Re: [Asrg] A CAPTCHA that automatically detects and neutralizes attacks.2005-06-01 19:45:19
Jim Witte wrote:
But doesn't this mean that if my email does get on a spam-list somewhere, and other people have challengebots, then I'll potentially be getting *lots* of challenges. In which case, the 'challenge' email (initiated by the forged spam with my From address) becomes a form of spam in itself. So I either 1) ignore ALL challenges, 2) answer them all, or 3) need some kind of filter to figure out which ones are from legitimate people as opposed to spam-bots.
The answer to this problems is simple (and also outlined on my website - although it does not describe a C/R system there are some structural similarities). First of all any email system that dispatches bounces should only do so after the email has been completely filtered. This will automatically eliminate something like 99% of the spam induced bounces, depending of course on the strength of the filter.
The next step is to have a special bounce filter on the other end to stop innocent people from receiving spam induced bounces. The filter would recognize an incoming bounce and only pass it on to the user's inbox if that user had recently sent an email to the source of the bounce. Enacting this bounce filter would be a simple one-time software upgrade. There really is almost no reason why a person should receive a bounce in response to spam sent with a forged address once bounce generating ant-spam systems become prevalent.
_______________________________________________ Asrg mailing list Asrg(_at_)ietf(_dot_)org https://www1.ietf.org/mailman/listinfo/asrg