Hi, Making a sender spend some time on a hash is not a new idea, but nobody seems to have come up with something useful and feasible. I have implemented something that I hope will be convenient and simple enough for users, but make life expensive enough for spammers that they will go away.
I have implemented something (preliminary) in Python (my first time using it so the code may not be the best). It acts as a proxy SMTP server, and is also run to check mail before it is delivered. I did it as a sort of proof of concept. The real place for this code would be in TMDA, in my opinion, as it does all the stuff I need already except the stamping. My scheme has two halves: Effort Stamps (proof that your computer spent some time solving a problem), and Friend Stamps (proof that you know a secret a friend gave you). Effort Stamps are only used if you don't have a Friend Stamp. Friend Stamps and Effort Stamps can be transparently handled behind your back if implemented properly. Effort Stamps are proof that you solved a problem. The problem is created from the email you wish to send, and is done in such a way that it is very hard to predict what the problem will be. Much harder in fact than solving the problem itself. ie. There is no challenge-and-response. The challenge is determined automatically before sending, in a safe way. The idea is to add this in a way that should make it either completely transparent to everyday users, or such a small change that it won't matter. To this end, everything should work on either the MTA and MDA, or on the client, or all combinations of both. Friend stamps should also work with mail lists so their load doesn't increase. I am really busy with work at the moment, and have decided I should publish what I have now rather than later, as I won't be able to put serious time into this for a few more weeks. I welcome any comments on this scheme, so feel free to poke around. :-) Here are the caveats: 1) Friend stamps aren't done yet, so suggestions are welcome, but don't bother pointing out implementation problems - I am still deciding on how exactly they should work, and I know they are broken already. :-) 2) The test and example code is very simple - it is a proof of concept. Much work remains to be done, but the actual Effort Stamping code does work. 3) Mail lists are a problem because they all behave differently. I would welcome ideas on how to ensure I always know the following from the headers: a) The source sending to the mail list b) The mail list address c) The address the list is sending to (ie.. my address). With those, the necessary stamps are easy to make. If this can't always be done, then I guess I can live with defining some headers that mail list operators can add themselves. Friend stamp "definitions" (used to make real Friend stamps later) will be added by a MDA, MTA, or client to _received_ mail. The idea is that when a user replies, the stamp stays in the headers and ends up being given to the other party. In other words, when Alice mails Bob for the first time, Bobs MTA, MDA, or client will add a Friend Stamp definition to the incoming mail. When he replies, Alice will get the Stamp and be able to use it to make stamps to talk to Bob in future without burning CPU time. Stamps are added to received mail because many people use separate outgoing and incoming SMTP servers, and the incoming server has to check the mail. The code and more explanation can be found in: http://www.mythral.org/~ray/es/EffortStamps.tgz A first attempt at a FAQ is at: http://www.mythral.org/~ray/es/FAQs Please excuse the lack of fancy web pages. I am swamped with work. I welcome any comments. Thanks, Ray _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
