So of course, this CAPTCHA-based system has all the other flaws of
C-R systems. In particular, there's the killer problem that spam
can be made to look like challenges, at which point the entire
system falls apart because spam filters begin to delete most
challenges, and very few people will load images, click links or
otherwise respond to the few that make it to an inbox.
mathew
This is a readily addressable issue. I previously stated that an email service
provider could maintain a list of outgoing emails sent by each user. Incoming
challenges could then be filtered out if they did not correspond to the
outgoing email.
A previous objection to the feasibility of this filter was: "High-speed updates
are the hardest part of a database system, and this is a worst case scenario
because the info for a message needs to be
available as soon as the message has been sent."
This can be addressed by holding all incoming challenges and preventing them
from reaching the user's inbox for 10 minutes (or whatever length of time). The
challenge is passed to the user's inbox once it is clear that the database in
up-to-date.
These challenges will be relatively infrequent for the vast majority of people
and a slight delay in receiving them should be very tolerable.
Spammers obviously can't send spam masquerading as a challenge with the
aforementioned system.
Michael Kaplan
--
_______________________________________________
NEW! Lycos Dating Search. The only place to search multiple dating sites at
once.
http://datingsearch.lycos.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg