What are the prospects for user-side automation?
If X sends out a weekly newsletter to thousands of people, most of
whom use your system, then X receives thousands of bounce messages
back, requiring individual CAPTCHA decoding, followed by individual
resending of the message, does it not?
It almost sounds as if you expect most newsletters to get bounced.
The newsletter will only get bounced if the specific sub-address used by
the newsletter is deactivated. But yes, inevitably some users will
deactivate the newsletter sub-address after receiving spam.
I've already guesstimated that commercial businesses could likely have
these CAPTCHA manually decoded in a developing country for about 0.1 cent
a piece. The newsletter operator could spend $10 and pay for processing
10,000 bounces a year.
How does your system fare against snooping attacks, wherein any
relevant information such as sender + receiver's email addresses are
routinely harvested from archives, hacked and proxied servers, and
spyware infested computers, and fake bounces are sent back to each
identified sender, containing a spamvertizement? These fake bounces
are always whitelisted, are they not?
I'm not qualified to say how snooping attacks can be prevented,
but I will say that unlike the current system it is not the end of the
world when an email address is harvested since my system anticipates that
spammers will periodically harvest new addresses. Users will deactivate the
sub-address of any harvested address.
I'm not sure what you are describing when you talk about "fake bounces."
I believe that the nature of the bounce problem is not related to
what you are suggesting.
What is the effect of harvesting correct subaddresses by searching for
the replies to the CAPTCHA bounces, wherein the correct subaddress is
visible in the clear?
A person would only decode a CAPTCHA and use that sub-address when
emailing a legitimate contact. I'm not sure how spammers are supposed
to harvest the sub-address from this mundane email correspondence.
What is the effect of bouncing the CAPTCHA bounce back to the CAPTCHA
bouncing recipient, with or without another CAPTCHA attached?
With my system a bounce will never be generated in response to a bounce.
Michael Kaplan
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg