pushing Gates to the forefront in its recent campaign to show the company is addressing the spam problem head-on. He emailed executives last week outlining the company’s strategy, and he talked more in yesterday’s USA Today.
As we reported a month ago, Microsoft is currently experimenting with computational challenge technology, and is in the process of figuring out ways to introduce it to its lines of email software and services.
Computational challenge is the term Microsoft gives to a method of making sending very large quantities of email uneconomically processor-intensive. The idea is to add a cost to email that affects spammers while remaining fairly unnoticeable to regular email users.
Using such a system, unless a sender is known and white-listed, the mail recipient makes the sender’s computer perform a fairly complex calculation before accepting the mail. As more emails are sent, more processing power is required.
If you’re sending a billion pieces of mail, that’s actually a serious amount of money, because the economics of spam are based on – even though the response rate is so low, it’s still economic because the cost per mail sent is so low, Gates said in the interview.
Gates told the newspaper that the mathematical function would be asymmetric – that it would take the sender three seconds to process the calculation, but the recipient a negligible amount of time to verify the accuracy of the answer.
Gates also talked about adding a direct financial burden to the sender in the form of a monetary guarantee that the email is genuine. A non-white-listed sender would be asked to pay a fee to have his email seen by the end user.
The recipient could choose whether to extract the fee. If it was a friend who just happened not to be on the white list, there would be no need for the payment to be made. A spammer would have to pay the fee, rendering spamming uneconomical.
Gates told USA Today that Microsoft is in the process of implementing that. He concluded that the combination of white list, authentication, computational proof, monetary proof and certain kinds of legislation are needed.
Source: Computerwire