Re: [Asrg] 6. Email Path Verification (hashcash benchmarks)

Jonathan Morton explained:

Actually, let's step back a bit. The original question was whether thiswas going to be (even approximately) workable on low-end machines, likethe old Macs I mentioned. I think we've established that it'smoderately painful, but yes it's workable, as long as we don't need morethan 20-bit hashcash anytime soon.

while it would be nice to stay at 20 bits, I suspect that the real initial valueshould be somewhere around 22 bits may be even 23. This does put quite a strainon low-end machine users but I think it's a manageable one as we have discussed.

I do appreciate to your concern for the low-end user. However, I believe theyare a fringe user population. I understand quite clearly what it means to be afringe user and not get any support from the mainstream. I am disabled courtesythe qwerty keyboard. I an extremely dependent on speech recognition computeruse. There's precious little support for my kind of disability in computer userinterface and even less for speech recognition on Linux.

So, I have found ways to work around the lack of accommodation. so will peoplewith low and computers. And I am sure, we will try to help by designing theright kind of services etc.

Suppose we implement a "postage required" callback to promote awarenessin the early stages. What happens when one of these callbacks hits alistserv that doesn't know about it? AFAIK, most listservs willprobably interpret it as a bounce, which is probably counterproductive.


this is part of what I was writing up in the hashcash best practices ID.

The way camram accommodates the real world is to provide multiple levels offilters. The first stage is the postage check, second stage is the white listcheck, third is a Bayesian style discriminator.

The third stage is important because it lets me split e-mail into threecategories (red, yellow, green). Green is good and passed to the inbox. Red isbad and passed to the dumpster. Yellow is the e-mail which is indistinguishablefrom Spam[1]. The camram system will send out postage due notices to theoriginators of yellow mail. From that action, we can further refine whichmessages are spam by paying attention to how the connection is rejected.

after receiving a postage due notice a user can then generate postage in theirbrowser courtesy a Java applet and deliver the stamp allowing their message tobe delivered. In the document I am working on, I with the issues of forgery andspoofing and ways to deal with them.

Also, what's the best way to combine hashcash and authentication? Notforgetting, of course, that we still need to have lots of backwardscompatibility that can (very gradually) be phased out. It would be niceto be able to avoid hashcash for initial communications in certainsituations, because that lets some of the low-end users off the hook,but that has to be watertight.

does it really need to be watertight? Is authentication a good idea? one of mystarting points for an antispam system is:


    Any measure for stopping spam must ensure that all non-spam messages
    have a means for bypassing that measure to reach their intended
    recipient.

another is that an antispam system must never become a tool for censorship.

If an authentication system has the properties of being able to silence aspammer by revoking their credentials, then you have created a tool by whichanyone can be silenced. This means you can be silenced.

Imagine how effective we would be against corporate interests if they could usethe DMCA to revoke your ability to send e-mail. That is what authenticationsystems buy you. It is a system enabling censorship.

I'm probably going to get pilloried for this but like it or not, spam is speechin the same way that naked breasts on a dancer, Johnny Ashcroft Patriot actroadshow, burning a flag of any country, and even yelling fire in a crowdedtheater is speech. But with all speech comes costs. Free is not equal $free$and if you're willing to bear the cost, you can make the speech. At the sametime, part of the freedom of speech is the ability to be heard but you cannotforce others to listen.

The more we can follow that model of speech, the closer we will be to a goodantispam solution. For example, if we can push the cost of spam as much aspossible onto the backs of the spammers, we will make unprofitable for the vastmajority of them. Then we can watch and learn how to make it more expensive forthe rest of them.

when analyzing antispam systems, ask yourself "who pays". With authenticationsystems that I've seen, typically it's increasing the receiver costs fordecreasing freedom. Only decentralize systems minimize user costs as a rule andhave decent reliability in a whole bunch of dimensions.

Personally, I believe that Spam will never go away. There will always be someform of organization which will pay the cost and mass mail. That's why there'llalways be a need for personal blacklisting so folks can say "I don't want tohear that" and make it stick. The trick will be making the human interface sodrop dead simple even your grandmother can't screw it up or at least you canunscrew it when she does.

Finally, as an interim solution, can hashcash be effectively used as afiltering modifier? Take SpamAssassin, for example, you could subtracta point from the spam score, for every bit of hashcash after the first N(say 16). That'd be handy for people who keep getting caught by thefilters for reasons beyond their control - it gives them a "get out ofjail" card, cheap for low-volume mail, expensive for bulk.

you really should take a look at the camram code in CVS. Much of what yousuggest is already done. It may not be exactly as you envision it butfunctionally its equivalent. Now I just need some Java talent to help me finishwith the browser postage due applet.


---eric


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg