[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hashcash spam prevention & firewalls




> >> So, we would need about 44 hours of CPU time each day.
> >
> >Well, have a system of certified remailers trusted to force their users to
> burn
> >up time at the sending end, so the ultimate recipient accepts their messages
> >w/o postage. One certified remailer accepts messages from others without any
> >postage, so only the original sender has to use up CPU time. 
...
> Since we need hashcash now to LEAVE a remailer, not to enter one, where does
> this hashcash come from?  A busy remailer could not generate it's own
> hashcash for the destination non-remailer ISPs. 

This is exactly what I was addressing: remailers only have to get themselves
certified as remailers and then prove their certification to the destination
server, not do the whole hashcash shtick for every message. (For example, they
could publish their public key's hash signed by some anti-spam organization,
then sign the hash of the server's challenge to prove that they are a real
remailer, not an advanced spammer imitating one) 

> 
> Does the same hashcash that allows a message to enter the remailer network
> also retain it's validity once the message has been rewritten by the
> remailer?  Is this hashcash still valid for the destination mail server at
> netcom?  Does the initial sender provide two instances of hashcash, one to
> get into the remailer, and one to get into the destination mail system? 

Nope. The original sender provides hashcash to get into the remailer net, and
the receiver, after seeing the remailer's certificate, trusts that the original
sender spent some CPU time to send the message. The remailer doesn't have to
while away nearly as much of *its* CPU time, and spammers still couldn't send
many messages since they still have to waste their CPU cycles to do so. 

...
> 
>   -- Robert Costner                  Phone: (770) 512-8746
>      Electronic Frontiers Georgia    mailto:[email protected]  
>      http://www.efga.org/            run PGP 5.0 for my public key

---------------------------------------------------------------------------
Randall Farmer
    [email protected]
    http://hiwaay.net/~rfarmer