Re: [Asrg] A CAPTCHA that automatically detects and neutralizes attacks.

["Michael Kaplan" <mkaplansolution at lycos.com>]

> So of course, this CAPTCHA-based system has all the other flaws of 
> C-R systems. In particular, there's the killer problem that spam 
> can be made to look like challenges, at which point the entire 
> system falls apart because spam filters begin to delete most 
> challenges, and very few people will load images, click links or 
> otherwise respond to the few that make it to an inbox.

> mathew


This is a readily addressable issue.  I previously stated that an email service provider could maintain a list of outgoing emails sent by each user.  Incoming challenges could then be filtered out if they did not correspond to the outgoing email.

A previous objection to the feasibility of this filter was: "High-speed updates are the hardest part of a database system, and this is a worst case scenario because the info for a message needs to be
available as soon as the message has been sent."

This can be addressed by holding all incoming challenges and preventing them from reaching the user's inbox for 10 minutes (or whatever length of time). The challenge is passed to the user's inbox once it is clear that the database in up-to-date.

These challenges will be relatively infrequent for the vast majority of people and a slight delay in receiving them should be very tolerable.

Spammers obviously can't send spam masquerading as a challenge with the aforementioned system.

Michael Kaplan

-- 
_______________________________________________
NEW! Lycos Dating Search. The only place to search multiple dating sites at once.
http://datingsearch.lycos.com


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg