Wouldn't the newsletter operator first have to obtain the specific
sub-address from each receiver (assuming your system is widely deployed)
at least once? That's a thousand bounces (ie number of recipients) right
at the start.
The address is provided by the recipient when they sign up for the newsletter,
just like what is done now.
Also, there are privacy implications in outsourcing the processing of
sensitive email messages to cheap third parties?
Outsource the CAPTCHA, not the entire message.
What happens if a
Nigerian spammer outfit offers 0.1 cent per bounce processing, and
keeps a record of these bounce messages, reads each CAPTCHA and
compiles a clean set of email addresses which are guaranteed to accept
spam messages?
In the critique section of my webpage I detail how tremendously
costly this would be for spammers.
Each such deactivation generates a number of automatic CAPTCHA bounce
messages for people trying to contact that sub-address. The more
snooping occurs, the higher the frequency of deactivation, and the
higher the amount of work on senders. However, snooping implies
guaranteed spam delivery, so is much more valuable than ordinary mail
address harvests, and is easy to do with a distributed infrastructure.
I'll leave others to comment with more knowledge, but I doubt that
snooping occurs with such an extreme degree of frequency that it would
disable this system. This system is ideal for dealing with an address
that is occasionally snooped.
The existence of these CAPTCHA messages are an inherent security risk,
because they are allowed to be passed to the receiver's inbox without
checks of any kind, on a priority basis, provided a weak set of
credentials is bundled. This weak set of credentials consists of
a public email address identifying the purported sender, if I understand
your proposal correctly.
The obvious line of attack given the above is as follows: A spammer
writes a CAPTCHA containing an advertisement rather than a
sub-address, and inserts as the sender of this fake CAPTCHA an email
address which is likely to belong to the receiver's whitelist.
Sometimes, this fake CAPTCHA is blocked because the inserted address
is not on the receiver's whitelist, but this doesn't matter to the
spammer as the mail did not cost him much to send. Sometimes, the
inserted address belongs to the receiver's whitelist, in which case the
advertising payload gets priority treatment, bypassing all spam defenses
as it could be a legitimate challenge.
An email service provider that has not no accommodation to my system
would treat a fake bounce just like any other piece of spam, ergo the spammer
would have no incentive to fake a bounce.
An email service provider that has accommodated my system will treat a fake
bounce
just like an erroneous bounce. The bounce white list will only allow in
bounces
coming from an address that the user had emailed within the past few hours.
The fake bounce will never be seen, ergo the spammer would have no incentive
to fake a bounce.
Perhaps you are unaware of the fact that email is much like a
postcard, without the stamping security measure. Anybody at any time
can read messages, or in fact modify them in every way, so long as
they are located within the relevant mail path. The honour system
is the only widespread protection in existence.
Valid sub-addresses can also be harvested automatically on users'
computers by spyware. Valid pairs of (sender/receiver) addresses can
be harvested from public archives of mailing lists, and such pairs can
be used to send spam disguised as a fake CAPTCHA challenge as
described above.
I don't have to hypothesize about the efficacy of multiple sub-addresses.
Zoemail and Reflexion users have many satisfied customers.
I don't mean to flood the list with postings concerning my system,
but since my initial posting I've only been responding to follow-up
posts. Although flaws exist, I am pleased (at least in my view) that
no killer flaws have been illuminated, and that no reason has been
given why it wouldn't be highly efficacious at blocking spam even when
employed by a massive number of people. Much of the concern seems focus
on inconvenience to people who do not use the system, and I still can't
bring myself to believe that this inconvenience is severe enough to kill
the system, especially given the severity of the spam problem. I accept
that others feel differently.
Michael Kaplan
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg