some hashcash advocacy (was Re: anti-spam law implies laws against remailers?)

[Adam Back <aba@dcs.ex.ac.uk>]

nospam-seesignature@ceddec.com writes:
> On Fri, 8 Aug 1997, Adam Back wrote:
> 
> > [hashcash]
> 
> I think you never answered the fundamental question:
> 
> But to what advantage is it for *ME* to use hashcash?
> 
> Saying that it is neat, patriotic, pious, or any other adjective won't get
> my anonymous mail through any faster unless you can create a cartel of
> remailers that expidite hashcashed mail, or use some type of new remailer
> that others don't have and build hashcash into the distribution. 

I wasn't talking about remailers above, but about end users.  Hashcash
allows the recipient to filter out email that hasn't got postage.

As an interim upgrade path ISPs adopting it could be to bounce
messages with out payments, and include a nonce, and instructions to
resend including the nonce.  Set up the filter so that the second post
gets through.  Spammers often don't have forged reply addresses for
obvious reasons.  

(If spam crept up too badly in-spite of this you could at that point
disable non-hash cash postage and give a URL for a java implementation
where they just go to the web page and their browser will generate
them some hash cash.  Obviously this is inconvenient so I would be
interested to see how the spammers adapted to just the nonce first.
It's much easier to block spammers if they have to include replyable
email addresses.)

You would also have a no-postage list, for mailing lists etc.


If we arrange so that spam won't get through without payment, it
disincentivizes spammers.  If some users go running around asking for
`government to do something about spam', it could be suggested to them
that it would be more effective to ask their ISP to install a hashcash
patched sendmail.

A remailer won't answer the bounce with nonce, so you automatically
won't get remailer traffic without postage -- unless you put remailers
on your no-postage list.

If you're some media celebrity and you get too much email -- just turn
up the squech, increase the postage required rate, and add people you
do want to your no-postage list.

You could auto-add anyone you ever manually replied to to the
no-postage list even.

> You still have the problem that a large organization can buy large
> computers just to do hashcash - look for networkable hashcash generators
> if it becomes popular.

I think the easiest initial way for the spammer to continue spamming
you would be to target mailing lists, using forged addresses.

Spam on mailing lists instead of mail is also a good thing for us,
because we already have solutions for spam on mailing lists:
decentralised 3rd party ratings -- NoCeMs can be applied to mailing
lists.  Allowing us to recommend good posts or mark what we consider
spam.  Individual users can decide which rating service to use.

If you consider that hashcash can be setup to only charge postage for
people you have never replied to in the past, this heavily
discriminates against people who send large amounts of mail to random
people.  (Which is precisely the spammers mailing pattern!)


Another solution with real ecash is to send ecash payment with mail
and have filters that will similarly bounce messages if there is no
ecash.

The recipient by societal convention is expected not to cash the
payment.  People who cash your money you don't tend to send more email
to.  You could easily charge $1 and that would be a high price for the
spammer -- it would be cheaper to snail mail you the spam.

The above doesn't seem very friendly, or very in keeping with the
spirit of free discourse.  I think hashcash is nicer in this respect.

I've taken the stuff on eternity to another message.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`