http://research.microsoft.com/research/sv/PennyBlack/
The Penny Black project... Recipients would aggressively safe-list good
senders. (The instant messaging buddy list?)
Penny Black is hashcash. When I talked to Cynthia Dwork, who I've known
for a long time, at CEAS last summer, she and I agreed that zombies make
hashcash ineffective. This is a separate issue from the question of
sender authentication for whitelisting which signatures should address.
The ticket scheme involves creating a ticket service that would issue
tickets, which can then be submitted with an email message.
This is a flavor of epostage. Like all forms of epostage, it doesn't
scale to a mail system large enough to be interesting.
Indeed, any scheme that requires a callback per message has severe scaling
problems. One category of scaling problem is on large senders who'd have
to maintain rapidly updated databases of valid or invalid messages, of a
size and performance which I've concluded is far beyond the state of the
art. (Lots of queries are a problem we've solved for DNS, but lots of
updates kill you.) The other category of scaling problem is for us poor
suckers whose addresses are often forged. Today I'm having enough trouble
dealing with bounce storms, and I do not want to have to solve other
people's problems by dealing with their callback storms as well.
For a whole lot of discussion on the merits and shortcomings of per
message callbacks, see the mail archive of the SES group that's trying to
do remotely verifiable signatures in 2821 bounce addresses.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.