Sending again, because first attempt did not get posted to list...
Bcc: some
Also, correct an order of magnitute typo below which makes my response even
more convincing!
I strongly feel we must pre-empt at the client as well at the server. Please
support SenderKeys (or something like it) and also of course I strongly support
SPF. Note AccuSpam has announced intention to create SenderKeys+SPF aware
plugins for Outlook and Eudora and help populate the marketplace.
At 09:45 AM 8/28/2004 +0100, you wrote:
On Sat, 2004-08-28 at 08:36, AccuSpam wrote:
Note that Microsoft has made public announcements about the future value
of "hashcash" technique, where the cost of sending is increased by apply
some computer algorithm. Note that public key cryptography at the MUA with
huge keys is a way to accomplish this.
I think hashcash is a dead end as an anti-spam system. Spammers have
armies of zombies that can do the calculations for them, so it will
inconvenience spammers much less than legitimate bulk mailers.
Yes I am aware of that, but consider this counter-point which ties specifically
into the requirement to per-user cryptography anti-forgery:
If you increase the calculation cost to say 15 seconds (0.25 min.) on average
client, then it does not inconvenience the average sender much, *and* you tie
the Sender, Recipient, and body to the signature, then the spammer has to
calculate this for every combination. Given 22 billion spams per day for whole
internet now (estimated from BrightMail.com's 16% share), and assume they have
1 million zombies, that is 22,000 * 0.25 = 5500 minutes = 92 hours of computing
time per day per zombie.
Thus "hashcash" can be very effective at eliminating the zombies, because if a
zombie loses 92 hours a day or processing power, I am confident the owner of
the zombie will take action. :)
If I was Microsoft I would be stupid not to leverage their majority marketshare
in clients, and minimize the leverage of internet-wide (non local network)
servers where they are minority.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com