Well I did put some thought to site wide use of hashcash cmd line tool in its design in that you can specify wildcards (and even regular expressions) in your definition of valid addresses. Certainly one could do things like *@foo.com or *@*.foo.com etc And the hashcash double spend db can manage to represent multiple users without problem. The main question is where to get that info from. hostname, or hostname stripped of local machine name (but avoiding tlds) so like: machine name -> inferred accepted emails foo.com -> *@foo.com bar.foo.com -> *@foo.com, *@bar.foo.com bar.co.uk -> *@bar.co.uk [and NOT .co.uk as it is a TLD] etc I would think typically a machine accepting mail has a related domain name (or it doesn't hurt to make this assumption). Of course large ISPs with many soft hosted email accounts, they'll be using lots of MX records pointing at the same host. Unfortunately I don't think there is a reverse lookup on MX records to find which MX domains this IP serves. Is there an SMTP query command to ask an SMTP server what it accepts? Adam On Fri, Nov 04, 2005 at 09:20:29AM -0500, Eric S. Johansson wrote: > Adam Back wrote: > >Wouldn't spamassassin benefit from knowing the recipients address > >independently from hashcash requirement to know that? > > > >At least when people write .procmailrc files to weed out spam a common > >strategy is to throw away mail that is not To, or Cc one of your own > >addresses. If you know who the recipient is spamassassin could > >negatively score based on absense of one of your own addresses. > > > > > >Isn't there some kind of workable default that is unlikely to hurt? > >Like *@`hostname` but explicitly excluding "localhost" as an allowed > >hostname in a site wide config. And $USER@`hostname` in an end-user > >config? > > > >I imagine the deployment of hashcash within SA could improve a *lot* > >if we could find some workable default config. People make the > >minimal required settings in config files and I presume SA suffers > >from this principle also. > > a site wide hashcashd could handle most of what you describe. it could > handle serial and parallel double spending without knowing users. it > would leak only the first stamp from a spammer. if user knowledge is > available, it wouldn't even do that. > > I need to think on this a bit more but smells like the right direction. > > --- eric