Atom 'Smasher' wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On Mon, 30 Aug 2004, Eric S. Johansson wrote:
Hashcash is wonderful for lots of things. Unfortunately, it really really sucks for mailing lists because mailing lists are behaviorally just like spammers (lots of mail in a short period of time).
===================
huh? if you send a message to hashcash@xxxxxxxxxxxxx (a mailing list) then you mint a stamp for that address.
as a subscriber to that list, i tell hashcash to accept any stamp minted for <hashcash@xxxxxxxxxxxxx>, and consider it just as good as if it were minted for me. that's covered in the FAQ, question 5d.
It's also unreasonable to impose the hashcash burden when communicating to someone you know.
=====================
it may or may not be. i'm not using the world's best computer here, but a 20-bit stamp for everyone isn't too big a burden for me. moore's law will also apply to legitimate user's of hashcash ;)
To get large-scale acceptance, we'll need an approach that meets enterprise needs. Most enterprises will not touch a solution that requires large-scale desktop modification. The support burden is just too high. Therefore, we'll need a solution that can be implemented by a "drop-in box". Which is difficult because enterprise e-mail looks just like a spammer for the same reason that mailing lists do.
==============
i'm not sure i understand how this creates a problem... the bar is raised, for both mass-mailer and spammer... a legitimate mass mailer can create a mailing list and allow subscribers to accept stamps for that list. a spammer will be slowed down to a crawl, or slower.
i also don't see how a public key system is any easier to implement, in enterprise environments, than hashcash.
regarding desktop modification: like nearly all good idea, this will be implemented first in open-source and geeky applications. after 1) people realize that it helps fight spam and 2) someone creates a slick (invisible) interface that's idiot resistant, then all of the closed-source applications used in enterprise environments will have to adopt it, or risk losing market share. the companies will inherit the technology during their next regular software upgrade.
anything that satisfies this requirement will violate the above requirement: enterprise systems are slow to change.
there is an unparalleled risk factor created when signatures happen on auto-pilot. public key systems will only result in "signed spam". there would be less spam getting through on a daily basis, but when a machine is cracked before a holiday weekend, and there are 100 people in the address book, those 100 people will likely suffer a DoS from the signed spam they're getting. it's debatable whether that's better or worse than a filter that let's 5% of spam through every day.
---eric