[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hashcash spam prevention & firewalls




At 02:07 PM 12/13/97 -0600, Uhh...this is Joe [Randall Farmer] wrote:
>> So, we would need about 44 hours of CPU time each day.
>
>Well, have a system of certified remailers trusted to force their users to
burn
>up time at the sending end, so the ultimate recipient accepts their messages
>w/o postage. One certified remailer accepts messages from others without any
>postage, so only the original sender has to use up CPU time. 

Once again someone is responding to me by talking about hashcash in the
internal remailer network.  I don't think this is what I'm referring to.
Perhaps because I do not fully understand how anti spam hashcash would be
implemented on a per message basis.

The idea proposed was one to limit Spam to ISPs by using hashcash to stop
spam coming into an ISP.  Imagine the domain anon.efga.org wishes to send
4,000 per day messages to the various domains netcom.com, aol.com,
mindspring.com, etc.  Each individual message is reasonably unique coming
from anon.efga.org.  Since we need hashcash now to LEAVE a remailer, not to
enter one, where does this hashcash come from?  A busy remailer could not
generate it's own hashcash for the destination non-remailer ISPs.

Does the same hashcash that allows a message to enter the remailer network
also retain it's validity once the message has been rewritten by the
remailer?  Is this hashcash still valid for the destination mail server at
netcom?  Does the initial sender provide two instances of hashcash, one to
get into the remailer, and one to get into the destination mail system?

Various remailers can distort a message in a variety of ways.  Dropping of
MIME attachments, munging of email addresses when CC'ed to a newsgroup,
adding a PGP signature or timestamp, adding headers that explain it's a
remailer, adding footers that explain it's a remailer.  Since the actual
message can change, it seems that for hashcash to be message dependent, it
would have to be generated by the exit remailer.

I'm not claiming I understand the concept of hashcash.  I'm simply pointing
out I don't see how it would truly be effective in a real world application.


  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:[email protected]  
     http://www.efga.org/            run PGP 5.0 for my public key