Challenge-Response for the BLIND?
Jason Clinton
me at jasonclinton.com
Thu Dec 11 22:06:56 CST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo J Mauler wrote:
| I've been reading a bit about the challenge-response anti-spam
| system.
Bad idea unless in the worst of situations; you are effectively doubling
the amount of traffic generated by spam.
| Basically, when someone sends you an E-mail, and they are not on the
| "allowed" list, an autoresponder sends an E-mail back requesting a
| response, only using a picture of a number to verify that the
| original sender is not a spam-generating marketing computer. If the
| live person reads the picture and sends back the number in it, the
| live person gets added to your list of "people who are allowed to
| send me E-mail".
Even the simplest challenge-response would defeat 99% of spam because
99% is sent from bogus email addresses or machines that are coopted for
spam sending for a short period of time. I see no need to send hundreds
pictures or audio per day out from your account for a challenge response
when only a tiny fraction of those will every actually be seen by
anyone. A simple "reply to this message to be added to my whitelist"
should work.
| system of challenge-response which does not have an audio alternative
| is in violation of the A.D.A. or a similar law I don't know about.
This is a popular myth. Despite what you may have heard, the A.D.A.
doesn't affect anything but government agencies.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQE/2Op+tSqjk42zvwkRAsTcAJ9JGd+pg92CuMEj/GwjODy2M4gwXwCbB4ko
piTzkTid8NUc0vjdZGnHKns=
=JcCY
-----END PGP SIGNATURE-----
More information about the Kclug
mailing list