Comment Re:So what next? (Score 1) 522
Charge a fee. It doesn't have to be money. It could be cycles.
Have the client hash the message append some random characters to the end of the message. Have it change vary the characters until the hash matches some pre-defined pattern before sending. Cheap to verify on the incoming machine (just one hash), arbitrarily expensive on the sending machine.
Beautiful; you can even write the code in Javascript so all humans will notice is a <1s delay when pressing the "submit" button".
But - the spambot can simply bombard you with all the possible suffixes, letting your servers pick the one that is correct (and melting your CPUs while at it).
You'll need to restrict the number of retries for the same message, so they'll have no recourse other than simply tacking some random bits at the end and hoping to hit the jackpot. At this point it becomes a balance act between the amount of CPU the spammer is willing to invest, and the amount of time a valid user is willing to wait.
Whether there is a sweet spot that drives spammers away and keeps users in depends on the relative cost of CPU for users and spammers. Now, even if spammers steal their CPU from zombies, it isn't "free" - they may move on to a site that cheaper to hack. But it is still pretty cheap...
It would be very interesting to see some site trying it in practice.