Can malicious users undermine CentMail by verifying stamps before the intended recipients do?
In the standard CentMail protocol (described in Section 2.1 of our technical paper) malicious users could in theory sniff a network and verify messages not intended for them, giving the impression that a legitimate user was trying to send spam. Although we believe this type of attack on the system is unlikely, Section 3.1 describes a modified protocol that closes this loophole by requiring senders to specify the intended recipients. • Can spammers cancel payment after procuring stamps? It is paramount that CentMail participants pre-pay for stamps, and do not in effect steal stamps by defaulting on their financial commitments. To a large extent, this situation is avoidable through no-refund policies and enforcing waiting periods to confirm that donations are in fact processed and debited from users’ accounts. • Can spammers get stamps by donating to themselves? Users receive stamps in exchange for donations to charitable organizations of their choice. Here, care must be taken to guarant
