On Tue, 25 Mar 2003, Nick Simicich wrote:
> Almost anything that can be done by a human can be done by a
> program. Simple as that. There are actually experiments underway to get
> people to prove their humanity. One involves recognizing warped words,
> another typing in words you have heard.
Humans get annoyed when they fail a test like that. If only 5% fail,
that's still a lot of annoyed people even on my little list server.
Imagine what it would be like for the folks with the big lists. So we
need a tiny false negative rate to be practical.
Conversely, the spammers aren't adverse to letting their software try
again and a again. Spammers will be happy if their software was able to
subscribe in 1% of attempts. So the false positive rate needs to be even
lower.
I saw 30,000 web hits from a single IP address that was mixing and
matching text from my web pages to make URLs. I'm not sure what they were
looking for. I don't use hidden URLs to protect content.
> The point is that it is hard to beat. Simple e-mail which responds with a
> token can be parsed and responded to, and success messages can be reacted
> to with spams.
> Eventually, the only thing that will stop spam is moderation.
That will slow the spammers down quite a bit. However, spammers will
still be able to forge headers so their spam looks like list traffic.
Its probably time to work on getting list software to cryptographically
sign outgoing list traffic and administrivia. Key management is hard.
I already have trouble with subscribers who filter out the monthly status
email from the list management software.
--
Paul Haas
paulh@hamjudo.com
References:
|
|
