At 04:20 PM 11/21/2003 -0800, Hallam-Baker, Phillip wrote:

We need to consider the technical workings of the do-not-spam list and the requirements that we would like the FTC to meet.

... [reasonable goals] ... [hashed-form lists instead of plaintext]...

5) Allow domain name owners to list their domains. 6) Provide for authentication of listing requests

Especially for domains, it's important to do some validation, though in the absence of widely-deployed DNSSEC, it's hard to do automatically. Perhaps 3-way-handshake email to postmaster@example.com or the whois administrative contact address. (This also has the side-effect of requiring people to actually use their postmaster addresses, at least for fifteen minutes or so :-) And while hashing has the obvious risk of dictionary attacks, it'll at least cut back on some of the abuses, especially if the list is dynamic and the spamware vendors who do the dictionary attacks want to charge lots of money for it. Also, the scale's a lot more annoying searching a million obvious names on each of 20 million domains with a hash that takes a second per hit, though Moore's Law will obviously erode the hash time. Obviously spammers will target popular mail systems first. However, there are two special email address forms that complicate this a bit - tagged addresses - username+tag@example.com There are several different syntaxes for this - plusses, dashes, etc., and either you just ignore the problem (let the user register however many tagged addresses they want), or else you special-case the rules so that bulk-emailers who want to send mail to a plus-tagged address also must check the untagged version. - per-user subdomains - anything@username.example.com Technically this is no different than any other per-domain blocking, but administratively it's different, because there's no whois record and there might not be a postmaster address. There's a scalability problem that has to be solved, which is how to prevent a DOS-by-signing-up-too-many-addresses attack. An example would be a Turing test image on a web page (which has the downside of preventing automated signups, as well as annoying blind people), or else requiring a hashcash puzzle that takes ten times as long as the list's hash function.