Re: Bug#234743: ITP: hashcash -- a postage payment scheme for email based on hash calculations
>>>>> "Peter" == Peter Palfrader <weasel@debian.org> writes:
Peter> Is there something like hashcash that actually works?
Peter> I mean something that stops Bob with his dozen of Athlon 2Ghz
Peter> boxen at work from DoSing a service while still allowing Alice
Peter> with her 486 to use the service?
- If a spammer wants to add a valid hashcash token to each message, he
will be able to send a far smaller number of spams than without the
token. Spammers rely on being able to send out millions of messages
cheaply.
- The hashcash system does make certain assumptions about spammers. For
example, that the spammers are using their own machines to send the
spam. I suppose it does not work as well against people who use
zombied Windows machines to send spam, although it would probably
still limit somewhat the number of messages they can send. But I
think it is still better than nothing.
- Ideally (although I don't know if any program actually does this), the
hashcash token is generated while the user writes the message. The
token is generated within a small number of seconds, which is shorter
than the time that it takes to write a meaningful message. So other
than the "forwarded-junk-message-to-all-my-friends" message, Alice
shouldn't notice. (Again, this is the ideal situation. I don't know
of any MUA that actually does this. But this is independent of the
actual hashcash program.)
--
Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
Reply to: