Re: [Asrg] A CAPTCHA that automatically detects and neutralizes attacks.

[Seth Breidbart <sethb at panix.com>]

"Michael Kaplan" <mkaplansolution at lycos.com> wrote:

> The filter I was describing was not meant to apply to every form of
> automated or mass emailing.  It specifically applied to challenges
> sent in response to an email that had just been sent.

So if someone forgot to whitelist this mailing list, then I'd get a
challenge from his mailer.  (Ever posted to bugtraq and seen the
number of idiots with broken vacation programs subscribed there?)

> Everyone is not already doing it because these challenges currently
> only fill a small niche in the anti-spam fight.  Everyone will
> quickly do it if you employ a near universally used highly effective
> anti-spam system that utilizes such challenges.

So you are claiming "It's OK to send challenges to bogus mail because
there's a way for the victim (recipient) to filter them out"?  How
does that differ from a spammer claiming "I put ADV: at the beginning
of my Subject headers so it's easy to filter them out if you don't
want them"?  Spam is spam, and if you auto-send email in response to
forged messages, you're spamming.

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg