[hashcash] Re: PR Problem?

Todd A. Jacobs wrote:
 > Integration is an issue. Hashcash is *not* trivial to implement at the

MUA level, isn't a drop-in piece of the MDA toolchain, and even MTA
support (where it exists) may not play well with other tools.
one of the most fundamental obstructions to implementing sender-pay systems is simply the significant difficulty in establishing two unidirectional paths for e-mail so you can apply different operations on each pass (i.e. stamping outbound, detection inbound). I've been able to fake it in postfix by explicit routing inbound traffic and using the submit port for outbound. 



If you want wider uptake, you have to address the installed based of
software. And more importantly, you have to convince people that it adds
value to install and configure it even if almost no one else does the
same. OpenPGP cleartext-signing is a great example of this philosophy:
it provides some observable utility (non-repudiation) even if the vast
majority of one's email correspondents don't use PGP/GPG.
this is a classic T0 problem. If you throw in a hashcash receiver and it doesn't cost anything to configure or only takes a few minutes, then there is no "objection" to that system. What appears to be the most contentious is generating stamps. Any stamps. Without addressing that objection, we won't get off of T0. 

(Insert hybrid sender pays rant here)
Since hybrid sender-pays can reduce the cost of generating stamps to almost nothing and the DNS info propagation method proposed can reduce the cost of configuration down to almost nothing all we need to do is prove that they will get something for nothing.
Bad jokes aside, we have the techniques. Adam is right we need to do a little more analysis but I'm spent enough time with them that I'm convinced they are basically sound. we need to prove that it does no harm and that when adoption gets high enough with your partners, it provides benefit. Like I said before, first stage benefit is introducer, second stage benefit is ability to crank up the filters and make it harder for spammers to get through. the 1.5 stage benefit is it doesn't make blacklists permanent but are instead something that can be penetrated with enough work.
one way to prove the lack of damage is to run an e-mail service. Either on a per domain or a per account basis.
if you want to have something like open PGP clear text signing, we could create the equivalent of a multipart mime document in which one of the parts is a stamp section. Makes visible, lets people know what's going on and makes it more difficult to parse on the backend (maybe). another advantage to multipart mime document form is multi-parts stamps. That instead of having a single 24-bit stamp, you would use 16 20 bit stamps to reduce the variability of stamp search time from message to message. 

One question would be what happens if you stand a gpg signed document?

---eric

Other related posts: