some hashcash advocacy

Adam Back aba at
Sat Aug 9 09:28:26 PDT 1997

Kent Crispin <kent at> writes:
> On Fri, Aug 08, 1997 at 10:45:29PM +0100, Adam Back wrote:
> [...]
> > I wasn't talking about remailers above, but about end users.  Hashcash
> > allows the recipient to filter out email that hasn't got postage.
> Ie, hashcash is a fancy techie oriented self-labelling technique.  :-)

Yes, if you like.  If techie people can make themselves pretty much
immune to spam, perhaps the non-techies will get interested to use our
solution.  Make it easy enough to install at ISP level, and interim
migration paths for people without it so it still interoperates, and
you might get somewhere.

All depending on how spammers and hashcash interact when they bump
into it as a major block on their ability to spam.  They'll obviously
try their damnest to work around it.  But I think that the
inconvenience and cost to them, as hardly anyone ever replies to their
mail (costs are only for first email that isn't replied to), is a much
better spam preventer than the current status quo, which has
practically no protection other than manual blocking lists which
hardly anyone has software installed for, or for complaints to
ISPs... but then the spammers use forged email addresses, and there
are a few ISPs who apparently (from discussion here) are willing to
knowingly sell spammers bandwidth.  Someone's going to do it.

> I didn't read the code, but it seems that the double spending
> protection is just local to the recipient (ie, there isn't a trusted
> central clearinghouse that checks against double spending on a global
> basis).  

It's supposed to be 100% decentralised -- the network strain on any
kind of centralised clearling house for postage for _all_ email would
be Terrabits/second.

OK, so you might be able to split it up a bit, and have multiple
banks, and inter-bank clearing, and various trade-offs, but it's still
a major engineering effort with large bandwidth overheads.

> Thus, a spammer could calculate postage for a message, then
> send 100000 copies.  Hashcash would guarantee that each user only got
> one copy, but there are easier ways to do that.  

You missed one aspect of the design.  What the collision is calculated
on is the recipients email address.  If the collision is on someone
elses email address, you reject it out of hand.  So the hashcash
postage token is specificly minted by the sender and made out in the
email address of the individual that you are trying to send email to.
It is useless for sending email to anyone else.  You can never spend
it twice on the same person, and sending it to anyone else it will
have zero value.  

Also it includes in the hash collision an expiry date when you
generate it, but this is not significant to the email spam control
aspect, but is just there to ensure that the users double spend
database doesn't grow -- you discard expired double spend entries --
as you wouldn't accept them anyway -- because they are out of date.

> [If the checking was done at an ISP level, of course, only one
> message would get through.  But that requires widespread deployment
> at the ISP level, not the individual user level, and checking at the
> ISP level requires that the ISP keep a database of users mail
> preferences.]

ISP level checking is nice because you can get away with out changing
email clients.  The short term solution of sending nonces will help
provide a reasonable solution for those with out new clients.

> > You could auto-add anyone you ever manually replied to to the
> > no-postage list even.
> I would rather pursue a "tit-for-tat" strategy for email, but
> unfortunately tit-for-tat requires stable identities... 

tit-for-tat would be reasonable also.

Stable identities already have advantages... you can block remailers

Stable identities could include signed documents.

[btw: Kent: I tried out your .midi file under win95, all I had to do
was double click on it.  Almost melodic in an weird modern sort of
way.  Most cool anyway :-]

Have *you* exported RSA today? -->

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>

More information about the cypherpunks-legacy mailing list