Proof-of-Work” proves not to work; version 0.2

Abstract

Abstract. A frequently proposed method of reducing unsolicited bulk email (“spam”) is for senders to pay for each email they send. Proof-ofwork schemes avoid charging real money by requiring senders to demonstrate that they have expended processing time in solving a cryptographic puzzle. We consider how difficult that puzzle should be so as to be effective in preventing spam. We analyse this both from an economic perspective, “how can we stop it being cost-effective to send spam”, and from a security perspective, “spammers can access insecure end-user machines and will steal processing cycles to solve puzzles”. Both analyses lead to similar values of puzzle difficulty. Unfortunately, real-world data from a large ISP shows that these values would prevent significant numbers of senders of legitimate email continuing their current levels of activity. We conclude that an uncomplicated scheme where every email carries a proof-of-work is not a viable solution to the spam problem.