[13302] in cryptography@c2.net mail archive
Re: using PoW + filters to avoid false positives (Re: Re: A Trial Balloon to Ban Email?)
daemon@ATHENA.MIT.EDU (Eric Murray)
Fri May 16 13:42:30 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 16 May 2003 10:22:48 -0700
From: Eric Murray <ericm@lne.com>
To: Adam Back <adam@cypherspace.org>
Cc: cypherpunks@einstein.ssz.com, sommerfeld@orchard.arlington.ma.us,
bear <bear@sonic.net>, Matt Crawford <crawdad@fnal.gov>,
cypherpunks@lne.com, cryptography@metzdowd.com
In-Reply-To: <20030515095617.A9475477@exeter.ac.uk>; from adam@cypherspace.org on Thu, May 15, 2003 at 09:56:17AM +0100
On Thu, May 15, 2003 at 09:56:17AM +0100, Adam Back wrote:
> The limitation with blackholes is it depends on the blackhole
> implementation, some are simply refusing the TCP connection at
> firewall level; others are accepting but giving you a 500 (or whatever
> it is) response code explaining why -- but that is already too early
> for them to have read the X-Hashcash headder. One way around that is
> to include hashcash as an ESMTP address parameter which I understand
> allows you to say things after the RCPT TO, but even that may be too
> late (if they already said go away after the HELO).
There is already a reasonably good proof-of-work mechanism built
into SMTP-- START_TLS.
Any server that is willing to do TLS with mine is very unlikely
to be a spammer. In fact a quick check of about 8000 spams I have
shows that two of them used TLS. (both in the last week. hmm.)
While it's true that the TLS protocol allows a client to subject
a server to a DOS attack by getting the server to do the expensive
crypto operation first (as the Dean & Subblefield paper points out)
in order for a MTA to deliver mail, it's got to complete
the TLS handshake.
So, to fix the spam problem, all we have to do is require START_TLS. :-)
Now, to generate an 8192-bit key....
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
