[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Please critique my anti-spam system

To: laird at lbreyer.com
Subject: Re: [Asrg] Please critique my anti-spam system
From: "Michael Kaplan" <mkaplansolution at lycos.com>
Date: Sat, 08 Jan 2005 23:50:14 -0500
Cc: asrg at ietf.org
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org

> Wouldn't the newsletter operator first have to obtain the specific
> sub-address from each receiver (assuming your system is widely deployed)
> at least once? That's a thousand bounces (ie number of recipients) right
> at the start.

The address is provided by the recipient when they sign up for the newsletter,
just like what is done now.


> Also, there are privacy implications in outsourcing the processing of
> sensitive email messages to cheap third parties?

Outsource the CAPTCHA, not the entire message.

>What happens if a
> Nigerian spammer outfit offers 0.1 cent per bounce processing, and
> keeps a record of these bounce messages, reads each CAPTCHA and
> compiles a clean set of email addresses which are guaranteed to accept
> spam messages?

In the critique section of my webpage I detail how tremendously
costly this would be for spammers.

> Each such deactivation generates a number of automatic CAPTCHA bounce
> messages for people trying to contact that sub-address. The more
> snooping occurs, the higher the frequency of deactivation, and the
> higher the amount of work on senders. However, snooping implies
> guaranteed spam delivery, so is much more valuable than ordinary mail
> address harvests, and is easy to do with a distributed infrastructure.
 
I'll leave others to comment with more knowledge, but I doubt that
snooping occurs with such an extreme degree of frequency that it would
disable this system.  This system is ideal for dealing with an address
that is occasionally snooped.


> The existence of these CAPTCHA messages are an inherent security risk,
> because they are allowed to be passed to the receiver's inbox without
> checks of any kind, on a priority basis, provided a weak set of
> credentials is bundled. This weak set of credentials consists of
> a public email address identifying the purported sender, if I understand
> your proposal correctly.
> 
> The obvious line of attack given the above is as follows: A spammer
> writes a CAPTCHA containing an advertisement rather than a
> sub-address, and inserts as the sender of this fake CAPTCHA an email
> address which is likely to belong to the receiver's whitelist.
> 
> Sometimes, this fake CAPTCHA is blocked because the inserted address
> is not on the receiver's whitelist, but this doesn't matter to the
> spammer as the mail did not cost him much to send. Sometimes, the
> inserted address belongs to the receiver's whitelist, in which case the
> advertising payload gets priority treatment, bypassing all spam defenses
> as it could be a legitimate challenge.

An email service provider that has not no accommodation to my system
would treat a fake bounce just like any other piece of spam, ergo the spammer
would have no incentive to fake a bounce.

An email service provider that has accommodated my system will treat a fake bounce
just like an erroneous bounce.  The bounce white list will only allow in bounces 
coming from an address that the user had emailed within the past few hours.
The fake bounce will never be seen, ergo the spammer would have no incentive
to fake a bounce.


> Perhaps you are unaware of the fact that email is much like a
> postcard, without the stamping security measure. Anybody at any time
> can read messages, or in fact modify them in every way, so long as
> they are located within the relevant mail path. The honour system
> is the only widespread protection in existence.
> 
> Valid sub-addresses can also be harvested automatically on users'
> computers by spyware. Valid pairs of (sender/receiver) addresses can
> be harvested from public archives of mailing lists, and such pairs can
> be used to send spam disguised as a fake CAPTCHA challenge as
> described above.

I don't have to hypothesize about the efficacy of multiple sub-addresses.
Zoemail and Reflexion users have many satisfied customers.



I don't mean to flood the list with postings concerning my system,
but since my initial posting I've only been responding to follow-up
posts.  Although flaws exist, I am pleased (at least in my view) that 
no killer flaws have been illuminated, and that no reason has been
given why it wouldn't be highly efficacious at blocking spam even when
employed by a massive number of people.  Much of the concern seems focus
on inconvenience to people who do not use the system, and I still can't
bring myself to believe that this inconvenience is severe enough to kill
the system, especially given the severity of the spam problem.  I accept
that others feel differently.

Michael Kaplan
-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Please critique my anti-spam system
  - From: Seth Breidbart
- Re: [Asrg] Please critique my anti-spam system
  - From: Laird Breyer
- Re: [Asrg] Please critique my anti-spam system
  - From: Ken Raeburn

Prev by Date: Re: [Asrg] Please critique my anti-spam system
Next by Date: Re: [Asrg] Please critique my anti-spam system
Previous by thread: Re: [Asrg] Please critique my anti-spam system
Next by thread: Re: [Asrg] Please critique my anti-spam system
Index(es):
- Date
- Thread