R. A. Hettinga propagated:

--- begin forwarded text

Date: Wed, 14 May 2003 16:34:23 +0100 From: Adam Back To: cypherpunks@einstein.ssz.com Cc: Adam Back Subject: Re: what fields to hash with hashcash (Re: A Trial Balloon to Ban Email?) Sender: owner-cypherpunks@lne.com

...

Worse, even if there were a reliable mechanism, all it takes is one loose cannon with an open mass-mail list and as long as it doesn't delete whatever header (maybe delivered-to:, maybe something else) that indicates the list was an envelope to: address, one hashcash token works for one email to the entire list.

actually, no it doesn't. The real, working code has a configuration file which contains a list of all known addresses associated with the account. That list of addresses is necessary because of people having virtual domain based addresses collecting all at 1 mailbox. The code uses that list of valid addresses in the stamp validation process.

I take it this comment is about mailing lists? Mailing lists have to be treated separately. The sender probably can't afford to create a token for each recipient. (Also he doesn't know the recipient's addresses). Mailing lists deal with spam with filtered versions of lists.

mailing lists are your "friend". While I don't have the code in there yet, I expect I will need to pay attention to the -request form of addresses and white list both the -request form and the plain form for a while. Ideally, the mailing lists would sign each message with its own private key and use the white list by public key filtering method client side. while I know this is the cypherpunks list, but if you ever get tired of debating this to death and would like to write some real code, let me know. ;-) ---eric