At 11:48 PM 12/13/97 GMT, Adam Back wrote:
However, generally I have been assuming that it's easier to have a double spend database, and to make the hashcash depend only on the resource name for the kinds of problems you raise, and because it is cheaper to verify hashcash on shorter strings. By resource name I mean whatever it is that is being used. For an email address it is the email address, for a remailer it is the remailers address. Could be generalised for other purposes, for example free use of web based resources or even telnet based TCP/IP protocols in general.
As a technological fix for spam, destination address hashcash seems to be lacking. All this does is raise the wall of entry into becoming a spamhause from one PC to say, ten. It is not much more difficult to sell a CD-ROM with one million email addresses & hashcash. A 20 second hashcash expenditure on one million email addresses will take about 231 CPU days, or about three weeks if you use ten machines. Sell 500 copies of the CD-ROM for $500, and you net $250K, easily enough profit to purchase the $20K of machines or even to rent them for one month. After six months, you will have around eight million pieces of hashcash from the computational power of only ten machines. This says nothing of the profits from actually sending spam. The implementation of the plan is a more or less impossible scheme. Many people like myself exist who do not care from spam, but wish to receive email from anyone who legitimately sends it. I can only see a hashcash anti-spam plan working when you have a closed list of people who generally know each other. While the mail gateway I use could easily be converted to a hashcash enabled gateway, I have no interest in refusing email from those who do not have hashcash gateways. To be an anti-spam measure for ISPs, hashcash would have to be based on the destination email address, the text of the message in some fashion, and possibly on other factors such as a timestamp or a from address. Hashcash tied to a from address as well as the destination would do a lot for spam filters. Using all or a portion of the message body, say every 23 characters in a round robin fashion until 50 sample body message characters had been collected would make hashcash non reusable and not sellable. Any ISP hashcash plan still does not take into account the effect of services like hotmail, rocketmail, and the like who will need to generate hashcash for the destination address because they exist to shield the destination address from the sender. Changes to the "Don't charge postage" database will be awkward. There are some serious privacy problems with warehousing with your ISP a list of your other email addresses, or the addresses of your postage free friends. -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key