Re: hash cash and email

Steve Glassman wrote:
> So you are spammed if you do and spammed if you don't.

ARGHHHHHHH, and it was such a useful idea too!!! :_(

So the current problem is how to handle the 'return to addressee'
spoof.  One possibility is to silently drop 'bad' mail.  When a user
receives the mail, the protocol allows them to send a message back
saying that they got it.  I haven't thought enough about this to decide
if the user should be allowed to generate the replies (probably by
hitting a button) or have it be automatic when they download the
message.  I prefer the former as it allows you to ignore messages
(useful, in case someone does crack your key and wants to see if there
is a real person on the other end).  The latter requires less work on
the users part.  It would probably be a good idea to mix the two in some
way, but I'm not sure how.  Thoughts?  

Also, does this auto reply need to itself use hash cash?  And does this
method make debugging errors in the system so difficult that the whole
thing is unworkable?

> But all of this assumes a world where mail clients are primed to use hash
> cash and we don't have one of those.  In that case, we merely have to solve
> mailing lists...

We might be able to silently drop messages that don't match for
listservers, as you will get back a copy of your message anyways when
the listserver sends out the messages to everyone.  The message coming
back to you would be equivalent to the autoreply.

More thoughts are welcome, especially ones that show weaknesses in the
scheme, or solutions to those weaknesses.

Cem Karan

Received on Thursday, 3 May 2001 11:09:41 UTC