Linus Nordberg linus@nordberg.se writes:
Now I've read that article. I didn't really try follow all the juggling and hand-waving with numbers.
As I understand the conclusions, these are the important points as they apply to us:
1. We must be prepared to use challenges that take several minutes to solve.
2. To make things work for legitimate email, one must use a some "hybrid system" where hash-cash is used only occasionally for legitimate email.
3. The effectiveness depends on many hard-to-estimate factors, such as to number and cpu power of machines "0wned" by spammers.
As for 2., that's exactly what we're doing. For 1., it seems we will make SMTP transactions take considerably longer time, and that "smarthost" MTA:s will easily get into trouble if for some reason the authentication mechanism doesn't work.
Regards, /Niels