Re: Bug#234743: ITP: hashcash -- a postage payment scheme for email based on hash calculations

[Hubert Chan <hubert@uhoreg.ca>]

>>>>> "Peter" == Peter Palfrader <weasel@debian.org> writes:

Peter> Is there something like hashcash that actually works?

Peter> I mean something that stops Bob with his dozen of Athlon 2Ghz
Peter> boxen at work from DoSing a service while still allowing Alice
Peter> with her 486 to use the service?

- If a spammer wants to add a valid hashcash token to each message, he
  will be able to send a far smaller number of spams than without the
  token.  Spammers rely on being able to send out millions of messages
  cheaply.

- The hashcash system does make certain assumptions about spammers.  For
  example, that the spammers are using their own machines to send the
  spam.  I suppose it does not work as well against people who use
  zombied Windows machines to send spam, although it would probably
  still limit somewhat the number of messages they can send.  But I
  think it is still better than nothing.

- Ideally (although I don't know if any program actually does this), the
  hashcash token is generated while the user writes the message.  The
  token is generated within a small number of seconds, which is shorter
  than the time that it takes to write a meaningful message.  So other
  than the "forwarded-junk-message-to-all-my-friends" message, Alice
  shouldn't notice.  (Again, this is the ideal situation.  I don't know
  of any MUA that actually does this.  But this is independent of the
  actual hashcash program.)

-- 
Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.