Re: [Evolution] RFC 2476 - Message Submission

On Tue, 2004-05-25 at 07:01 -0400, Patrick O'Callaghan wrote:
On Tue, 2004-05-25 at 16:16 +0800, Not Zed wrote:
Something will have to happen, spam is costing too much in time and
resources.  So something like a 'secured' internet email backbone will
develop, although it will require someone like MS to do it, and to
open the protocol enough for others to use it.  Although their
security record doesn't inspire confidence.

There are currently at least three recent proposals along these lines:'s SPF (Sender Permitted From), Microsoft's Caller-ID and
Yahoo's Domain Certs.

My favorite solution so far is Hashcash ( For each
recipient of the message, the sender has to find a random string such
that when you append the email address, current time, and that string
together, the SHA1 hash of the result starts with some large number of
0s. The resulting "stamp" gets added to the email headers. When you
receive the message, you verify the stamp, and based on how many 0s the
hash starts with, you can vaguely estimate how much time the sender
spent computing it. For normal users, losing a few seconds per recipient
isn't really a problem. For spammers, it would be deadly. (Eg, Comcast
recently stated that there are 800 million messages being sent by
virus-infected spam zombies on its network every day. It would take
almost 51 computer-years of work to generate a 2-second hashcash stamp
for each of those.)

It has some problems they're still working out (eg, mailing lists), but
so do all of the other proposals.

-- Dan

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]