From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/45395 Path: main.gmane.org!not-for-mail From: Stainless Steel Rat Newsgroups: gmane.emacs.gnus.general Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter Date: Tue, 25 Jun 2002 10:54:44 -0400 Organization: The Happy Fun Ball Brigade Sender: owner-ding@hpc.uh.edu Message-ID: <02Jun25.104630edt.119271@gateway.intersystems.com> References: <02Jun24.115740edt.119250@gateway.intersystems.com> <02Jun24.151839edt.119751@gateway.intersystems.com> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1025017003 1884 127.0.0.1 (25 Jun 2002 14:56:43 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Tue, 25 Jun 2002 14:56:43 +0000 (UTC) Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 17MrkI-0000UH-00 for ; Tue, 25 Jun 2002 16:56:43 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17MrjY-0001rR-00; Tue, 25 Jun 2002 09:55:56 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Tue, 25 Jun 2002 09:56:16 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id JAA23145 for ; Tue, 25 Jun 2002 09:56:05 -0500 (CDT) Original-Received: (qmail 1172 invoked by alias); 25 Jun 2002 14:55:40 -0000 Original-Received: (qmail 1167 invoked from network); 25 Jun 2002 14:55:40 -0000 Original-Received: from gateway.intersys.com (HELO intersystems.com) (198.133.74.253) by gnus.org with SMTP; 25 Jun 2002 14:55:40 -0000 Original-Received: by gateway.intersystems.com id <119271>; Tue, 25 Jun 2002 10:46:30 -0400 Original-To: "(ding)" X-Attribution: Rat In-Reply-To: (Simon Josefsson's message of "Tue, 25 Jun 2002 10:56:44 +0200") Original-Lines: 33 User-Agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.1 (Cuyahoga Valley, i686-pc-linux) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:45395 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:45395 * Simon Josefsson on Tue, 25 Jun 2002 | Not only, it works in peer 2 peer as well. Yeah, but PGP works better. Three words: web of trust. X-Hashcash cannot have a web of trust. And PGP can work without prior contact through PGP key servers. X-Hashcash cannot do that, either. | hashcash.el uses the recipients email address as a challenge. If you | know the recipients email address, you know the hashcash challenge, so | this should work. A spammer could compute these, but he could only | use it once. No, he could only use it once every 28 days by default. Still, there may be a way of exploiting the Bcc mechanism or RCPT TO at the SMTP level, both common spam tactics. If a spammer were to generate a hash against a bogus To header (like most of the spam I get), he could blindly send his spam to millions of recipients with only one hash. Yes, you could check the X-Hashcash coin against your known address, but that leads you directly into a false negative if a legitimate sender Bccs you something. The system is also vunlerable to false positives. The likelyhood of an accidentally duplicated coin increases with the number of users. And it is potentially vulnerable to denial of service by the same mechanism. I'll take back what I said about hoping it dies, because it does serve a useful function within its limited scope. DCC and Razor are vastly superior mechanisms for filtering spam for end users. -- Rat \ Happy Fun Ball contains a liquid core, Minion of Nathan - Nathan says Hi! \ which, if exposed due to rupture, should PGP Key: at a key server near you! \ not be touched, inhaled, or looked at. That and five bucks will get you a small coffee at Starbucks.