nisse at lysator.liu.se
04 Oct 2004 16:02:49 +0200
Linus Nordberg <email@example.com> writes:
Now I've read that article. I didn't really try follow all the
juggling and hand-waving with numbers.
As I understand the conclusions, these are the important points as
they apply to us:
1. We must be prepared to use challenges that take several minutes
2. To make things work for legitimate email, one must use a some
"hybrid system" where hash-cash is used only occasionally for
3. The effectiveness depends on many hard-to-estimate factors, such
as to number and cpu power of machines "0wned" by spammers.
As for 2., that's exactly what we're doing. For 1., it seems we will
make SMTP transactions take considerably longer time, and that
"smarthost" MTA:s will easily get into trouble if for some reason the
authentication mechanism doesn't work.