Randall Farmer masquerading as Joe <rfarmer@HiWAAY.net> writes:
What's the difference between this and simply keeping track of how many messages each user sends in a 24 hour period and blocking people who are obviously spamming?
Spammers don't have to appear to be the same person every time, nor do their messages have to be identical or even similar, so blocking of that kind can be worked around fairly easily -- at least more easily than hashcash.
I think Phelix was probably viewing it from the point of view if "what if all ISPs turned off non subscriber mail forwarding at their SMTP hubs"? Well that would work clearly enough. However I think there are a number of technical problems to acheiving this. Firstly SMTP does not include authentication. Secondly doing so reduces flexibility and many users use multiple ISPs, forward their mail to various places, etc., and this kind of stuff gets in the way. Really we I think should be discouraging the control freak "positive identification to use this port" syndrome such as the ident fuck up, (Ident is a dumb method of identifying who is on the other end of a socket on a unix box. It opens up a socket to the ident port on the originating machine, and asks who is on socket x port y? The machine can determine this from local OS tables, and sends the info back. This works if the user does not have root on the machine. Fortunately this snoopy bastardised protocol is not doing so well these days because there are more and more people who have root on their own machines, and because there are so many windows machines which don't know what a protected port number is. This is good because Ident sucks.) and moving instead towards, "who cares you are so long as you can't overload my machine". Moving longer term towards "who cares who you are so long as I profit from your connecting to this port" aka charge for port access with payer and payee anonymous ecash. Then everyone is welcome to use anywhere as a mail forwarding service -- spam becomes welcomed, and encouraged, too much custom and too low bandwidth discouraging customers, the ISP will use the profits to purchase a few more T3s. Hashcash is the interim solution. In the interim it is a fact of life that there are many many open SMTP forwarding hubs. The lack of software to configure them otherwise, and inertia will ensure things remaing this way for some time. Hashcash cuts out spam to your site (if you are an ISP), or to your mailbox (if you are a user) even in an environment of an almost unlimited supply of open SMTP hubs, and disposable ISP accounts, because it puts the onus on the sender to consume more resources than you. Authenticated the hell out of your ISP's SMTP as a forwarding hub won't prevent your users getting spammed to death, nor will it reduce the overall spam problem much because the spammers will just use one of the other open SMTP servers. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`