ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] My Suggestion - HashCash + whitelist/auth

2003-03-05 16:05:40
from [ietf] [Permanent Link] 
  One major problem with detecting spam is that it is hard to seperate bulk
mail from legitimate mail for unknown senders. Therefore, I suggest the
following two-part system:

 1. Unauthenticated senders will be required to add a token to their mail
    indicating some amount of computation performed, specific to the
    message and recepient, for example - creating an n-bit hash collission
    with the message.
    Messages without this token are returned with an explantion to the
    sender, and perhaps with a human-verification fallback (such as
    detecting letters in an image).

 2. When signing up to a legitimate bulk mailer (mailing list, website,
    etc.) you either send a signed certificate with the bulk mailer's public
    key permiting him to send you mail, or add his public key to your
    whitelist. The same can be done for friends.

  The MUA should know if the recepient is on a whitelist by some means.
Also, the MUA should know how much work needs to be done, this can be done
by modifying the email address to something like me(_at_)myhost(_dot_)com#10, 
which
means 10 bits of hashcash are required to send mail.

  This method requires the following updates:

 1. A user wishing to enjoy spamfree email must use a compatible MUA.
 2. Bulk-mailers must upgrade their systems to send signed mails. This can
    be overcome in the short term using From: whitelisting.
 3. An email address should be allowed to have "#n" in the end. It's not
    required in the transitional phase.
 4. The MUA of legitimate unauthenticaed senders should be configured to
    generate the hashcash. In the transitional phase, other human-detection
    methods will be used,

  Alon

-- 
This message was sent by Alon Altman (alon(_at_)alon(_dot_)wox(_dot_)org) 
ICQ:1366540
The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :)
--------------------------------------------------------------------------
 -=[ Random Fortune ]=-
design, v.:
        What you regret not doing later on.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] definition of spam (was Re: consent expression), Gary Feldman
Next by Date:  Re: [Asrg] Deprecating plain POP accounts, Keith Moore
Previous by Thread:  [Asrg] Summarizing, Kee Hinckley
Next by Thread:  Re: [Asrg] My Suggestion - HashCash + whitelist/auth, Adam Back
Indexes:  [Date] [Thread] [Top] [All Lists]