1997-12-13 - Re: hashcash spam prevention & firewalls

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: 6f2d4be57b92e7eebc02c106819ab590a27c5b386139a2baf995e3c686745ca4
Message ID: <3.0.3.32.19971212234515.006a79a0@mail.atl.bellsouth.net>
Reply To: <199712130059.AAA06343@server.eternity.org>
UTC Datetime: 1997-12-13 04:49:46 UTC
Raw Date: Sat, 13 Dec 1997 12:49:46 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Sat, 13 Dec 1997 12:49:46 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: hashcash spam prevention & firewalls
In-Reply-To: <199712130059.AAA06343@server.eternity.org>
Message-ID: <3.0.3.32.19971212234515.006a79a0@mail.atl.bellsouth.net>
MIME-Version: 1.0
Content-Type: text/plain



At 12:59 AM 12/13/97 GMT, Adam Back wrote:
>(Hashcash is a way of proving that the sender has consumed a tunable
>amount of CPU time.  The verification process consumes negligible CPU
>time.  This allows us to require the would be spammer to spend say 20
>seconds per mail, which will slow him down considerably, over his
>current tactics of 1000 long Bcc lists allowing him to hand off
>spamming tasks to mail servers.)

So a remailer, such as Cracker, that might send out an average of 3,000
emails per day would be required to use up 3,000 * 20 secs = 17 hours of
cpu time per day.  Since a portion of these emails are to multiple
recipients, then let's add 1/3 extra hashcash CPU time, or a total of about
22 hours of CPU time per day.

Now since Cracker runs on old, antiquated equipment, easily two or more
years out of date, I think we need to double this figure.  (The Cracker CPU
is actually less than 1/4 of the speed of many up to date desktop
machines.)  So, we would need about 44 hours of CPU time each day.

Of course the Cracker mail system also runs various mail lists for EFGA.
So we will need hashcash for these messages as well.  If I wish to send out
a personal email to each of say 900 nyms, then I will have to generate 900
* 20 seconds, or 5 hours of hashcash time in order to send an individual
message to each nym.  I certainly can setup myself as a privileged user on
the Cracker SMTP port and bypass this requirement, but I'll need the
hashcash for the unknown destination address of final delivery.

Of course, since we might be able to delete the need for hashcash among
people who know each other, we could have Cracker build a database of
people who like to have privacy, and not have to generate the hashcash if
we find you in our files.  ISP's in general could handle the hashcash
generation at the SMTP level by keeping databases of who sends email to
whom.  It is of course far easier to do a single database lookup than to
generate the 20 seconds of hashcash.

I don't know.  I just don't understand the plan fully.  I'll have to think
about it some more.

  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key






Thread