kent@songbird.com writes: > search on "hashcash" on google? Right. Something along these lines, but with a challenge system that would make double-spending moot and pre-computing useless. If I understand the system correctly, the hashcash system as it is now appears to be vulnerable to attacks that involve pre-computing things (and, e.g., shipping them on the same CD as the rest of the spammer's kit). Not that these are hard to address if there's a protocol negotiation involved (and it is involved anyway). The solution that I mention doesn't involve keeping any databases of old tokens. (In the case of spam, they're mostly useless as you could use the same token with multiple servers.) Note that it would have to work on SMTP level rather than on the header-insertion level as hashcash -- you *want* to have a challenge-response system. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ Sex is the mathematics urge sublimated. -- M. C. Reed.