On Sat, Aug 16, 2025 at 6:16 PM Damian Menscher <damian@google.com> wrote:
On Sat, Aug 16, 2025 at 6:08 PM Matthew Petach via NANOG < nanog@lists.nanog.org> wrote:
On Sat, Aug 16, 2025 at 5:47 PM John Levine via NANOG < nanog@lists.nanog.org> wrote:
It appears that Matthew Petach via NANOG <nanog@lists.nanog.org> said:
I think we should take a cue from cryptocurrencies, and have a "proof of stake" type of challenge for email messages sent out. The recipient machine doesn't accept a message until the sender has demonstrated they have put some skin in the game as well.
Dwork and Naor invented that in 1992. Clever idea, doesn't work in practice.
OK, I read the paper through, and they put considerably more thought into the calculation side; however, this paper explicitly calls for a centralized Pricing Authority, which is exactly what I'm advocating *against*.
And this would, in my opinion, be why it's a non-starter. You'll never get a system that requires everyone to adhere to dictates from a central authority.
Instead, I'm advocating for a decentralized, one-at-a-time type approach, where the penalty box is in the time domain, so it's easily implemented unilaterally by the receiving side. It's the very opposite of what the paper you're citing proposed.
Pretty sure what you're proposing is the equivalent of Hashcash? https://en.wikipedia.org/wiki/Hashcash
Ah, very cool! I wasn't aware of that, thank you for the pointer to it! I'm not sure that needing to maintain a database of used hash values would scale very well, though, but I like that it made it into SpamAssassin for a while. The need to manually configure address resources/domain patterns in order for it to be enabled sounds like it may have limited the scope to which it got applied, but that sounds like it was very similar to what I was thinking. Good to know smarter minds than mine already came up with it and tried it out. ^_^; Thanks! Matt