LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] spam: requiring signed email

[ILUG] spam: requiring signed email

Paul Jakma paul at clubi.ie
Tue Feb 10 22:59:00 GMT 2004 

On Mon, 9 Feb 2004, Justin Mason wrote:

> The proof-of-work part is taking
> 
> 	Recipient: jm at jmason.org | SOMEDATA
> 
> and coming up with a value of SOMEDATA that hashes to
> 0x000000abcfe3234...etc. , where the first N bits are 0.  
> Iteration is the current way to do this; SOMEDATA=1, SOMEDATA=2,
> etc.

Aha. This is presumably the same hashcash as at:

	http://www.hashcash.org

?

Very very interesting :)

The draft RFC would need a bit more work, to bring it to the same
high standard of his other papers on Hashcash. Perhaps he 
deliberately did not finalise the details though.

> Yeah -- that's labour-intensive for the recipient.

Not really though. At least, my MUA has long been configured with a 
list of my email addresses, so that it can distinguish my address(es) 
from others (eg, to allow display of the 'To:' field rather than the 
'From:', should the 'From:' field be "me" and hence not useful.).

Nearly all MUAs know the user's email, it's just a matter of them 
being able to know more than one.

> Or accept hashcash for those lists.  Consider ILUG -- lots of spam
> relayed by list.

Yep. The initial sender would include 2 hashcash's, one for list, one 
the direct recipient.

The list software shouldnt generate a hashcash. (its just too 
fiddly).

> Yep, but unless the recipient addr is accepted by the recipient, it
> won't do any good.

Course yes.

> > Another thing that's missing is that the cookie will need to have
> > a have a message digest or even a full cryptographic signature of
> > the message body inside it, otherwise cookies could be reused.
> 
> .... and that's the hard part ;)

Difficult for hashcash.

> Seriously -- this has come up before, and if you leave out some bit
> of the user-visible data (From, To, Subject, body) then you give
> spammers a space to write their message in.

> And then you have to deal with list servers that scribble on the
> rest of the data, adding message footers or subject line tags,
> screwing up that hash ;)

Right, hence why you might make use of mime.

> --j.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam at dishone.st
Fortune:
/usr/news/gotcha

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell