You've heard of hashcash, naturally.
And exactly how long do you expect it will take for spammers to
install a hashcash computing trojan on their 5 million zombie PCs?
There are 5 million zombies, perhaps, but there are many *more*
legitimate e-mail users.
If you want to analyse hashcash's effectiveness, you should read
Richard Clayton and Ben Laurie's paper which uses real numbers
from a medium-sized ISP to show that it cannot be made to work.
Yes, I've read it. It assumes naive PoW is in use, but what I'm
talking about is *not* naive PoW - it gives a significant advantage
back to legitimate users, by eliminating virtually all the processing
overhead (it goes down to a few SHA-1 hashes and an RSA encrypt) from
repeat contacts between consenting parties.
That means the hashcash threshold value can be set based on the impact
on spammers (who are *not* making repeat contacts, except for the
0.003% response rate), instead of having to watch out for legitimate
users so much. Of course, we still have to watch out for the classes
of users for whom generating even one stamp could be a significant
hardship, but the solution there is upstream infrastructure to help
them generate the stamp, not to reduce the stamp size and dilute the
benefits.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg