Art Pollard wrote:
HashCash / Penny Black proposals suffer from one flaw that I see... they
assume that there is no legitimate reason for a low-budget organization
to send high volumes of e-mail. Driving up the costs for spammers also
drives up the costs for things like public mailing list servers.
<SNIP>
It's still an interesting idea, but I'm not sure that it's practical in
the real-world.
Well, it could be combined with a whitelist. Basically, the first
message (the subscribe message) could be HashCash/Penny Blacked. Then
the subscriber would add them to a whitelist. If the user failed to do
so after a couple of days, a warning message could be sent out and if
the person again didn't whitelist the mailing list, the mailing list
could unsubscribe them.
Not too bad really.
-Art
That thought also crossed my mind, where only untrusted domains would be
required to Hash Cash / Penny Black (either through a whitelist or
domains that don't have reverse-MX information). Which makes it a bit
more like the real-world concept of "friends are always welcome,
strangers have to show multiple forms of ID before they get past the
front door". A targeted system would make it more palatable as you're
only requiring strangers to do the calculation (or any system that
doesn't seem quite on the up-and-up).
However, it's difficult to currently identify "friends", so any sort of
targeted Hash Cash / Penny Black solution requires other things to be in
place first. (Reverse MX systems, mail servers that sign outbound mail
with a private key that matches the public key in the DNS, etc.)
Seems a shame to waste all those CPU cycles though... pity they couldn't
be turned into encryption cycles of the actual message content.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg