I think it is a crying shame that every SpamAssassin installation is a tiny step away from taking advantage of hashcash headers, but nothing is prompting mail admins to take that step. We could do it for them.
I sent this to spamassassin-users a while ago, but I think it was the wrong audience. Please read on: A while ago the hashcash list was lamenting the lack of support in transfer agents. They are stuck in a chicken and egg situation where no user agents will add hashcash headers because no spam checkers are looking for them. I think we could bootstrap that process very easily with a simple addition to SA. Configuring my own SA setup to benefit from hashcash headers was as simple as adding "hashcash_accept [EMAIL PROTECTED]". Voila, instant potential benefit. Zero actual benefit, since nobody is adding hashcash headers to their outgoing email, but that's a whole new crusade. I think SA distributions should contain a comment block in "rules/local.cf" along the lines of: # If you use the Hashcash plugin, uncomment this and change it # to suit your domain: # # hashcash_accept [EMAIL PROTECTED] Better still, the Hashcash plugin could determine the domain algorithmically, and use it in the absence of any other hashcash_accept configuration. Schemes for doing that based on the hostname are all half-baked and non-portable, involving trimming components off the host's DNS domain, but just about anything is better than nothing. How about this: use the last three components of the DNS domain if the last component has two letters, otherwise use the last two components. Prefix that with %u@(?:.*\.)? At worst, it will cause the plugin to accept hashcash payments computed for an address with the correct username but at the wrong domain. Hashcash's double-spend protection will prevent the same payment working twice, so I don't see this as much of a loophole. What do you think? At the very least, I would like to see a comment in local.cf or init.pre. I see no reason not to. It is a shame to see so many SA installations a tiny, tiny step away from taking advantage of hashcash. Here are some minor points for Perl programmers and pedants: - I actually use [EMAIL PROTECTED]". I think the hashcash plugin should anchor the pattern at both ends. - More paranoid sites, or those inside .com which is easily polluted, should use "^%u@(?:.*\.)?theirdomain.com$" or just "[EMAIL PROTECTED]" -- _________________________________________________________________________ Andrew Donkin Waikato University, Hamilton, New Zealand
