[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remailer hashcash spam prevention




I disagree that the best way to implement hashcash is solely via the SMTP mechanism.  

Almost any efficient hashcash mechanism will require some sort of history file, or "invited list," to allow mail lists and those we have corresponded with to continue to do so w/i having to supply hashcash each time.  This list contains information which might have privacy implications and so should not be stored at the ISP, which can be forced to reveal such info w/o the knowledge of the client.

If 'open' list policies were changed so that anyone could post if they supplied enough hashcash for each mailing list recipient for their first 1 or 2 posts, and thereafter no longer needed to supply hashcash (sort of minimum reputation capital), it might eliminate hit-and-run or throw-away account SPAMers without offering too high a hurdle to new or infrequent posters.

Since most popular email clients allow plug-ins (e.g. Eudora) or extensions via Java/ActiveX, providing hashcash functionality via a plug-in and the java generators you propose would provide a simple mechanism to test its effectiveness w/o needing to involve the IETF.  The shortcoming of a plug-in approach is that few newbies will know of it or install it and will therefore have to wait till its built into the new release of whatever client they use or until some or all of the features are supplied by their ISP, allowing those calling regulation to continue to blow their horns.  However, if after a successful cypherpunk beta we could get the major email client companies (Netscape, M$ and Qualcomm) to include our plug-ins with all their new updates and offer them for free download from their Web sites, it could quickly steal the CAUCE folk's thunder.

--Steve