by Mike Masnick

How Spammers Will Beat Challenge-Response Systems, And Other Conversations About

from the spam-spam-spam-spam dept

Lots and lots of spam stories today. For all my complaints about challenge-response anti-spam systems, I've always assumed that they would at least work to the level they promise. Mitch Wagner over at Internet Week is explaining how spammers will get around challenge response systems. He suggests that, first, spammers will start sending out fake challenges, getting people to respond (indicating their email address is real). Then, he points out that all challenge-response systems have some sort of "override" that will let messages through - and it won't take long for spammers to figure out how to forge that and break through any challenge-response system. So, then you'll still be getting spam and you'll be annoying anyone who wants to email you legitimately. Sounds like a lose-lose situation. Meanwhile, on the corporate side, too many executives don't realize how big a threat spam is and many office places don't have an official policy for how to deal with spam. The fear in both cases is that employees will help bring an avalanche more spam into the corporate network and that the company could face some legal liability for pornographic spam received. Finally, here's a study saying that spam is costing companies billions. Like studies about software and entertainment theft, I question how they come up with these figures, but it looks like the majority portion is in extra IT resources to deal with the spam problem - which is a legitimate cost (unlike "lost productivity" which is very difficult to measure).

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    kevin brown, 18 May 2004 @ 8:13pm

    Challenge Response faults

    So heres a solution. The challenge response system should include a built in function so that if the email looks like spam, it sends an "email ping" to the originating address, if it comes back host unknown, then it dumps the email and does not send the challenge response.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.