"Michael Kaplan" <mkaplansolution(_at_)lycos(_dot_)com> wrote:
No. The CAPTCHA based addresses are worth much more than an ordinary
address. The CAPTCHA addresses don't filter spam, mail sent to them
are guaranteed to be seen prominently by the recipient. So a spammer
only needs to send 1000 spams to find a gullible person who'll respond.
These CAPTCHA based addresses are nearly worthless as compared to an
ordinary email address. A spammer can use an ordinary email address
for years.
With a very low delivery rate.
A spammer can pay 0.1 cent to have a sub-address decoded but the
receiver will almost certainly deactivate this sub-address after the
first time they receive spam.
So the spammer has a big incentive to hit it hard, with many spams at
one time, for guaranteed delivery. It's still worth something.
Also there is no concern that any service that decodes the CAPTCHA
on behalf of a commercial entity will then secretly sell the list to
spammers.
There clearly is concern, since some of us have expressed it.
Paypal could have a company decode 20,000 of these CAPTCHA. If this
list was given to spammers then it would be instantly obvious what
happened after the Paypal customers instantly deactivate these newly
decoded sub-addresses in response to spam. The customers would also
know that the spam was sent using a sub-address sent to Paypal; go
see Reflexion.net and how each email will list the original owner of
the sub-address whenever that sub-address is used by an unknown
entity.
So Paypal loses. But if it was the "Joe's Cheap Nigerian
CAPTCHA-Decoding Company" that Paypal used who was actually stealing
and selling the addresses, Paypal got screwed. True, that company
will go out of business, to be replaced by "Mike's Cheap Nigerian
(etc.)"
Or maybe they'll just sell the addresses of their ex-customers, or
people who haven't done enough business lately.
Or if a few big users of Paypal wanted to screw Paypal, they could
release some sample of Paypal addresses, which (if they play the right
statistical games) would be very hard to trace back to them, and again
Paypal looks guilty.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg