ietf-asrg
[Top] [All Lists]

[Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?)

2003-05-29 12:20:50
TitanKey (mentioned by Peter Kay, it's President in an earlier mail
concerning IPR) seems to be employing a slight twist on the Challenge
and Response process that is commonly used by many others. (see:
http://www.titankey.com/)
        While the process of generating challenges in response to
"unknown" senders is normal, TitanKey claims that they do something
unique in that in addition to the challenge mail, they also respond to
the original mail by issuing a permanent "user unknown" SMTP error. They
have filed at least one patent application for this process.
        TitanKey claims that this tiny modification to normal C/R
procedure results in a "massive" improvement in the utility of challenge
and response systems since spamming software won't be able to
distinguish between real "user unknown" errors and the fake ones issued
by TitanKey. Since spamming programs typically respond to a permanent
SMTP error by removing that email address from the list of active
emails, you shouldn't ever receive more than one email from any one
spammer... Given that the "reply-to" addresses used by spammers are
usually false, the spammer will never see the challenge message which is
sent after the SMTP error is generated, thus, they can't do any analysis
of the challenges to determine which "user unknown" errors were "faked"
and which were real. 
        Whether or not this works, it is somewhat disquieting to think
that the "solution" to the problem is to have our servers violate the
SMTP protocol by sending false status codes. (Note: This would seem to
call into question the claim on the TitanKey website that "The Titan Key
follows all SMTP standards.") On the other hand, if it works, it
works...
        Should we add "prevaricating servers" as one of the methods in
the taxonomy of potential solutions? I can imagine the marketing slogans
now: "My server lies. Does yours?" Or, "Our server lies better than
yours does." "Honesty will get you nowhere..."

                bob wyman

Note: You can find the TitanKey patent online at:
http://l2.espacenet.com/espacenet/viewer?PN=WO0116695&CY=ep&LG=en&DB=EPD
Click on the link at "Requested Patent" to see the images.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>