using PoW + filters to avoid false positives (Re: Re: A Trial Balloon to Ban Email?)
Eric Murray
ericm at lne.com
Fri May 16 13:22:48 EDT 2003
On Thu, May 15, 2003 at 09:56:17AM +0100, Adam Back wrote:
> The limitation with blackholes is it depends on the blackhole
> implementation, some are simply refusing the TCP connection at
> firewall level; others are accepting but giving you a 500 (or whatever
> it is) response code explaining why -- but that is already too early
> for them to have read the X-Hashcash headder. One way around that is
> to include hashcash as an ESMTP address parameter which I understand
> allows you to say things after the RCPT TO, but even that may be too
> late (if they already said go away after the HELO).
There is already a reasonably good proof-of-work mechanism built
into SMTP-- START_TLS.
Any server that is willing to do TLS with mine is very unlikely
to be a spammer. In fact a quick check of about 8000 spams I have
shows that two of them used TLS. (both in the last week. hmm.)
While it's true that the TLS protocol allows a client to subject
a server to a DOS attack by getting the server to do the expensive
crypto operation first (as the Dean & Subblefield paper points out)
in order for a MTA to deliver mail, it's got to complete
the TLS handshake.
So, to fix the spam problem, all we have to do is require START_TLS. :-)
Now, to generate an 8192-bit key....
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list