Re: Spam fights

To: Dale Amon <amon@vnl.com>
Cc: debian-security@lists.debian.org
Subject: Re: Spam fights
From: Russell Coker <russell@coker.com.au>
Date: Fri, 11 Jun 2004 20:39:12 +1000
Message-id: <[🔎] 200406112039.12368.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20040611092902.GE2712@vnl.com>
References: <[🔎] 1086855671.11157.24.camel@tower.int-srv.pl> <[🔎] 200406111045.44929.russell@coker.com.au> <[🔎] 20040611092902.GE2712@vnl.com>

On Fri, 11 Jun 2004 19:29, Dale Amon <amon@vnl.com> wrote:
> On Fri, Jun 11, 2004 at 10:45:44AM +1000, Russell Coker wrote:
> > It is anti-social for every idiot on the net to think that they are
> > important enough to require a subscription from everyone who wants to
> > send them email.
>
> Like it or not (and I don't) that is where we are
> headed if other solutions to spam are not implimented
> that cover non-NANOG type persons. I strongly suspect

It won't work because challenge-response systems are technically no good.  
While CR systems are almost never used because the people who use them are 
universally regarded as cretins, the spammers won't bother about trying to 
fool them.

If CR systems get popular then spammers will start replying to the messages.  
Most spammers have working email addresses, so it would not be difficult to 
automate a response to a CR system.  Any CR system which just requires that 
you "reply to this email" will be trivially broken by spammers.

One CR system I saw used a web page with some obscured text that is 
(supposedly) only readable by humans.  There are two ways of solving this (if 
it ever becomes popular).  One way is to make entering such things a 
condition for downloading free porn from a porn site (a document on using 
porn sites to subscribe to hotmail etc was published some time ago).  The 
other way is better OCR software.

Finally, a large chunk of spam is entered by humans.  The "Nigerian" spammers 
often do things manually with cut/paste and don't have software to automate 
it (a friend witnessed a "Nigerian" spammer doing this at an Internet cafe).  
Such people will get past any CR system that could be devised.

> we'll see a generation of mail systems which greylist
> by default at the very least. Perhaps a future
> secreterial job will be to wade through the muck and
> query the boss as to whether one or two should be
> allowed access.

That is a secretarial job today.  Some people (such as Bill Gates) employ a 
team of people to filter their email.

> For some people, even the volume of non-spam mail
> could be rather intolerable. Imagine if you were
> Tom Hanks and your private email got out and you
> had to go through thousands of adoring fan mails
> to find that movie contract from your agent...

It's quite easy to search on From: field.  Of course you need a decently fast 
Internet connection to download all the messages, but I'm sure Tom can afford 
that.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Spam fights
  - From: Vassilii Khachaturov <vassilii@tarunz.org>
- Re: Spam fights
  - From: Dale Amon <amon@vnl.com>

References:
- Spam fights
  - From: Jaroslaw Tabor <jarek@srv.pl>
- Re: Spam fights
  - From: Russell Coker <russell@coker.com.au>
- Re: Spam fights
  - From: Dale Amon <amon@vnl.com>

Prev by Date: Pre-authentication of email is not going to happen
Next by Date: Re: Spam fights
Previous by thread: Re: Spam fights
Next by thread: Re: Spam fights
Index(es):
- Date
- Thread