[hashcash] Re: hashcash 1.0-pr3

  • From: "Eric S. Johansson" <esj@xxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Tue, 01 Jun 2004 11:46:47 -0400

Justin Guyett wrote:

I'm wondered about CAMRAM white-listing on this ground.  If you spend
one 26-bit stamp and spammers can then share a white-list signature
key amongst a bunch of spammers, and can send the recipient as many
mails as you want, they might eventually just do that: use their
zombie armies to actually "introduce" themselves.

Well probably not something to worry about now, and if it gets to that
stage, lots of field lessons will have been learned (hashcash would
have to be pretty widespread for spammers to bother doing it) and
perhaps it will be clearer by then what to do about it.


And whatever the result of "zombies vs hashcash," the result of "zombies
vs nothing" would be worse.

With high postage rates (32+ bits), is it feasable for spammers to spend
an hour or three of "zombie" cpu time to generate a stamp when it only
takes some irate user 5 seconds to forward the message to a special
address where a script reports the signing keyid to a dnsbl blacklist?  If
so, raise the intro stamp cost even more to 34, 35 bits...  At some point,
spammers will give up.  Lower the stamp cost.

thank you Adam or Justin. This reminds me that I made a mistake. We cannot use stamps to white list users. Only if you respond to a user should they be white listed. That way, this particular hole doesn't happen. White listing should always be about a full duplex conversation


People who really hate spam can be part of high-postage social networks.

If there were some application (like camram) that supported reverse stamp
costs and updated local stamp costs automatically, a network of
reverse-stamp-enabled users would automatically raise postage rates in
response to a MS virus (and zombie network) outbreak, and gradually lower
rates as machines got cleaned up.

I've been talking about this kind of thing on the camram list. The idea is you publish your local stamp rates in your outbound e-mail. You set your local stamp rate according to stamp rates received from your peers and any spam received. Again, this implies there is some form of a postage due mechanism that will communicate back saying "more postage please"



Oh, and what about the web of trust features in pgp?  It seems like that
could be used to great advantage to get into a high-postage social network
without spending days computing an intro stamp just to get marginally
trusted by one member of the network.  Of course, that requires user
intervention...

that's why I'm advocating a web of knowledge based on who you e-mail. Automatic social network without (potentially) any user interface needed.




Other related posts: