Navigation:  Security Menu > Security Settings > Other >

HashCash

Print this Topic Previous pageReturn to chapter overviewNext page

HashCash is a "proof of work" system that is both an anti-spam tool and a Denial of Service countermeasure similar to an electronic form of postage. Using the HashCash system MDaemon can mint HashCash stamps, which are in effect "paid for" with CPU processing time rather than actual currency. A HashCash stamp is inserted into an outgoing message's headers and then verified by the recipient's email server and weighed according to the value of the stamp. Stamped messages are more likely to be legitimate and can therefore be passed through the receiving server's anti-spam systems. Use of HashCash stamps can help to reduce false positives and prevent messages from being erroneously rejected due to their failing to pass a word-filter or blacklist system.

Spammers rely on the ability to send many hundreds or even hundreds of thousands of messages in extremely short periods of time, and they frequently send a single copy to many recipients by using BCC and similar techniques that do not require a significant amount of processing time for any given recipient. A spammer attempting to use a HashCash system, however, would have to mint a unique HashCash stamp for each recipient each time that recipient was sent a message. This would be highly prohibitive and inefficient for the typical spammer. Conversely, for the typical legitimate mail server and sender, the extra cost in CPU time required to stamp outgoing messages is essentially insignificant and will not affect mail delivery speeds or mail processing time in any noticeable way, especially since outgoing mailing list messages are never stamped.

Stamps are only generated for outbound remote messages that are either from or to the addresses designated on the Mint List, and they are never generated for mailing list messages. Further, by default MDaemon will only generate those HashCash stamps when the message arrives via an authenticated SMTP session. Requiring authenticated sessions is recommended but optional. You can deactivate this requirement if you wish to stamp messages arriving on unauthenticated sessions.

For incoming messages, only stamps contained in messages for recipients designated on the Validation List will be checked for validity. If an incoming message contains a HashCash stamp but the recipient isn't on the list, then the stamp will be ignored and the message will be processed normally as if it didn't contain a HashCash stamp at all. By default, only your Default Domain is contained on this list. Click the Validation List button if you wish to add Extra Domains or domain gateways to it.

For more information on HashCash, visit http://www.hashcash.org/.

HashCash

Mint and insert HashCash stamps into outbound mail

Click this check box to activate the HashCash system. MDaemon will generate stamps for outbound remote messages that are either from or to the addresses designated on the Mint List

…but only if message arrived via AUTH'ed SMTP session

Click this check box if you wish to generate stamps only for those messages arriving on authenticated SMTP sessions. Clear it if you do not wish to require authentication, but this is not recommended.

Mint List

Click this button to open the Mint List. MDaemon will only generate HashCash stamps for addresses on this list. By default only your Default Domain is listed. If you wish to generate stamps for your Extra Domains, domain gateways, or for messages addressed either to or from specific individuals then you will need to add those addresses to the list.

Mint stamps of this many bits (10-32)

This is the bit count MDaemon will use when generating HashCash stamps. The larger the count the greater the amount of processing time required to generate a stamp.

Test

Click this button to test the amount of time required to generate a stamp with the designated bit count.

Check inbound mail for HashCash stamps

Enable this option if you wish to check inbound messages for HashCash stamps and adjust their spam scores based on the results. Only messages with recipients specified on the Validation List will be checked. If an incoming message contains a HashCash stamp but the recipient isn't on the list, then the stamp will be ignored and the message will be processed normally as if it didn't contain a HashCash stamp at all.

Validation List

MDaemon will only attempt to validate HashCash stamps in messages for recipients designated on the Validation List. Incoming messages for recipients who are not on the list will be processed normally. No HashCash stamp check will be performed. Only your Default Domain is listed by default.