No. The CAPTCHA based addresses are worth much more than an ordinary
address. The CAPTCHA addresses don't filter spam, mail sent to them
are guaranteed to be seen prominently by the recipient. So a spammer
only needs to send 1000 spams to find a gullible person who'll respond.
These CAPTCHA based addresses are nearly worthless as compared to an
ordinary email address. A spammer can use an ordinary email
address for years.
With a very low delivery rate.
A spammer can pay 0.1 cent to have a sub-address decoded but the
receiver will almost certainly deactivate this sub-address after the
first time they receive spam.
So the spammer has a big incentive to hit it hard, with many spams at
one time, for guaranteed delivery. It's still worth something.
Let's do the math. A spammer finds 5% of his spam reaches people.
So he needs to send 20 million spam a day to get a guarantee of
1 million successful spams. This costs his almost nothing.
Or he can guarantee delivery to 1 million people by
decoding one million CAPTCHA at a cost of $1000 a day,
adding up to $365,000 dollars of additional expense per
year. But wait! The spammer is given a 2:1 ratio of bogus
to real email addresses, and he must pay to decode these bogus
CAPTCHA. Now he has over 1 million dollars of additional yearly
expenses that he never had before, and he's not even one of the
really big time spammers.
I'm not saying that my system will put an end to email marketing.
People get junk postal mail and telemarketers call their homes.
Marketing will still exist, but marketing is not the same as spam.
Paypal could have a company decode 20,000 of these CAPTCHA. If this
list was given to spammers then it would be instantly obvious what
happened after the Paypal customers instantly deactivate these newly
decoded sub-addresses in response to spam. The customers would also
know that the spam was sent using a sub-address sent to Paypal; go
see Reflexion.net and how each email will list the original owner of
the sub-address whenever that sub-address is used by an unknown
entity.
So Paypal loses. But if it was the "Joe's Cheap Nigerian
CAPTCHA-Decoding Company" that Paypal used who was actually stealing
and selling the addresses, Paypal got screwed. True, that company
will go out of business, to be replaced by "Mike's Cheap Nigerian
(etc.)"
Or maybe they'll just sell the addresses of their ex-customers, or
people who haven't done enough business lately.
Or if a few big users of Paypal wanted to screw Paypal, they could
release some sample of Paypal addresses, which (if they play the right
statistical games) would be very hard to trace back to them, and again
Paypal looks guilty.
Paypal may have an occasional security breach, but they are not going
to have major security breaches every single day.
Also how many deactivated addresses would a large company
like Paypal have to deal with each year? 100,000?
A single spammer would need this many to sustain himself for
a single hour. And the list cannot be sold to other spammers
since almost every address on the list will be deactivated after
the first large wave of spam is sent out.
Michael Kaplan
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg