[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Please critique my anti-spam system

To: asrg at ietf.org
Subject: Re: [Asrg] Please critique my anti-spam system
From: Seth Breidbart <sethb at panix.com>
Date: Mon, 10 Jan 2005 03:44:41 -0500 (EST)
In-reply-to: <20050110070609.10905CA07A@ws7-4.us4.outblaze.com> (mkaplansolution@lycos.com)
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20050110070609.10905CA07A@ws7-4.us4.outblaze.com>
Sender: asrg-bounces at ietf.org

"Michael Kaplan" <mkaplansolution at lycos.com> wrote:

> One member of this list estimated that 90% of spam was eliminated at
> the periphery, before content filtering occurs.

You don't get to claim that and 5% deliverable; content analysis is
much better than 50%.

> Also there is really no limit to the number of bogus email accounts
> that could be fed to spammers.

Since they're stealing CAPTCHA'd addresses, somebody is paying for the
bogus ones.

> I would also reiterate the impossibility that a company can exist in
> the developing world that would decode CAPTCHA for a legitimate
> company (Paypal, Amazon, etc.), then also sell the same decoded list
> spammers, and expect to keep that company's business for more than a
> week.

Maybe they'd gather them for 3 months before spamming.

And the spammers would set up 50 "competing" businesses, so when you
cancel one, who do you go to next?  The next one of theirs?

>  It would become INSTANTLY obvious that the company was dishonest
> when every decoded address is then flooded with spam.

What happens when they're smarter than that, and only some get spam,
perhaps in a way that points to somebody else?

> Also remember that a company such as Amazon is not paying to decode
> billions of CAPTCHA a year, they would likely only need to decode
> less than 100,000 (and they are an enormous internet company).
> 100,000 addresses wouldn't even approach the daily needs of a
> spammer.

Guaranteed deliverability is a big thing.  Divide that by the fraction
that are delivered now, and see how big it looks.

> A lot is being made of the concept that with a decoded address a
> spammer can send you an enormous amount of spam in a single day.
> The spammer would much prefer to send you 1 spam every day than 300
> on a single day.

Maybe; but the address won't stay good for 300 days, so he has more
like 300 seconds to fill your inbox.  That would likely be for 300
different spams.

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Please critique my anti-spam system
  - From: Michael Kaplan

Prev by Date: Re: [Asrg] Please critique my anti-spam system
Next by Date: Re: [Asrg] Please critique my anti-spam system
Previous by thread: Re: [Asrg] Please critique my anti-spam system
Next by thread: Re: [Asrg] Please critique my anti-spam system
Index(es):
- Date
- Thread