1997-12-19 - Re: hashcash spam prevention & firewalls

Header Data

From: Bill Stewart <bill.stewart@pobox.com>
To: “Uhh…this is Joe [Randall Farmer]” <pooh@efga.org>
Message Hash: d75119bec3fadfedf537afe3e59155e22717df683a8c1ecf40f5f311137a8972
Message ID: <3.0.3.32.19971218120500.00707254@popd.ix.netcom.com>
Reply To: <3.0.3.32.19971213161023.03889c90@mail.atl.bellsouth.net>
UTC Datetime: 1997-12-19 06:44:58 UTC
Raw Date: Fri, 19 Dec 1997 14:44:58 +0800

Raw message

From: Bill Stewart <bill.stewart@pobox.com>
Date: Fri, 19 Dec 1997 14:44:58 +0800
To: "Uhh...this is Joe [Randall Farmer]" <pooh@efga.org>
Subject: Re: hashcash spam prevention & firewalls
In-Reply-To: <3.0.3.32.19971213161023.03889c90@mail.atl.bellsouth.net>
Message-ID: <3.0.3.32.19971218120500.00707254@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> > So, we would need about 44 hours of CPU time each day.
>> >Well, have a system of certified remailers trusted to force their 
>> >users to burn up time at the sending end, so the ultimate recipient
>> >accepts their messages w/o postage. One certified remailer accepts
>> >messages from others without any postage, so only the original
>> >sender has to use up CPU time. 
>...
>> Since we need hashcash now to LEAVE a remailer, not to enter one,
>> where does this hashcash come from?  A busy remailer could not
>> generate it's own hashcash for the destination non-remailer ISPs. 
>
>This is exactly what I was addressing: remailers only have to get themselves
>certified as remailers and then prove their certification to the destination

You're both taking the wrong approach - make the originator of the message
generate the hashcash, and make sure the remailer syntax lets them paste it in
as needed.  For chained remailers, generate multiple layers of hashcash.
Maintaining whitelists is a losing game, but unnecessary here.

Mailing lists are still hard, and perhaps best handled by the user's software
(or some fancy variant like user-selectable filters at the ISP mailbox.)
It's hard to tell a real mailing list from a spammer's mailing list,
and both of them do mail explosion and send their mail to names not 
listed in the To: line, so it's hard to do a technical fix.
There are scads of attacks against any fix, like having 
disposable_user@juno.com join the mailing list for a while and them spam it.
But remailers are easy.
				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639






Thread