## The Sad State of Hashcash

So today, I received an email from one of the readers of this blog. He wanted to get into OpenPGP with his email, and asked if I could help him get started with some tutorials, how-tos, etc. I was flattered that he valued my opinion. So, I responded to each of his questions and discussion points the best I could. However, during the reply, I reminded myself of Hashcash.

Hashcash is a really slick concept. The motivation is to combat spammers by using your CPU to calculate a SHA1 string starting with the first 20-bits as zeros based on a random number. Basically, a “proof-of-work” system. If the random number, combined with the timestamp and the recipient’s email address, doesn’t provide those first 20-bits of zeros, a new random number is chosen and hashed. Once the random number is found, it’s attached to the header of the email, and sent. The recipient of the email can then hash the full string, and see if the first 20-bits of the resulting SHA1 are zeros. If so, along with some other validity checks, then the hash is considered valid, and you can rest assured that the email was not sent by a spammer.

A valid stamp:

1:20:110303:aaron.toponce@gmail.com::d2e1fcbcbdb8bf08b804b65c4d61f5be:2b1825ea77c0bb82

You can verify this with:

% echo -n '1:20:110303:aaron.toponce@gmail.com::d2e1fcbcbdb8bf08b804b65c4d61f5be:2b1825ea77c0bb82' | sha1sum

Notice how the first 20-bits of the SHA1 hash are zeros? This is a valid hash based on the random number, the email address and the timestamp.

How does this defeat the spammers? Well, because finding the right random number that will produce a hash with the first 20-bits of zeros is computationally expensive. There will be one in at least 2^20 hashes, but the search in finding one is expensive. A modern computer can find one in under a second. But, if you wish to send bulk emails all at once, you need to create a hash “token” or “stamp” for each one. Due to the design of the algorithm to be slow, this will seriously hinder your ability to be efficient at sending bulk mail. Spammers be damned.

The proof-of-idea work is slick. The sender of an email has done the work necessary, and you can easily validate the work is been done much faster than it took to create. However, it appears from the website that all activity on the software has been abandoned since 2006, including updating the web page. Software is hard to find, and for the software that does exist, it’s only compatible with very specific versions of software, leaving old or new software out of the game.

A couple examples.

Penny Post is an extension for Thunderbird. The SourceForge page houses the extension that is only compatible with Thunderbird versions earlier than 3.0. However, there is a Github project working on a Thunderbird 3.0-compatible extension. However, this extension is not compatible with Thunderbird 3.1. The extension page has also been pulled from Mozilla Addons.

Hashcash-sendmail is a Perl script for Mutt. It works by coupling the hashcash binary and the sendmail binary together to deliver your stamped mail. However, if you are using Mutt’s buitin SMTP support, then the Perl script isn’t usable. Also, it appears that the author of the script has lost his domain, and there hasn’t been any updates since 2004, it seems.

Lastly, I have a Windows XP laptop for work with Thunderbird 3.1 installed. Of course, Penny Post isn’t compatible with 3.1, so I’m already out of luck. However, even the Windows Hashcash binaries are out of date by several years.

Nevermind trying to implement it into more popular MUAs, like webmail clients (Gmail, Yahoo!, MSN, AOL, etc.), Outlook, Groupwise, etc. It just doesn’t exist. Yet, SpamAssassin has full support for identifying the “X-Hashcash” email header.

No matter where I look, I reach dead ends. This is unfortunate, because I see Hashcash as a slick way of beating spam, yet it appears that the spammers are laughing all the way to the bank. They’re not worried because no one is using it. And I have a feeling that no one is using it, because no one is developing anything for it. Everything out there is at least 5 years old and aging.

Maybe another slick proof-of-work system will come along. Who knows? I would like to work it into my daily email routine, but it appears that doing so with the current state of affairs is futile. I guess I could work on developing scripts and such that could be easily implemented into various MUAs, but with the amount of stuff I want to do after graduation, I’m guessing it’s fairly low on the priority list.

1. Yann using on | March 4, 2011 at 3:13 am | Permalink

Aaron, so if my spamassassin wants to analyze the content of the mails to see if they are spam, will it have to do that expensive computing on every incoming email too? Or will it assume that every email using this is not a spam – in which case it might be worth for spammers to use hashcash, it if’s a guarantee that it’ll reach the target’s inbox?

2. Niklas SchĂ¶nberg using on | March 4, 2011 at 5:14 am | Permalink

You don’t have to do the computations to validate. As the post say, there is one valid hash in 2^20 so the sender needs to try them until he gets one correct, so on average 2^20/2 tries, but to validate you just need one calculation.

3. using on | March 4, 2011 at 6:34 am | Permalink

@Yann. No, for SpammAssassin, it only needs to run sha1sum on the token that is found in the mail, not calculate a token. Doing the verification takes milliseconds at most. And the point of hashcash is to prevent the spammers from using it, because by design, it’s meant to be slow. If spammers did start using hashcash, you would notice the volume of spam reaching your inbox drop my many, many orders of magnitude. It’s just too infeasible for them to take advantage of if they wish to support their business sending out millions and millions of spam mails per day.