ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Please critique my anti-spam system

2004-12-05 11:39:05
from [Matt Schneider] [Permanent Link]
Hello, there is a standardized reply form out there for these sorts of things, but I couldn't find it right away. 

Anyway, I see several problems with this:
- the sub-address doesn't add anything, it's no different than making up a new email address
- without using this system, you can already set up an autoresponder on old addresses to let people know where to find you
- I don't like that you're supposed to spam everyone you know and they're supposed to immediately drop everything and go change you in their address book (and this expects that grandmothers that are just getting the hang of their AOL will be able to figure this out or even understand what this all means). 

- white listing is nothing new

- challenge/response is nothing new
- if you want to not burden your friends with an initial challenge.. instead of spamming them to change the email address they have for you (still a burden) then why not add everyone in your address book to the "already passed the challenge procedure" list ? 

- CAPTCHA assumes everyone using this system speaks English.
- As soon as a spammer starts getting CAPTCHA responses, they will fire these off to a sweatshop in China or India to have them solved, then they will have live, valid e-mail address, with complete sub-address, that they can now sell to other spammers at a premium.
- Nobody's going to upgrade their own SMTP servers to process bounces from every anti-spam system out there.
So, this is just plain old challenge response, with a CAPTCHA (the actual mechanism of the CAPTCHA is irrelevant), with the added bonus of spamming all your friends on a regular basis and expecting them to perform extra work to keep up with your latest e-mail address.
Let's say I send out 2 inquiries to sales departments about buying something. If one of them sent back this CAPTCHA thing, I probably wouldn't even bother jumping through all the hoops, I'd just go buy from the other place. The moral of this story is, this system can't be used by anyone who places any sort of value on receiving email from non-spammers. 

 - Matt


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] SMTP AUTH, M Z R
Next by Date:  Re: [Asrg] Please critique my anti-spam system, Michael Kaplan
Previous by Thread:  Re: [Asrg] Please critique my anti-spam system, Chris Lewis
Next by Thread:  Re: [Asrg] Please critique my anti-spam system, Michael Kaplan
Indexes:  [Date] [Thread] [Top] [All Lists]