On July 31, 2015 4:51:02 PM CEST, Bill Cole <sausers-20150...@billmail.scconsult.com> wrote: > John Levine wrote a definitive debunking of e-postage schemes > including > hashcash over a decade ago (http://www.taugh.com/epostage.pdf) and > published an update (substantively unchanged) via Virus Bulletin in > 2009 > (https://www.virusbtn.com/spambulletin/archive/2009/03/sb200903-epostage.dkb?mobile_on=no). > > All of his points against e-postage in general and hashcash > specifically > have held up over time.
I've read both links, they both bring the same two arguments: > The technical problems are that some computers are a lot faster than others I see a social problem with this: that in principle it penalizes poor people. But let me restate: As I already said in my other email, for me hashcash seems to make sense where you really need to deliver a particular important, personal email. I don't care for a "fairy dust" solution that would solve sending legitimate mass email (be it mailing lists or ). I'm fine with those being filtered the way they are now. I'm caring to reduce the risk of loss of *important* emails, especially in situations where currently the risk is high, i.e. there's no whitelisting through previous communications. Those cases are few. It's easy to spend even minutes of CPU time on such cases. Or, since the article argues that grandma has a 100 Mhz computer, the ISPs could offer "premium email", where the piece costs a few cents (hey, cheaper than SMS with many providers!), and then run hashcash on a few powerful servers in parallel for a minute with a total CPU budget of several minutes. Now I would expect that ISPs in 3rd world countries would offer hashcash generation for a lower margin, and hence even people there could easily afford sending important mails with hashcash. (If grandma's ISP wouldn't offer "premium email", she'd have to send the email without hashcash, and it would still have a decent chance of deliverability, or she would have to let her computer up for an hour until it is sent. As I said, it would be rare to need it.) Yes, that's when user's clients get the ability to compute hashcash, and ISPs adopt it. I.e. when it really catches on. Before that point, there's a phase where we're experimenting and hashcash doesn't play a big role in spam recognition (and grandma doesn't even come into play). The article argues in an absolute that ignores possible developments. > and that currently spammers have a lot more computer power at their disposal > than legitimate senders do > Furthermore, spammers have vast arrays of hijacked `zombie' computers at > their disposal. Blacklist maintainers report adding 10,000 newly hijacked > computers to their blacklists per day. > No legitimate mailer has anything like 10,000 computers dedicated to sending > mail, much less 10,000 additional computers a day, meaning that it would be > easier for spammers to satisfy hashcash than for legitimate senders. It compares a daily differential in the numbers of hijacked computers worldwide with the numbers of computers available to a single mailer? (How many are *removed* from the blacklists per day, btw?) Please give me actual real numbers and I can do actual calculations. So where's the actual debunking? Christian.