A while ago the hashcash list was lamenting the lack of support in transfer agents. They are stuck in a chicken and egg situation where no user agents will add hashcash headers because no spam checkers are looking for them.
I think we could bootstrap that process very easily with a simple addition to SA. Configuring my own SA setup to benefit from hashcash headers was as simple as adding "hashcash_accept [EMAIL PROTECTED]". Voila, instant potential benefit. Zero actual benefit, since nobody is adding hashcash headers to their outgoing email, but that's a whole new crusade. I think SA distributions should contain a comment block in "rules/local.cf" along the lines of: # If you use the Hashcash plugin, uncomment this and change it # to suit your domain: # # hashcash_accept [EMAIL PROTECTED] Better still, the Hashcash plugin could determine the domain algorithmically, and use it in the absence of any other hashcash_accept lines. Schemes for doing that based on the hostname are all half-baked and non-portable, involving trimming components off the host's DNS domain. However just about anything is better than nothing. How about this: use the last three components of the DNS domain if the last component has two letters, otherwise use the last two components. Prefix that with %u@(?:.*\.)? At worst, it will cause the plugin to accept hashcash payments computed for an address with the same username at a different domain. Hashcash's double-spend protection will prevent the same payment working twice, so I don't see this as much of a loophole. Spammers still won't have enough CPU. What do you think? At the very least, I would like to see a comment in local.cf or init.pre. There is no argument not to. It is a shame to see thousands of SA installations a tiny, tiny step away from taking advantage of hashcash. Minor points, for Perl programmers and pedants: - I actually use [EMAIL PROTECTED]". I think the hashcash plugin should anchor the pattern at both ends. - More paranoid sites, or those inside .com which is easily polluted, should use "^%u@(?:.*\.)?theirdomain.com$" or just "[EMAIL PROTECTED]" -- _________________________________________________________________________ Andrew Donkin Waikato University, Hamilton, New Zealand
