On Tue, 2004-05-25 at 07:01 -0400, Patrick O'Callaghan wrote: > On Tue, 2004-05-25 at 16:16 +0800, Not Zed wrote: > > Something will have to happen, spam is costing too much in time and > > resources. So something like a 'secured' internet email backbone will > > develop, although it will require someone like MS to do it, and to > > open the protocol enough for others to use it. Although their > > security record doesn't inspire confidence. > > There are currently at least three recent proposals along these lines: > Pobox.com's SPF (Sender Permitted From), Microsoft's Caller-ID and > Yahoo's Domain Certs.
My favorite solution so far is Hashcash (www.hashcash.org). For each recipient of the message, the sender has to find a random string such that when you append the email address, current time, and that string together, the SHA1 hash of the result starts with some large number of 0s. The resulting "stamp" gets added to the email headers. When you receive the message, you verify the stamp, and based on how many 0s the hash starts with, you can vaguely estimate how much time the sender spent computing it. For normal users, losing a few seconds per recipient isn't really a problem. For spammers, it would be deadly. (Eg, Comcast recently stated that there are 800 million messages being sent by virus-infected spam zombies on its network every day. It would take almost 51 computer-years of work to generate a 2-second hashcash stamp for each of those.) It has some problems they're still working out (eg, mailing lists), but so do all of the other proposals. -- Dan _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
