headers
Aaron Toponce | 31 Aug 16:47
Picon
Gravatar

Exchange mucking with the headers

I've come to the knowledge that Exchange is mucking with the mail headers,
stripping out any duplicate fields. This is troublesome for me, as sending
a mail to multiple recipients, means minting many Hashcash tokens, and
placing each token in the header with "X-Hashcash". There may be more than
one present. However, Exchange changes "X-Hashcash" to "x-hashcash", and
removes any dupe "x-hashcash" fields.

I could stamp each mail upon delivery, rather than mail creation, but that
would meach changing the way I handle SMTP with Mutt, and that's not
something I'm really interested in persuing. AFAIK, there is no "standard"
against duplicate header fields, so my multiple "X-Hashcash" tokens should
be just fine.

Has anyone else noticed this? Is there a server-side setting on Exchange
that prevents Exchange from mucking with the headers?

Thanks,

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
Permalink | Reply | 7 comments |
headers
Eric S. Johansson | 30 Jun 16:10

ways of integrating into Thunderbird

http://sourceforge.net/apps/mediawiki/attachreminder/index.php?title=Main_Page

it seems to me that we could repurpose this plug-in as a way of adding proof of 
work stamps. One potential problem might be the time it takes to generate stamps 
and how long we get in the user's way.

Have folks seen better Thunderbird plug-ins we could repurpose?
Permalink | Reply | 3 comments |
headers
Andreas Mattheiss | 28 Jun 23:30

hashcash-sendmail breaks up long stamps@@sig

Hi,

hashcash-sendmail appears to struggle with long stamps.

When i issue

hashcash -m -b20 -r andreas.mattheiss <at> xxxxx.xxxxxx.xxx

I get 

hashcash stamp: 1:20:110628:andreas.mattheiss <at> xxxxx.xxxxxx.xxx::LvM42IeOvGyF8fIY:0000000000000000000000000000v3E

(The xxx are not what was used for minting the stamp) 

So far so good. If I have hashcash-sendmail do that for me, I check the
logfile

Tue Jun 28 22:11:09 2011 hashcash-sendmail[6304]: made token X-Hashcash:
1:20:110628:andreas.mattheiss <at> xxx.xx::ZD6WiVAJVEPAJCs6:0000000000000
0000000000000000000000005QGb

This displays awkward here; in fact there are two spaces after the group
"0000000000000" and "0000000000000000000000005QGb" in the logfile; maybe
you want to try it with a slightly longish email adress and
check the logfile yourself. At least it displays like that, and there must
be something amiss, since procmail gets back to me with

------ pipe to |/overspill/sekundaer/bin/procmail /home/andreas/.procmailrc
       generated by andreas <at> localhost ------
(Continue reading)

Permalink | Reply | 3 comments |
headers
Łukasz Stelmach | 22 Jun 13:13
Picon
Picon
Favicon

passthrough mode, feature request

Hi.

I started using hascash quite recently and as it happens I already have
found one missing feature: passthrough mode. It is a mode of operation
found in the Bogofilter software. A programme in this mode acts as
a filter and inserts a header that holds information that can later be
used by an MDA (e.g. procmail). For example Bogofilter headers look like
these:

 X-Bogosity: Unsure, tests=bogofilter, spamicity=0.887269, version=1.1.5
 X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.1.5
 X-Bogosity: Ham, tests=bogofilter, spamicity=0.157896, version=1.2.0

Hashcash could insert X-Hashcash-Info (e.g.) for every X-Hashcash
found. The header might contain

* actual number of bits "spent"

* "double spend" test results

* stamp's age (this is redundant but makes filtering with procmail
  easier)

* all the information from the X-Hashcash except the rand and counter
  fields

The difference between X-Hashcash and X-Hashcash-Info is that the latter
can be truested by MDA during classification as it is first removed by
hashcash and then created again.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Aaron Toponce | 19 Jun 23:16
Picon
Gravatar

[MS-OXPSVAL]: E-Mail Postmark Validation Protocol Specification

Curious if anyone has read over this, and what their thoughts are. This is
Microsoft's implementation of a proof-of-work system, similar to Hashcash
(I hesitate to call it a "derivative").

http://msdn.microsoft.com/en-us/library/cc433493%28v=exchg.80%29.aspx

From what I can tell, the protocol is covered by a royalty-based patent,
which will prevent any Free Software implementations. What I find
interesting, is the recipients, sender and subject are encoded into a
base-64 string. What's the purpose of this? base-64 encoding doesn't add
any significant time to the processing, and it's trivial to reverse getting
the original data.

Anyway, just curious.

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
Permalink | Reply | 0 comments |
headers
Eric S. Johansson | 14 Jun 19:03

hashcash on wordpress

did you know about this?

http://wordpress-plugins.feifei.us/hashcash/
Permalink | Reply | 5 comments |
headers
Mike Shaver | 29 Apr 21:00
Gravatar

Re: patch for mozilla thunderbird requested

Sorry for the delay getting back to you; copying some Thunderbird mavens here.

----- Original Message -----
> I wonder if we could get somewhere by asking on thunderbird-dev list.
> 
> Mike do you know anyone with an interest in anti-spam, hashcash types
> of things from thunderbird side of mozilla?
> 
> We want to wrap up this ages old bug mentioned below that has been
> bouncing around for ages and actually implement something! We can do
> the hashcash
> library part we lack thunderbird programming experience.
> 
> btw something that may help the attractiveness is if hashcash library
> supports also the microsoft hashcash spec [1] - its free to use and I
> think open source compatible even unusually for anything microsoft
> related.
> 
> While they basically adaopted hashcash the serialization is
> incompatible. I'll volunteer to code that spec and add it to hashcash.
> 
> hashcash already has both a library (libhashcash.a/hashcash.dll and a
> command line tool and an example program using the library -
> example.c) (Note you want to get the pre-release if you want to try
> the example.c it
> suffered bit rot I noticed).
> 
> Adam
> 
> [1]
(Continue reading)

Permalink | Reply | 1 comment |
headers
Eric S. Johansson | 16 Apr 18:05

Re: Mentor needed

On 4/16/2011 9:40 AM, Steve Baker wrote:
> But isn't the hashcash technique doomed to failure because:
Forgive me if I seem little cranky but these questions are are equivalent of 
global warming deniers although I call them "geeks bad at math"  yes, it can cut 
both ways and it's part of the territory. :-)

> a) These days, spam is mostly emitted by botnets where the spammer has
> vast compute reserves and doesn't have to pay for it.  Hence this system
> encourages botnets by giving spammers even more incentive to use them.

1) if you sit down and work through the numbers, you'll find that the masses 
been generated in the world today can be generated by a very small number of 
machines.

Daily Spam volume / seconds in a day  is  Spam messages per second
10 billion messages per day works out to roughly 116 messages per second

Divide by the number of messages per machine per second and you end up with a 
very small number of machines.  what conclusion would I draw from this? I would 
say you're asking the wrong question. Instead of encouraging spammers use more 
machines, I would ask why don't we have more spam today since the number of bot 
nets machines greatly outnumber the number needed for generating the daily Spam 
volume.

2) I argue that the limitations we are seeing in spam volumes are economic 
rather technical in nature.  The primary effect of a proof of work system 
against spammers is reduction of income through increasing opportunity cost. It 
takes longer to send the same volume of messages which reduces their income per 
minute.  By increasing costs (i.e. sending one message every 60 seconds versus 
thousands of messages per second), we can significantly drop spammer revenue
(Continue reading)

Permalink | Reply | 1 comment |
headers
Eric S. Johansson | 16 Apr 08:34

Fwd: Mentor needed

What I sent

-------- Original Message --------
Subject: 	Mentor needed
Date: 	Fri, 15 Apr 2011 23:33:02 -0700 (PDT)
From: 	esj <esj <at> harvee.org>
To: 	mozilla-labs <mozilla-labs <at> googlegroups.com>

a few of us on the hashcash mailing list were talking about how we
could add proof of work postage systems at the client end.  We are
willing to do the work necessary for this effort but we're kind of
like the joke about the bachelor backwoodsman[1] and can't figure out
how to get started.  We could use a mentor to help us get oriented and
help with solving some of the problems that we may encounter.

If there is someone available to help us, please let me know or join
the hash cash mailing list hashcash <at> freelists.org and start up a
conversation.

For those with long memories, this kind of request has been made a few
times over the years but we never pushed hard asking for the kind of
help we needed. So, we really want to make this happen, we also really
need the help to get started.

--- eric

[1] the joke about the bachelor backwoodsman has him complaining to
another backwoodsman about how he can't make anything from these fancy
cityfolk recipe books. After all, they'll start out with "take a clean
plate" and that stops him right there. We do need a bit of help
(Continue reading)

Permalink | Reply | 0 comments |
headers
Adam Back | 6 Apr 18:39

about thunderbird patch...

Does anyone subscribe to the thunderbird dev list?  

Would someone be interested in subscribing and seeing if they can drum up
interest in helping with the thunderbird part of the plumbing to put
hashcash suppport into thunderbird?  (Or create a patch to do that).

Presumably this could be done via hashcash library, or just direct - its
fairly simple given access to a SHA1 library, key value store (like berkely
db etc), and mail parsing library that thunderbird will have.  Seems like
most ingredients are already in thunderbird. 

Adam
Permalink | Reply | 1 comment |
headers
Bas Steendijk | 31 Mar 15:20

patch for mozilla thunderbird requested

in the feature request to add hashcash in mozilla thunderbird,

https://bugzilla.mozilla.org/show_bug.cgi?id=229686

which currently has status "WONTFIX", after i countered the arguments that 
caused it to get that status, the following happened:

i gave argument:

"this request is not about adding the 16 MB library, but about adding 
hashcash, which is simple and can be implemented in little size."

Ludovic Hirlimann then posted:

"Please provide a patch so we can figure out how much this would add and 
then decide if we want it in the product or not."

i'm asking hereby if someone can produce a patch to add hashcash to 
thunderbird, and post on there.
Permalink | Reply | 6 comments |

Gmane