Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beat Spam Using Hashcash

Posted by timothy on from the variation-on-a-theme dept.

Shell writes "If they want to send spam, make them pay a price. Built on the widely available SHA-1 algorithm, hashcash is a clever system that requires a parameterizable amount of work on the part of a requester while staying "cheap" for an evaluator to check. In other words, the sender has to do real work to put something into your inbox. You can certainly use hashcash in preventing spam, but it has other applications as well, including keeping spam off of Wikis and speeding the work of distributed parallel applications." If you're specifically interested in hashcash for your mail server, Camram has some interesting ideas -- their Frequently Raised Objections page may be illuminating.

5 of 324 comments (clear)

  1. Again? by Anonymous Coward · · Score: 4, Informative

    The previous stories weren't enough?

  2. Re:This doesn't *stop* anything by OverlordQ · · Score: 4, Informative

    In the future (if this takes off), these lists will simply contain the hashes along with the addresses. This temporarily makes the spammers lives a bit difficult, but doesn't have a long term impact.

    Did you even RTFA? If there is *any* sort of time lag from when the Supplier A generated the hashes and sent to the Spammer B and the spammer sends the mail the hash's will become invalid.

    3. The date (and time) a stamp was minted. Stamps in the future and those too far in the past may be judged invalid.

    --
    Your hair look like poop, Bob! - Wanker.
  3. That's covered in the Article. by 955301 · · Score: 4, Informative


    The author points out that a) a date is added to the string to be hashed and b) a database is kept for the day of hashes already used.

    If you include the hash when you pass it out, step a) invalidates hashes of older days and step b) keeps the current days hashes from being reused.

    So it doesn't matter if the spammers share. The hashes are one-times.

    --
    You are checking your backups, aren't you?
  4. Re:Right cause, wrong solution. by Em+Ellel · · Score: 4, Informative

    Joe Sixpack wants to send a mail. If it takes him an hour to parse a key, he's not going to mail his mother anymore.

    The general idea is that it will take a relatively small yet significant time to compute. So for example (also random) 30 seconds. Joe Sixpack will not notice 30 second delay on his computer for one email. However Jack Spammer who sends a million emails will need 500,000 minutes to compute the sums. A huge difference.... until you figure out that Joe Sixpack computer's spyware is what actually doing the computing.

    -Em

    --
    RelevantElephants: A Somatic WebComic...
  5. Re:Greylisting worked for my company by Haegar · · Score: 5, Informative

    Tried it at work - stopped loads of spam, but had to disable it because out there are too many broken smtp servers (on short inspection mostly lotus notes) that think an return code of 4xx is a permanent error and bounce the mail.

    And my boss is not happy when even ONE important mail from a client is not reaching him.

    --
    c'ya haegar