message dependent hashcash => no double spend database (Re: hashcash spam prevention & firewalls)

Adam Back aba at dcs.ex.ac.uk
Mon Dec 22 10:19:08 PST 1997




Phelix <phelix at vallnet.com> writes:
> On 17 Dec 1997 02:21:48 -0600, in local.cypherpunks you wrote:
> 
> >.....
> >> The implementation of the plan is a more or less impossible scheme. 
> >
> >Nyet. It can be phased in over time...people install the software, mailing
> >lists warn their users to exempt them, and the big servers start asking for the
> >hashcash, little servers pick it up. 
> >
> >.....
> 
> Yes, but if you just phase it in over time, what benefit, if any, will
> users see until hashcash is fully deployed.  

No spam in their mail boxes :-)

> Until that time, people will still have to accept email without
> hashcash or risk losing important messages.

You could work around this somewhat by configuring the hashcash filter
to put nonces (a random number) in the bounce messages for messages
which arrived without hashcash.

The instructions could read:

	Email to this address requires hashcash postage.  To generate
	your hashcash postage get software from here: <URL>

	Alternatively simply reply to this message putting this number
	in the subject field: 12347651324

The danger is that the spammer could abuse this by automating the
reply to these bounce messages.  However spammers typically don't like
to include a valid reply address, so this at least makes spammers
include an address where they can be replied to.

> We need to find some way for users to benefit from hashcash now, not 2
> years from now when 90% of sites are using it.  The only thing I can think
> of is having servers place "Hashcash-verified" headers on incoming mail so
> that users can do positive filtering ("this is valid email") rather than
> negative filtering ("this is spam").
> 
> I don't see people adopting hashcash unless there is some intermediate
> benefit to doing so.

An easily observable tag in the subject field such as: [SPAM?] meaning
no hashcash or [NEW] meaning you had never received messages from this
address before could be useful perhaps.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`







More information about the cypherpunks-legacy mailing list