Re: Spam fights
On Fri, 11 Jun 2004 19:29, Dale Amon <amon@vnl.com> wrote:
> On Fri, Jun 11, 2004 at 10:45:44AM +1000, Russell Coker wrote:
> > It is anti-social for every idiot on the net to think that they are
> > important enough to require a subscription from everyone who wants to
> > send them email.
>
> Like it or not (and I don't) that is where we are
> headed if other solutions to spam are not implimented
> that cover non-NANOG type persons. I strongly suspect
It won't work because challenge-response systems are technically no good.
While CR systems are almost never used because the people who use them are
universally regarded as cretins, the spammers won't bother about trying to
fool them.
If CR systems get popular then spammers will start replying to the messages.
Most spammers have working email addresses, so it would not be difficult to
automate a response to a CR system. Any CR system which just requires that
you "reply to this email" will be trivially broken by spammers.
One CR system I saw used a web page with some obscured text that is
(supposedly) only readable by humans. There are two ways of solving this (if
it ever becomes popular). One way is to make entering such things a
condition for downloading free porn from a porn site (a document on using
porn sites to subscribe to hotmail etc was published some time ago). The
other way is better OCR software.
Finally, a large chunk of spam is entered by humans. The "Nigerian" spammers
often do things manually with cut/paste and don't have software to automate
it (a friend witnessed a "Nigerian" spammer doing this at an Internet cafe).
Such people will get past any CR system that could be devised.
> we'll see a generation of mail systems which greylist
> by default at the very least. Perhaps a future
> secreterial job will be to wade through the muck and
> query the boss as to whether one or two should be
> allowed access.
That is a secretarial job today. Some people (such as Bill Gates) employ a
team of people to filter their email.
> For some people, even the volume of non-spam mail
> could be rather intolerable. Imagine if you were
> Tom Hanks and your private email got out and you
> had to go through thousands of adoring fan mails
> to find that movie contract from your agent...
It's quite easy to search on From: field. Of course you need a decently fast
Internet connection to download all the messages, but I'm sure Tom can afford
that.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: