[hashcash] Re: PR Problem?
- From: "Eric S. Johansson" <esj@xxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Mon, 13 Nov 2006 18:53:10 -0500
Todd A. Jacobs wrote:
I think a whitelisting demon might or might not be valuable, depending
on how one uses the stamps. Where it probably has the most value is
either on the sending side (cheaper or no stamps based on the status of
the recipient), or on the MTA side where saving CPU cycles on
trusted-but-high-volume senders/recipients might be valuable.
Well, on the recipient side I use it to further bypass any content
analysis. Works well, haven't had any leaks because it's virtually
impossible for the spammer to find out which source addresses pass
through without analysis
the other advantage to white listing based on addresses is that provide
you with some benefit to those not using a proof of work system. This
gives people further reason to adopt your system instead of sticking
with the same old same old.
Stamps provide benefit in the future, white listing provides benefit to
all you speak with now, and the combination is compatible with the past.
In a naive sender-pays setup, I'm not sure that the cost of validating
received stamps is high enough to justify inbound whitelisting. And
because the selling point to the end-user is that minting stamps makes
your email look more like ham, I don't see how whitelisting your
recipients from the sender side (e.g. not minting stamps for friends) is
a win.
yes, with a naïve system, white listing has no advantage if you think of
it in terms of stamp users only.
The rest of your points boil down to philosophical differences. I will
not perform content analysis on a message that has either passed with a
stamp or white lists. I prefer always pass because there are no false
positives. Between stamps and white lists, I would never need to look
into the dumpster/spam trap.
Think about the difference between always pass versus score fudging.
with score fudging, you are moving the goalposts in favor of messages
with stamps. But you are also moving them for messages with spam. I
wish I could tell you were the threshold for good versus bad stamp size
would be for this model but I haven't figured out the equation yet. I
know with always pass, an unknown number of zombies, the stamp size
should be around 90 seconds in order to leak only 10% of the traffic.
But this little number also highlight something else about stamps which
is that it always pass, how much you leak is the total volume of spam on
the net (assuming everybody is generating stamps). We would need to do
similar modeling to find out how much we can reduce spam traffic using
the score fudging technique.
In a more complex scheme, though, that would probably be very valuable.
How do you envision the whitelisting working?
it's real simple. it would be used for three things. The simple white
list takes an e-mail address and a user identifier and yields a Boolean
saying whether or not this user was listed. A variant would say that
the domain was listed if the user could not be found.
The next variant would use the IP address and yield either a postage
requirement or a quality score which could be used to determine whether
to blacklist the address or not.
a simple implementation is relatively easy, a fast one is not.
---eric
Other related posts:
