Wow. I have to admit that I am completely baffled. The system that you are
critiquing doesn't seem to match my system at all.
With ISACS fully functional email addresses are distributed. Receiving mail
from machines or unknown third parties will occur with that same ease that
it does today.
In the example on my website the character "Joe" just has to treat the
address Joe^lucky(_at_)domain(_dot_)com as his normal address. When he gives
it into
an airline web page the airline computer will email him back without any
problem. No C/R is involved. If Joe had initiate his correspondence with
the airline via email then the airline would have the unique address
Joe^mw82jb(_at_)domain(_dot_)com and this would be used.
An ISACS user could leave a comment on your weblog without any C/R issue
coming up since ISACS only uses fully functional addresses.
If anyone out their knows how I can amend my web page so that this confusion
with C/R doesn't occur then let me know.
On a side note: For greater clarity I just adjusted my web page by putting
the description of the 3-D CAPTCHA on an entirely different page since I no
longer believe that this innovation is essential and since an earlier poster
on this board quoted something from that section out of context.
Michael Kaplan
On 22 Jan 2006 14:29:51 -0000, John Levine <asrg(_at_)johnlevine(_dot_)com>
wrote:
After a great deal of thought, multiple innovations, and revision I
believe
I have perfected my anti-spam system. Umm, well, at least I can assure
you
that in my own mind the system is perfected.
I took a look. It has the same broken threat model and unrealistic
assumptions of every other C/R and CAPTCHA system.
The worst thing about it is that like every other C/R system, it's a
spam amplifier. The vast majority of mail arriving from unknown
addresses is spam, all of which has forged return addresses. I know
that that nearly all of the challenges I get are due to spam I didn't
send.
It makes the naive assumption that real mail is all sent by people,
and that people will behave the way the designer of the C/R system
wants. Neither is true. There is, for example, at least one comment
on my weblog that nobody will ever see because the guy's broken C/R
system is waiting for my blog system to answer his challenge.
I get
vast amounts of real mail from machines, including a lot of mail that
I would be rather dismayed to lose, such as confirmations for airplane
tickets that I bought. C/R advocates seem to assume that recipients
will all know how to whitelist this mail in advance, but experience
offers little support for that theory.
Re user behavior, I ignore challenges from mail I did send on the
theory that if they wanted to hear from me, they would have read my
mail. But I tend to respond to the ones due to spam when I have time,
since that's the quickest way to get into those users' whitelists so
the C/R system will stop bothering me. (If this isn't what you want,
perhaps you should reconsider the wisdom of asking me to sort your
mail.) I also routinely observe that I send mail, I get a challenge
that I ignore, and a few minutes later I get a live response because
C/R users know that their systems are broken and read their challenged
mail anyway.
There are other more arguable model failures, like the assumption
that brute force is the only way to break challenges, but these two
are plenty to kill any C/R system and always will be.
The final flaw with C/R is that it is a retrospective authentication
system that is inferior in every way to a forward system like DKIM.
C/R takes incoming mail and attempts to go back to the sender and ask
"did you really send this?" while a forward system like DKIM includes
"look! we really sent this!" in the message itself. It's true, the
DKIM signatures are easily added to mail sent by machines, but for
those of us who would prefer to know when our plane leaves, that's a
good thing.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg