tytso(_at_)mit(_dot_)edu ("Theodore Ts'o") writes:
Bare keys will do; consider a system where people keep a list of those
keys that they will accept mail. If someone tries to send mail and
their key is not on the recipient's list, the mail is returned to them
until they can perform a Hashcash calculation consuming a non-trivial
amount of CPU time, at which point their key is placed on the
recipient's list, and the sender can retry to send the message. If a
recipient receives SPAM, they simply drop the key of the sender from
their "ok-to-receive" list.
i think that we could write this up as open source and widely distribute
it and publicize the hell out of it for the rest of our careers without
ever having it become common practice to reject-with-explaination all
e-mail that comes from unauthorized senders. therefore it can become,
at best, a system that radical and highly technical recipients can use.
we've got a number of those already. (this one sounds new and better.)