[Dshield] What price freedom?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Nov 29 06:34:52 GMT 2005


On Mon, 28 Nov 2005 15:09:44 MST, Josh A said:
> Speaking of using CPU time as postage, have you heard of hashcash ?

Hashcash doesn't work well if mailing lists or high-volume mail hubs are
involved - If you set the CPU time as "one second", then a machine turning
1M mails/day is basically *doomed* unless at least 90% of the recipients manage
to correctly whitelist the sending address (you end up needing more than a
CPU-day every day just to compute the hashchash).

In addition, users can't get the whitelisting right.  Quick - what addresses do
you need to whitelist to allow AOL mail? MSN? HotMail?  Hint: you almost
certainly want neither the RFC822 From: or To: - the SMTP MAIL FROM and the
source IP address are the only two rational candidates. Try explaining either
of those to Joe Sixpack.  And what happens when these addresses change?

And the truly sad part is that mail servers that don't have resources are doing
this to prove they're not part of a network of zombied PCs that *do*
collectively have the CPU resources - I *do* care if *my* mail server spends an
hour doing hashcash, but the spammer *doesn't* really care if some victim PC on
the outskirts of Huntsville Alabama spends an hour.....

Other than that, hashcash is a great idea. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051129/bf2fb5e2/attachment.bin


More information about the list mailing list