* Daniel Lawson <daniel(a)meta.net.nz> [2004-05-30 23:59]:
Hashcash is useful when it acheives a certain level of penetration. Until then it's not really useful - one of the authors says except 10 years before you can use it to filter mail reliably!
The same goes for SPF, though.
It protects me slightly against an infected internal machine sending zillions of spam - or maybe it just renders my MTA unusable while it deals with the processing load.
Verification is very cheap, only generation is costly.
Or, the trojan/worm has it's own SMTP engine and bypasses my MTA completely, and I get no protection from that anyway.
Any of the hops along the way and the recipient himself can verify or reject the hash.
Or you might find that spammers just increase their bot network and you end up with more MTAs crawling to a halt as they get hit with a ten or hundred fold increase in spam rates, and have to perform these hash calculations on every connection - tying up CPU, memory, file descriptors, and so on.
Actually, while you miss the real point here (because verification is almost free, while generation is costly), you raise an issue I had not thought of: sending a million mails might be prohibitively costly in terms of CPU if you only unloaded them from a single machine, but hardly noticable if you're in control of a bot network.. -- Regards, Aristotle "If you can't laugh at yourself, you don't take life seriously enough."