Justin wrote:
Well there are different things you could hash. This simplest is just to hash the recipient address and the current time (to a day resolution).
The recipient looks at the token and knows it is addressed to him because it's his address. He stores it in his double spend database and won't accept the same token twice.
This is just broken.
How do you know what address the sender was sending to? You have no reliable access to envelope to: addresses.
Why do you care about that? All you care about is that the intended recipient on the mail you actually see is an address you are willing to read mail for. If there is no to: field, or if the "to:" is an address you don't think is yours, just drop the mail. Plenty of places already filter out incoming mail with no "to:" anyway. As others have pointed out, if a mechanism like this is meant to give a clue to your filters (or SpamAssassin, or whatever) that something is likely not spam: then it does not need to be of any value to the recipient. All the hash need do is indictate that the originator has thought about the recipient for long enough to make the hash. You don't really need to store the hash for any longer than a day or two (so only one spammer can use one hash), and you can't respend it because it is only good for sending messages to you. So if this was implemented we get incentive to design a new kind of hashing algorithm, one designed to be difficult to run, because all it is needed for is to prove that someone bothered enough to spend the time. Also it needs to map one plaintext to many valid hashes of course as others said thats easier when you include the "from:" in the hash or allow some arbitrary field. I still don't think it's going to happen though