A Trial Balloon to Ban Email?

Roy M.Silvernail roy at rant-central.com
Tue May 13 16:53:32 PDT 2003


On Tuesday 13 May 2003 01:02 pm, Justin wrote:

> The message-id would need to be included.  Lots of people filter
> duplicate messages, and those who don't probably should.  If spammers
> try to replay, their duplicates get dropped.  If they don't reply using
> the same message id, they're forced to regenerate hashcash tokens.
> Using duplicate message ids is an RFC violation, and just using those in
> the hash avoids the complication of mangled message bodies.  It also
> gets rid of idiot MUAs which don't include message ids.
>
> The mess seems to occur when considering how to verify that that
> particular message, with a particular message id, wasn't bcc'd to) to 10
> billion other people.  

Right you are, unless the tokens are centrally cleared.  Dupe message-ids are 
only a violation if you get caught by the same server, so power spamers will 
sort their lists into bombing runs of one address per victim SMTP server and 
only need one token per run.  Doesn't eliminate their work factor, but it 
does reduce it.

> I don't know that including a Date: header in the hash improves the
> situation.

Don't think so. Dates can be duped along with message-ids and they still get 
one trip around the servers on the same token.  I don't see this working 
without some kind of online clearing.  Hey, you DBC guys... how do you 
stiffen up an offline clearing protocol like this?





More information about the cypherpunks-legacy mailing list