[hashcash] Re: SpamAssassin / hashcash deployment stats?
- From: Adam Back <adam@xxxxxxxxxxxxxxx>
- To: "Eric S. Johansson" <esj@xxxxxxxxxx>
- Date: Fri, 4 Nov 2005 10:04:04 -0500
Well I did put some thought to site wide use of hashcash cmd line tool
in its design in that you can specify wildcards (and even regular
expressions) in your definition of valid addresses.
Certainly one could do things like *@foo.com or *@*.foo.com etc
And the hashcash double spend db can manage to represent multiple
users without problem.
The main question is where to get that info from. hostname, or
hostname stripped of local machine name (but avoiding tlds) so like:
machine name -> inferred accepted emails
foo.com -> *@foo.com
bar.foo.com -> *@foo.com, *@bar.foo.com
bar.co.uk -> *@bar.co.uk [and NOT .co.uk as it is a TLD]
etc I would think typically a machine accepting mail has a related
domain name (or it doesn't hurt to make this assumption). Of course
large ISPs with many soft hosted email accounts, they'll be using lots
of MX records pointing at the same host. Unfortunately I don't think
there is a reverse lookup on MX records to find which MX domains this
IP serves.
Is there an SMTP query command to ask an SMTP server what it accepts?
Adam
On Fri, Nov 04, 2005 at 09:20:29AM -0500, Eric S. Johansson wrote:
> Adam Back wrote:
> >Wouldn't spamassassin benefit from knowing the recipients address
> >independently from hashcash requirement to know that?
> >
> >At least when people write .procmailrc files to weed out spam a common
> >strategy is to throw away mail that is not To, or Cc one of your own
> >addresses. If you know who the recipient is spamassassin could
> >negatively score based on absense of one of your own addresses.
> >
> >
> >Isn't there some kind of workable default that is unlikely to hurt?
> >Like *@`hostname` but explicitly excluding "localhost" as an allowed
> >hostname in a site wide config. And $USER@`hostname` in an end-user
> >config?
> >
> >I imagine the deployment of hashcash within SA could improve a *lot*
> >if we could find some workable default config. People make the
> >minimal required settings in config files and I presume SA suffers
> >from this principle also.
>
> a site wide hashcashd could handle most of what you describe. it could
> handle serial and parallel double spending without knowing users. it
> would leak only the first stamp from a spammer. if user knowledge is
> available, it wouldn't even do that.
>
> I need to think on this a bit more but smells like the right direction.
>
> --- eric
Other related posts:
