Additionally, we need to clarify this. The spammers do not break C/R per
se, rather they overcome the reverse Turing test AKA CAPTCHA part of it.
The basic point of C/R is to make sure that the originating email
address is valid and in order for spammers to do the scheme described
here, they must have valid return addresses. Therefore, if any spammer
wants to use this scheme, they become more traceable.
Yep, *functioning* return addresses. Which adds some cost for the spammer -
but how small can this cost be? Of course, in the sense that "CAPTCHAs" are
proof-of-work, it highlights a generic issue with proof-of-work schemes in
that they assume that the work is *prohibitively* expensive. This is a way
of getting your "dirty deeds done dirt cheap", invalidating (?) the
assumption. However, I'm not sure that even with a popular porn site,
you're going to solve enough puzzles, fast enough, to support any sizable
spam run.
I'd be interested to know if anyone has actually seen an exploit.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg