[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hashcash spam prevention & firewalls




>> > So, we would need about 44 hours of CPU time each day.
>> >Well, have a system of certified remailers trusted to force their 
>> >users to burn up time at the sending end, so the ultimate recipient
>> >accepts their messages w/o postage. One certified remailer accepts
>> >messages from others without any postage, so only the original
>> >sender has to use up CPU time. 
>...
>> Since we need hashcash now to LEAVE a remailer, not to enter one,
>> where does this hashcash come from?  A busy remailer could not
>> generate it's own hashcash for the destination non-remailer ISPs. 
>
>This is exactly what I was addressing: remailers only have to get themselves
>certified as remailers and then prove their certification to the destination

You're both taking the wrong approach - make the originator of the message
generate the hashcash, and make sure the remailer syntax lets them paste it in
as needed.  For chained remailers, generate multiple layers of hashcash.
Maintaining whitelists is a losing game, but unnecessary here.

Mailing lists are still hard, and perhaps best handled by the user's software
(or some fancy variant like user-selectable filters at the ISP mailbox.)
It's hard to tell a real mailing list from a spammer's mailing list,
and both of them do mail explosion and send their mail to names not 
listed in the To: line, so it's hard to do a technical fix.
There are scads of attacks against any fix, like having 
[email protected] join the mailing list for a while and them spam it.
But remailers are easy.
				Thanks! 
					Bill
Bill Stewart, [email protected]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639