Adam Back wrote:
I think along those lines that adding hashcash verification to heuristic calculations (as with spamassassin) to help avoid false positives; and creating individual stamps on outgoing messages is enough for a start.
Stamping outgoing messages has always been a problem. I was talking with Jonathan Morton about this and the two ideal clients needing plug-ins were Thunderbird and Outlook. Outlook would probably be the most "profitable" target. But I question whether or not plug-ins would give us the necessary background processing capabilities for a good user experience with stamps. I fear the acceptance of hash cash stamps would be significantly reduced if the end user was locked out of their e-mail client during the stamp generation process.
A good client-side proxy would help reduce the problem of outgoing stamps if it can identify automatically which mail server to send the message to. Ideally one should be able to inject oneself into the TCP stack and snag anything outbound on port 25 to eliminate any user configuration issues. The downside would be that if the machine was owned by a zombie, all the zombie messages would be stamped. This could be a good thing for zombie detector but that's a whole different discussion.
A third possibility would be the development of a captive zombie process as described to me by Jonathan. It would be a simple UDP protocol would request for a stamp with all the appropriate parameters. This should be used by a mail server trying to offload all of its stamp generation responsibilities to client machines. Load distribution would be interesting as well as zombie selection.
So I think the two approaches are complimentary. Ie I think it helps Eric in deploying the more complex whitelist/brownlist/challenge response/captcha etc if others start by deploying the basic hashcash.
I'm coming to see the wisdom of doing it that way. I'm afraid my ego was getting in the way of it earlier.
I would appreciate two things. It would be really useful to me and I suspect others if there was a Python module/library including the hashcash code. calling out to a subprocess does work kind of, sort of, but I feel it's error-prone. a nice Python extension module would be swell but I don't have the knowledge to implement this. The second is I would appreciate it discussion on how to implement/define a DNS record specifying postage rates and type of postage mechanism. The reason I am big on this is that a simple system like folks are describing will always generate stamps and always look for stamps. I need to know this so I can generate stamps the right way. But other systems that use some sort of adaptive or hybrid model need to know that I don't need stamps every time (although that is nice).
This broadcast mechanism will answer one of the frequently raised objections which is "how do you know how much to send?" we will no longer have a hardcoded postage rate in the code but it would be externalized and easily changed.