ietf-asrg
[Top] [All Lists]

Re: [Asrg] Are we allowed to extend the SMTP protocol?

2004-05-10 17:46:40
At 4:12 PM -0700 5/9/04, Jeff Silverman wrote:
[...]
The receiving MTA would then send a Turing-difficult test to the erstwhile sender of the message,

How do you expect to figure out who that is?

such as a pointer to a graphic that the sending MTA has to read (e.g. <http://www.commercialventvac.com/%7Ejeffs/mail.jpg>http://www.commercialventvac.com/~jeffs/mail.jpg) or it could be all text that a human still has to parse for example

   A         H    H     A      RRRR  DDDD     TTTTTTT EEEEEE     SSSSS TTTTTTT
  A A        H    H    A A     R   R D   D       T    E         S         T
 A   A       H    H   A   A    R   R D    D      T    E          SSSS     T
AAAAAAA      HHHHHH  AAAAAAA   RRRR  D    D      T    EEEE           S    T
A     A      H    H  A     A   R   R D   D       T    E        S    S     T
A     A      H    H  A     A   R   R DDDD        T    EEEEEEE   SSSS      T


You are quite completely wrong in assuming that a human is needed to parse that.

As for the images that are used by some operations now (like Yahoo) to determine humanity, the spammers have already figured out how to harness humans to solve them unwittingly. Some people will do practically anything for pornography.

Of course, you also run right in to issues of what blind people would do. If you think there are no blind people using email, you are again quite completely wrong.


Or it could be a sound clip.

An even more naive idea. To the point of qualifying for words like 'stupid.'

Anyone who can see and display a JPEG image can type back in a character string as long as it sticks to a limited character set like the mailsafe 64, but identifying a sound is impossible to people with bad hearing and probably to anyone who does not share a specific dialect with the test administrator.


The sender of the message takes the test, and puts the answer in the subject field. This message is sent to the receiving MTA. The receiving MTA has to go through the message until it gets to the subject field so that it knows that this is a test and not a message.

Once the sender has passed the test, then the receiver can add the sender to a white list which is under the control of the user. I realize I am not very structured - this idea is somewhat half baked. The user would have three lists of addresses of correspondents: a white list, which can be passed without further testing; a blacklist, which can be rejected without further testing; and a graylist, which must be tested. Whenever a new correspondent appears, they automatically are added to the graylist by the MTA. If the user decides that this correspondent is a spammer, then they can add the user to the blacklist.


There are a couple of problems with this. One is that the Turing difficult test is language dependent. I am used to thinking in terms of a roman alphabet, but what if the receiver and the correspondent are Israeli or Arabic? Another problem is that if the correspondent were to somehow learn that an address was on the receiver's white list, then the correspondent could send a message with that address. The user response in that case would be to move that address from the white list back to the gray list.

The big advantage of this scheme is that it requires modification only to the receiving MTA and requires no changes to the UTAs. My intuition tells me that there are far fewer MTAs than UTAs and since the MTAs are under the control of sysadmins and not users, it will be easier to update them.



So, I couple of questions:

1)  Does this sound like a good idea?

It's an OLD idea which has proven in practice to be garbage.

What you are talking about is generally referred to as a 'challenge/response authentication protocol' and the acronym is fitting. I have received dozens of those challenges in the past year for mail I never sent along with hundreds of normal bounces from mail systems which accepted mail with my address in the envelope

ONE such challenge to any mail hitting my private domain is adequate for me to never accept a second piece of mail from that system again. If such a mechanism became anything like a standard practice, I'd abandon email.

2)  If it is a good idea, then what do we do next?

Drive a stake through its heart so it stops rising from the dead every time someone new starts thinking shallowly about how to stop spam.

3) If it is a bad idea, then why is it a bad idea, and can it be fixed or is it hopeless?

Hopeless.

I recognize that this is a variant on challenge/response, but I missed most of the discussion of challenge/response and I am not sure I understand why it is not a good idea.

The archives are open. Years of discussion in comp.mail.* and news.admin.net-abuse.email are open through Google. Read them. If reading the prior discussions of challenge/response ideas and implementations fails to convince you that it is an unsalvageably bad idea, come back and explain how it can be implemented so as to NOT generate robotic, bulk, unsolicited email in my mailbox.

There are language dependencies, technology dependencies, and human ability dependencies. Each is fatal in itself. The recent past of people adopting these sorts of measures for other media like websites (where those flaws are subject to some mitigation) has led to an attack which is intrinsically impossible to overcome: the entity seeking to automate the test merely hooks the tests up to a proxy system fronted by something that he can draw a lot of human eyes to, such as a free porn site. There's no clear way around this.


--
Bill Cole bill(_at_)scconsult(_dot_)com


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg