-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Coffey, Neal wrote: > decoder wrote: > >> Mailing lists dont stamp anything. Read the hashcash FAQ part >> about mailing lists. > > Ok; you're right. Apologies for not reading up on it better. > Reading through the whole FAQ, though, it still leaves me with the > impression of being far less than ideal. Which is not to say that > any solution is perfect. But it seems to have little utility in > stopping spam from getting to my inbox. It might stem the tide, > but it doesn't help detection any, since it's entirely possible for > spam to have a valid hashcash header. >
You are missing the point, hashcash is not a way to detect spam. Hashcash will not increase the score of a spam mail. Hashcash is only a way to decrease a possible score of ham (or letting it through completely, as one wishes) to ensure that a mail arrives even if false positives from, for example, an rbl, strike. The whole system is thus not meant for spam detection but only as a measure to increase the probability that valid mail reaches its destination. > In fact, if a valid hashcash header is used to fast-track mail > around the more rigorous tests (as the FAQ seems to suggest it > should[1]) that actually sounds like a win for spammers to me. > Sure, the volume they can send is lower, but now the mails they > send are trusted that much *more*. > You don't need to autotrust these headers, for example the default spamassassin config only scores about -0.7 for a 20 bit stamp. And if you increase the bits, the score increases. > On top of that, it adds another client-side step to signing up for > a mailing list, one that's going to be different for every mail > client, and I personally have no fondness for a solution that > requires the recipient to do anything like that. There are users > who barely understand folders in their inbox, let alone rules and > filters. That is what I was saying, trying to do this on a per client basis is not a good idea. That's why I wrote this plugin for MTA level stamping. No user interaction required there anymore > > Is my understanding wrong? I hope there's just something else I'm > not understanding. > > > > [1] "Your mail has a form of postage on it -- the hashcash stamp -- > and sails through anti-spam check-points." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE44ETJQIKXnJyDxURAj9PAJ9x0u3nCSFvFXBzJFkY+8M5mpl8kQCfRC6x lWPUVY/TukUOkaauQagYgtU= =jduV -----END PGP SIGNATURE-----
