ietf-asrg
[Top] [All Lists]

Re: [Asrg] Please critique my anti-spam system

2004-12-05 14:40:41

----- Original Message -----
From: "der Mouse" <mouse(_at_)Rodents(_dot_)Montreal(_dot_)QC(_dot_)CA>
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Please critique my anti-spam system
Date: Sun, 5 Dec 2004 15:24:47 -0500 (EST)


I have developed a system to eliminate spam.  [...] I would
appreciate any criticism you might have, [...]

http://home.nyc.rr.com/spamsolution/An%20Effective%20Solution%20for%20Spam.htm

It has most of the problems of C/R; in particular, early adopters will
end up spamming everyone whose address is forged into spam to them,
just like approximately all C/R systems in use today.  (This is
unavoidable by any system which sends challenges to new
correspondents.)

You claim it doesn't suffer from the problems endemic to C/R because
you "distribute a fully functional email address".  In that case,
spammers harvest a fully functional email address and spam it.
(Whether they harvest it from a webpage or from a correspondent's
address book or whatever is more or less irrelevant.)  It may go away
the next morning when you wake up to a mailbox full of spam, but your
next address is then promptly harvested from your webpage and spammed.
And $DEITIES help you if you put an address on your business card and
it gets scraped from someone's address book; all of a sudden all your
business cards are worthless (or almost), because they no longer
contain a "fully functional email address".

You are right.  If you insist on keeping an active email address is easily 
harvestable form
on your webpage then this system can't help you in that respect.  This is a 
problem that only
applies to a minority of people (though maybe not a minority of people who 
subscribe to the ASRG).

You can have a thousand different business cards printed up with a thousand 
different valid
sub-addresses.  This may be too savvy for grandma but a business person should 
be able to 
deal with it.

As described, it is completely unusable for the blind, and will not be
as effective at defeating bots as you think - there is some very good
work being done on extracting shape from images, and with synthetic
images such as you describe it becomes duck soup.  (It will defeat
current bots; if it becomes widespread enough to bother, bots will
arise that can defeat it.)  You dismiss the problem of the blind by
suggesting the hire someone to do the work, but you give no reasons why
spammers cannot invest in the same "trifling expense".

I have no proof that my CAPTCHA can not be subverted, but I would be shocked if 
it could.
Please see my example in the second yellow text box.



You are apparently unaware of the work being done to get people to
decode such images by offering them free porn.

Review the statement that I made immediately before I contrast my system with 
other anti-spam systems.


I addressed your other points in separate posts.


Thank you for your critique.

Michael G. Kaplan
-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg