At 4:12 PM -0700 5/9/04, Jeff Silverman wrote:
[...]
The receiving MTA would then send a Turing-difficult test to the
erstwhile sender of the message,
How do you expect to figure out who that is?
such as a pointer to a graphic that the sending MTA has to read
(e.g.
<http://www.commercialventvac.com/%7Ejeffs/mail.jpg>http://www.commercialventvac.com/~jeffs/mail.jpg)
or it could be all text that a human still has to parse for example
A H H A RRRR DDDD TTTTTTT EEEEEE SSSSS TTTTTTT
A A H H A A R R D D T E S T
A A H H A A R R D D T E SSSS T
AAAAAAA HHHHHH AAAAAAA RRRR D D T EEEE S T
A A H H A A R R D D T E S S T
A A H H A A R R DDDD T EEEEEEE SSSS T
You are quite completely wrong in assuming that a human is needed to
parse that.
As for the images that are used by some operations now (like Yahoo)
to determine humanity, the spammers have already figured out how to
harness humans to solve them unwittingly. Some people will do
practically anything for pornography.
Of course, you also run right in to issues of what blind people would
do. If you think there are no blind people using email, you are again
quite completely wrong.
Or it could be a sound clip.
An even more naive idea. To the point of qualifying for words like 'stupid.'
Anyone who can see and display a JPEG image can type back in a
character string as long as it sticks to a limited character set like
the mailsafe 64, but identifying a sound is impossible to people with
bad hearing and probably to anyone who does not share a specific
dialect with the test administrator.
The sender of the message takes the test, and puts the answer in
the subject field. This message is sent to the receiving MTA. The
receiving MTA has to go through the message until it gets to the
subject field so that it knows that this is a test and not a message.
Once the sender has passed the test, then the receiver can add
the sender to a white list which is under the control of the user.
I realize I am not very structured - this idea is somewhat half
baked. The user would have three lists of addresses of
correspondents: a white list, which can be passed without further
testing; a blacklist, which can be rejected without further testing;
and a graylist, which must be tested. Whenever a new correspondent
appears, they automatically are added to the graylist by the MTA.
If the user decides that this correspondent is a spammer, then they
can add the user to the blacklist.
There are a couple of problems with this. One is that the
Turing difficult test is language dependent. I am used to thinking
in terms of a roman alphabet, but what if the receiver and the
correspondent are Israeli or Arabic? Another problem is that if
the correspondent were to somehow learn that an address was on the
receiver's white list, then the correspondent could send a message
with that address. The user response in that case would be to move
that address from the white list back to the gray list.
The big advantage of this scheme is that it requires
modification only to the receiving MTA and requires no changes to
the UTAs. My intuition tells me that there are far fewer MTAs than
UTAs and since the MTAs are under the control of sysadmins and not
users, it will be easier to update them.
So, I couple of questions:
1) Does this sound like a good idea?
It's an OLD idea which has proven in practice to be garbage.
What you are talking about is generally referred to as a
'challenge/response authentication protocol' and the acronym is
fitting. I have received dozens of those challenges in the past year
for mail I never sent along with hundreds of normal bounces from mail
systems which accepted mail with my address in the envelope
ONE such challenge to any mail hitting my private domain is adequate
for me to never accept a second piece of mail from that system again.
If such a mechanism became anything like a standard practice, I'd
abandon email.
2) If it is a good idea, then what do we do next?
Drive a stake through its heart so it stops rising from the dead
every time someone new starts thinking shallowly about how to stop
spam.
3) If it is a bad idea, then why is it a bad idea, and can it be
fixed or is it hopeless?
Hopeless.
I recognize that this is a variant on challenge/response, but I
missed most of the discussion of challenge/response and I am not
sure I understand why it is not a good idea.
The archives are open. Years of discussion in comp.mail.* and
news.admin.net-abuse.email are open through Google. Read them. If
reading the prior discussions of challenge/response ideas and
implementations fails to convince you that it is an unsalvageably bad
idea, come back and explain how it can be implemented so as to NOT
generate robotic, bulk, unsolicited email in my mailbox.
There are language dependencies, technology dependencies, and human
ability dependencies. Each is fatal in itself. The recent past of
people adopting these sorts of measures for other media like websites
(where those flaws are subject to some mitigation) has led to an
attack which is intrinsically impossible to overcome: the entity
seeking to automate the test merely hooks the tests up to a proxy
system fronted by something that he can draw a lot of human eyes to,
such as a free porn site. There's no clear way around this.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg