[hashcash] Re: OmniMix with recipient related Hashcash
- From: "Eric S. Johansson" <esj@xxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Tue, 05 Dec 2006 09:52:15 -0500
Adam Back wrote:
I think along those lines that adding hashcash verification to
heuristic calculations (as with spamassassin) to help avoid false
positives; and creating individual stamps on outgoing messages is
enough for a start.
Stamping outgoing messages has always been a problem. I was talking
with Jonathan Morton about this and the two ideal clients needing
plug-ins were Thunderbird and Outlook. Outlook would probably be the
most "profitable" target. But I question whether or not plug-ins would
give us the necessary background processing capabilities for a good user
experience with stamps. I fear the acceptance of hash cash stamps would
be significantly reduced if the end user was locked out of their e-mail
client during the stamp generation process.
A good client-side proxy would help reduce the problem of outgoing
stamps if it can identify automatically which mail server to send the
message to. Ideally one should be able to inject oneself into the TCP
stack and snag anything outbound on port 25 to eliminate any user
configuration issues. The downside would be that if the machine was
owned by a zombie, all the zombie messages would be stamped. This could
be a good thing for zombie detector but that's a whole different discussion.
A third possibility would be the development of a captive zombie process
as described to me by Jonathan. It would be a simple UDP protocol would
request for a stamp with all the appropriate parameters. This should be
used by a mail server trying to offload all of its stamp generation
responsibilities to client machines. Load distribution would be
interesting as well as zombie selection.
So I think the two approaches are complimentary. Ie I think it helps
Eric in deploying the more complex whitelist/brownlist/challenge
response/captcha etc if others start by deploying the basic hashcash.
I'm coming to see the wisdom of doing it that way. I'm afraid my ego
was getting in the way of it earlier.
I would appreciate two things. It would be really useful to me and I
suspect others if there was a Python module/library including the
hashcash code. calling out to a subprocess does work kind of, sort of,
but I feel it's error-prone. a nice Python extension module would be
swell but I don't have the knowledge to implement this. The second is I
would appreciate it discussion on how to implement/define a DNS record
specifying postage rates and type of postage mechanism. The reason I am
big on this is that a simple system like folks are describing will
always generate stamps and always look for stamps. I need to know this
so I can generate stamps the right way. But other systems that use some
sort of adaptive or hybrid model need to know that I don't need stamps
every time (although that is nice).
This broadcast mechanism will answer one of the frequently raised
objections which is "how do you know how much to send?" we will no
longer have a hardcoded postage rate in the code but it would be
externalized and easily changed.
---eric
Other related posts:
