[hashcash] Re: PR Problem?

DeLesley Hutchins wrote:


As I see it, this isn't a technical problem.  You folks at hashcash.org have
written the basic software. It's been part of SpamAssassin for years. All we need is client (MUA) support, and it's not your job to integrate it into every e-mail client. 
This seems to be a political/PR problem.  I am totally mystified as to why there
is so little interest from the authors of e-mail clients.  I assume that you've
had many discussions with the mozilla developers and others -- what was the
response?  Why the lack of enthusiasm?
I'm probably one of the most enthusiastic supporters of proof of work sender-pays and even I don't get as much done and publicized as I would like. So I think the answers to your questions are 1) we are all a bunch of layabouts; 2) we are tired of getting beaten up by geeks that are bad at math and logic; 3) wrong phase of the universe.
Proof of work systems are not simple. Applying them even less so. For example, I've worked out how to use a proof of work stand as a proxy for reputation, attention, and to ameliorate the Slashdot effect. But what we keep coming back to every time is that we can't get the rest of the world to move off of the concept of naïve sender pays (one stamp for every message).
I have found ways to minimize stamp cost from absolutely nothing in the very beginning to appropriate levels with full adoption. It is a self adapting system which has all sorts of wonderful possibilities.
The initial reduction of stamp cost came from only sending stamps to people you don't know. This drops the cost of stamping your messages to a small fraction of what naïve sender-pays requires.
If you add on top of that the idea that a DNS record can tell you either the baseline postage or the URL of where to get the postage for a given address, then you can drop the cost of postage even more in the very beginning because you don't generate useless stamps to non-receivers.
Once you have users querying a URL for postage, then you can use the reputation of that site to modify the postage charges required from that site.
But we can't get the world to pay attention to these changes in design. I'm going to make one last attempt. I hope within the next couple weeks I will release a new version of twopenny blue (formerly known as camram) with many of these features in it.
If you are skilled in making a Thunderbird plug-in, then by all means, build a stamp generator and output in a filter that detects outgoing stamps and not generate any additional stamps.
But we need to start the discourse at the level of hybrid sender pays and not naïve sender pays. We need to have good models showing people how the zombies really aren't a problem. We need to show people how active tracking of traffic to eliminate false positives improves the quality of e-mail. We need a model to show how its adoption improves life with percentage increase of use.
And most importantly, we need to show that if we can trick spammers into using proof of work tokens, we will drop the level of spam on the net. Not just eliminate it into our inboxes, I mean eliminate 90% of the spam from even getting onto the net without the need for any identity based access control systems. 

Personally, what do I need to make twopenny blue more effective?
Thunderbird plug-ins not just for spam generation but also feedback to twopenny blue on false negatives, replacing the web interface for spam trap processing etc., improvements in tracking quality of messages from different sources and dynamically creating Brown lists. And the last I can think of is eventually creating a web of trust for a brown list database.
The feedback is important because it clearly identify spam which can be fed into the Brown list. The DNS -based information is important to advertise your capabilities and because it makes you vulnerable to targeted attacks in the beginning, it's important to have the ability to clearly identify spam so that you can put up a blackhole list and defend yourself. The sharing is important because in the very beginning, you need a way to create offenses against direct attacks. If you can learn from someone else will attack, then so much the better.
so I think the real answer to your question is, we're exhausted. We don't have enough people doing real work to make demonstrably functional code in this area. I've done the best I can and I'm not going to make any apologies for it. 

Your assistance would be most welcome.

---eric

Other related posts: