[hashcash] Re: considering hashcash

• From: Atom 'Smasher' <atom@xxxxxxxxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Tue, 24 Aug 2004 02:17:32 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 24 Aug 2004, Eric S. Johansson wrote:

Atom 'Smasher' wrote:

1) no support in pine. i could write my own script to handle outgoing mail (or ~maybe~ even use hashcash-sendmail).

hashcash sendmail is a good solution or, if you want to wait a couple of days, I have one solution coming up for postfix. And if you really want to get fancy and full featured, take a look at camram (sorry, must toot my own horn)

==============

if nothing else, i'm more motivated to try hashcash for ideological reasons, and contribute to proving that a "proof of work" stamp is more valuable and feasible than a "proof of payment" stamp.

after reading a bunch of stuff on the camram site, i'll have to check it out for outbound stamping. damn... there's no freeBSD port for camram... i'll have to build from source, like my ancestors did, in the old days...

3) hardly anyone uses it. this is the lamest reason not to use it, especially since i hate it when people say that about pgp.

but it is easier to use than PGP.

=============

they're both easy to use, less easy to set up. of course a system that requires *zero* human interaction is often perceived to be easier... especially when the user isn't the one setting it up.

of course, when/if pgp becomes widely used, i can test for valid signatures to bypass further testing of incoming messages.

4) spammers have us out-gunned. with >80% of spam coming from zombied windoze boxes, spammers have a lot of cycles to find collisions. it may slow down a spammer to generate hash based postage, but if the protocol catches on, spammers will start using it... (it seems that most windoze users have become accustomed to their machines running at full load).

I suggest you work the numbers. Make your assumptions about spam volume and number of zombies. Then set your stamp size to various points and find out how big a stamp is necessary to overwhelm the number of zombies you have.

<<snip>>

===============

ok so we can't stop 'em, but we can slow 'em down quite a bit.

5) CRM114 is giving me ~99.9% accuracy. this is a highly demotivating factor for filtering/screening my mail through anything else. i recently had a friend fwd a spam to me, so i could check it out... a brutal test for any spam filter... the message was classified as spam, but only by a *VERY* slim score. if we were both using hashcash that wouldn't have happened, but that type of situation is rare.

I agree that once you get it working, CRM is a nice filter for an individual. I've got some enhancements wrapped around the inside of camram to prevent e-mail from known parties from even touching the content filter. So the chances of false positives drop even lower.

=================

hhmm... "known parties"... white lists and mailing lists...

white lists suck (and will get worse) because spammers (aka virus writers) are getting better at what they do... in one month, i got 2 spams "From" my wife (both were caught by CRM114). both messages came from a cable modem in NYC; we live in a 100% M$-free home in NC. apparently someone's infected machine found both of us as participants in an email and the virus figured out that if an email is "From" one participant and "To" another participant, it will be more likely to get past a filter (a white list, particularly). i suspect we'll see more of this as whitelists become more popular.

mailing lists seem like another great target for stamped email. anyone on a yahoo mailing list has certainly seen spam come through the list. a virus can search a mail folder looking for headers that identify the list and send a stamped message "From" the user. how effective this is and how popular it may become remains to be seen.

    ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        Where is Lee Harvey Oswald now that we really need him?
                -- Bumper Sticker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBKt2CAAoJEAx/d+cTpVcis8YH/1qEfItYkI3AzIFfhb2Owlpl
7rxsUzvVOieCNdo00spa0+9Ojjz95naypvoYl4XQzmpcu6nU7fEbpRCX2IMDncGi
2CEN7kjYoRnuycJbXmVPTADqzm2Ycuk6c4pTZcp1u9B1yVPQJ0HOOpK8wE/8fztd
e0I3RMPlSoBQzUDumHnR3JTpCiXue1l+fRG8RVgJS68OlppBnWuiUmHy3oa5bQ/4
wAqy13LnK1IPmSWVKPs+xLBWGpNAj4ePdvKY2BiXmgF7wzEt7FdOQK7S9xAoX7bO
JEVnHPl/bY7GRTefbOgunv4ZHw1XqSxsVIuOzM2Y7TKBev8a6yow0lWG9hoKwSs=
=FGjT
-----END PGP SIGNATURE-----

• Follow-Ups:
  • [hashcash] Re: considering hashcash
    • From: Eric S. Johansson
  • [hashcash] Re: considering hashcash
    • From: Hubert Chan

• References:
  • [hashcash] considering hashcash
    • From: Atom 'Smasher'
  • [hashcash] Re: considering hashcash
    • From: Eric S. Johansson

Other related posts:

• » [hashcash] considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash
• » [hashcash] Re: considering hashcash

1. Home
2. hashcash
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---