what fields to hash with hashcash (Re: A Trial Balloon to Ban Email?)
Eric S. Johansson
esj at harvee.org
Fri May 16 15:08:09 PDT 2003
R. A. Hettinga propagated:
> --- begin forwarded text
>
>
> Date: Wed, 14 May 2003 16:34:23 +0100
> From: Adam Back <adam at cypherspace.org>
> To: cypherpunks at einstein.ssz.com
> Cc: Adam Back <adam at cypherspace.org>
> Subject: Re: what fields to hash with hashcash (Re: A Trial Balloon to
> Ban Email?)
> Sender: owner-cypherpunks at lne.com
>
>>Worse, even if there were a reliable mechanism, all it takes is one
>>loose cannon with an open mass-mail list and as long as it doesn't
>>delete whatever header (maybe delivered-to:, maybe something else) that
>>indicates the list was an envelope to: address, one hashcash token works
>>for one email to the entire list.
actually, no it doesn't. The real, working code has a configuration file which
contains a list of all known addresses associated with the account. That list
of addresses is necessary because of people having virtual domain based
addresses collecting all at 1 mailbox.
The code uses that list of valid addresses in the stamp validation process.
> I take it this comment is about mailing lists? Mailing lists have to
> be treated separately. The sender probably can't afford to create a
> token for each recipient. (Also he doesn't know the recipient's
> addresses). Mailing lists deal with spam with filtered versions of
> lists.
mailing lists are your "friend". While I don't have the code in there yet, I
expect I will need to pay attention to the -request form of addresses and white
list both the -request form and the plain form for a while. Ideally, the
mailing lists would sign each message with its own private key and use the white
list by public key filtering method client side.
while I know this is the cypherpunks list, but if you ever get tired of debating
this to death and would like to write some real code, let me know. ;-)
---eric
More information about the cypherpunks-legacy
mailing list