On Tuesday 13 May 2003 01:02 pm, Justin wrote:
The message-id would need to be included. Lots of people filter duplicate messages, and those who don't probably should. If spammers try to replay, their duplicates get dropped. If they don't reply using the same message id, they're forced to regenerate hashcash tokens. Using duplicate message ids is an RFC violation, and just using those in the hash avoids the complication of mangled message bodies. It also gets rid of idiot MUAs which don't include message ids.
The mess seems to occur when considering how to verify that that particular message, with a particular message id, wasn't bcc'd to) to 10 billion other people.
Right you are, unless the tokens are centrally cleared. Dupe message-ids are only a violation if you get caught by the same server, so power spamers will sort their lists into bombing runs of one address per victim SMTP server and only need one token per run. Doesn't eliminate their work factor, but it does reduce it.
I don't know that including a Date: header in the hash improves the situation.
Don't think so. Dates can be duped along with message-ids and they still get one trip around the servers on the same token. I don't see this working without some kind of online clearing. Hey, you DBC guys... how do you stiffen up an offline clearing protocol like this?