How Spammers Will Beat Challenge-Response Systems, And Other Conversations About

from the spam-spam-spam-spam dept

Lots and lots of spam stories today. For all my complaints about challenge-response anti-spam systems, I've always assumed that they would at least work to the level they promise. Mitch Wagner over at Internet Week is explaining how spammers will get around challenge response systems. He suggests that, first, spammers will start sending out fake challenges, getting people to respond (indicating their email address is real). Then, he points out that all challenge-response systems have some sort of "override" that will let messages through - and it won't take long for spammers to figure out how to forge that and break through any challenge-response system. So, then you'll still be getting spam and you'll be annoying anyone who wants to email you legitimately. Sounds like a lose-lose situation. Meanwhile, on the corporate side, too many executives don't realize how big a threat spam is and many office places don't have an official policy for how to deal with spam. The fear in both cases is that employees will help bring an avalanche more spam into the corporate network and that the company could face some legal liability for pornographic spam received. Finally, here's a study saying that spam is costing companies billions. Like studies about software and entertainment theft, I question how they come up with these figures, but it looks like the majority portion is in extra IT resources to deal with the spam problem - which is a legitimate cost (unlike "lost productivity" which is very difficult to measure).


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    kevin brown, May 18th, 2004 @ 8:13pm

    Challenge Response faults

    So heres a solution. The challenge response system should include a built in function so that if the email looks like spam, it sends an "email ping" to the originating address, if it comes back host unknown, then it dumps the email and does not send the challenge response.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This