Slashdot Mirror
Turing Tests to Stop Spam
cexy writes "The Register has a story about how Hotmail and Yahoo! are using Carnegie Mellon developed captcha technology (completely automated public Turing tests to tell computers and humans apart) to stop spammers from automating signups for accounts from which they can send spam. These guys are using captcha too, but to stop incoming spam."
Where it shows you a smeared image of a number that you have to type in to register with a site? I think Slashdot has had this for a while now, and I know I have seen it on other sites as far back as a few years ago.
I don't have much personal experience with SpamAssassin, but from what I heard it does a fine job already.
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
I would rather Yahoo stop spam from getting to my mail acocunt before they concentrate on stopping people from signing up automatically. I'm one of the few people who actually pay for Yahoo "additional" services. I thought I would get better anti-spam support. Not so far. I literally have 10 to 20 an hour and I can't block anymore because Yahoo only allows 100 addressed to be blocked. And considering the smammers are using 12374614187641874@optinmail.com along with other numerous addresses, it's impossible to block the majority of them. Hell I would even be happy if they would start allowing people to block entire domains. That would be a good first step.
My sig of choice is Marlboro
When someone would send you mail, it would send back a link to a small image, in the image was a 'click here' dot, only a human (or some software that no spammer would take the time to write) can get their email into your mailbox.
.com "troubles".
Kind of offensive though, a lot of people took offence to clicking a link to send me email.
MsgTo.Com dissappeared some time ago during the
Hedley
It's time for my regular rant regarding PopFile and Bayesian excellence and how SPAM WOULD DISAPPEAR IF BAYESIAN TECHNIQUES WERE APPLIED AT THE ISP LEVEL!!!!
And now, back to our regular show.
It's Christmas everyday with BitTorrent.
Well, the cool thing about this is that they're applying unsolved AI problems to verify if the signee is a human. If someone comes up with a way for a computer to 'pass' the test, then a new AI problem has been solved. Kind of clever, in my opinion.
Your hybrid is not saving the environment. Its purpose is to make you feel good about buying something.
This kinda defeats the object of email - for people who barely know you, if at all, to contact you. Email is excellent at bringing together people from all over the world - what's the point if only people you already know can contact you using it? Wasn't the Internet supposed to surpass the letter and the stamp?
I'd rather put up with the spam. But if you really need to avoid it, do what I do: use two accounts: one for online publishing on the Web and sites like Slashdot, and the other for people I know. You get the best of both worlds.
These Turing tests do not stop spam. They discourage spammers from using bogus Hotmail etc accounts to originate spam from. They do this by making it incrementally more expensive to create the accounts; rather than using a bot to create an account a second you have to use a human to create accounts by the minute. So 60 times the effort.
But I don't think that translates into 60 times the cost. The Turing tests are interesting but I don't think that the creation of the accounts ever was a bottleneck in the process in sending spam. You could get a high school kid to create all the accounts you would need for a month in about an hour, and pay him in pr0n.
If the truth were known, Hotmail and Yahoo are just trying to decrease server loads. I bet that when bots create accounts they create hundreds or thousands more than are used, which take up server resources during creation and later as the accounts eat up storage. With Turing tests it is more likely that not too many will be laying around waiting to be used.
=^..^= all your rodent are belong to us
The captcha project is conceptually pretty cool, but so far they have failed to make their code portable and useful to the community at large. Evidence? Look no further than the site you're reading. To stop spammers from creating tons of bogus Slashdot accounts, the folks at Slashdot had to spend months laboriously writing their own captcha-style process to protect the new user form. Unfortunately due to the failure of CMU to make their code accessible, someone at OSDN was forced to create their own system from scratch and (understandably) it isn't anywhere near as tough or well designed as the CMU captcha, lacking such basics as font rotation, color rotation, anti-aliasing, and other anti-OCR measures.
So, while I commend their effort, I wish CMU would work harder to make their tools available not just to commercial sites but to the Open Source community and projects like Slashcode. This would help the captcha project actually accomplish its mission of protecting users from abuse, instead of leaving sites like Slashdot vulnerable to any 13 year old Visual Basic programmer with a grudge and a clue.
If guns kill people, then CmdrTaco's keyboard misspells words.
From the captcha site:
"[...] humans can read distorted text as the one shown below but current computer programs can't:"
I think they mean "non-blind humans". How exactly will they ever solve that problem? If a blind
man's OCR program can read the text, so can the spammer's.
I see a lot of posts here comparing the relative merits of different spam filters, based on how little spam gets through. The thing I worry about a lot more with spam filters is how much of my non-spam mail gets blocked. And yes, I've had this happen with every spam filtering mechanism some sysadmin has inflicted on me. This is the main reason I like spam filtering at the user level, not the ISP or system level -- at least you have some control over the imperfections.
It's no secret, at least it shouldn't be, that Micro$oft is making money selling your hotmail address (yet then they spam you with advertisements for their spam-blocking software)...
Instead of just experimenting by setting up a Hotmail account, has anybody ever tried the other way around? That is, pose as an advertiser and approach Hotmail about e-mailing their users?
I second that. I had a hotmail account for 2 years that I used quite frequently as a secondary email account and never had a spam problem.
However, I gave my email account to one site and went from 0->2MB quota filled in less than a day in much less than 2 months. It's all about who or what you're in contact with... not about the service itself.
I've watched Spamarrest movie. The exactly same system (you have to read a word, obscured to defeat OCR programs) is beeing used by one of Polish mobile phone operators. If you want to send SMS from www->sms gate you also have to read a word. You can see it here.
:wq
What do you get if you eliminate the human from the above? Why, a protocol link. Might as well require me to type in TCP/IP packets and consider me human if I make too many erorrs :-)
Welcome to the net of 1000 lies. Upgrades are scheduled soon that should bring us to the 10,000 lies mark.
If Hotmail accounts are targeted randomly, the amount of spam you get is probably related to the complexity of your username.
I've had my Hotmail account for nearly three years, and I typically get about 5-10 spam messages per day - not a lot. I have custom filters that catch all emails with "mortgage, viagra, debt" - this catches most of the spam I get (I actually don't filter porn spam, well I haven't really tried, as at least they are creative with their subject lines - "Knob Gobblers" was a favourite - I've had some other funny ones too)
My username is 11 characters long with an underscore - this is probably a bit out of range for your typical "brute force"/random sign up name spammers.
So - if you want to use popular free email services, perhaps follow the same guidelines for creating secure passwords? Numbers, special characters,(although this is a bit more limited with email) and more importantly length of name!
--- Why are you wearing that stupid bunny suit? | Why are you wearing that stupid man suit?
Sending e-mail should cost some token amount of money,
It's easy to throw such ideas around, but implementation becomes an issue of rights quickly. I guess you want to force everyone to use their ISP's mail server and pay their ISP the amount. Fine. You have to block outgoing port 25, which fucks over anyone running their own mail server. Spammers will just buy T1s and be their own "ISP", and sell a flat rate email sending fee to other spammers. (They already do that).
What about people like myself that maintain announcement lists for my web sites. That's something like 2000 emails each time I send an update. It's all completely opt-in, and has a real return address, from which I personally handle unsubscribe requests from the people that can't figure out how to use the web site to unsubscribe. It's nothing like spam.
What about all the thousands of other email lists. The owners of the linux kernel mailing list would have to pay thousands a month in your email fees, even if it was only a couple cents an email.
Anyway, everytime someone comes up with these "change the infrastructure" silver bullet solutions to spam, they are always half-baked.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
If you happen to be in the fortunate position of ISP, you can play at racketeering and generally get away with it: offer your subscribers' email addresses for a fee, then offer them spam blocking for a fee. Repeat until your customers are all gone.
Don't think that'll work? Your phone company is already doing it with telemarketers.
An "autonated Turing test" is an oxymoron.
The Turing test is where a human talks to a computer and tries to decide if the backend that's answering him is a human or a computer program.
This is more of a reverse turing test, where the computer asks questions to try and find out if it's interacting with a person or a program.
It would be possible to write a program to beat this system, but it would not qualify as having passed the Turing test, because it would have only fooled another computer program, not a real person. Of course maybe said program could go on to pass the Turing test.
Wouldn't it be weird if spam was the driving force behind the creation of the first real AI?
Skynet began learning at a geometric rate.......by 1800 hours every mailbox in the world was jammed with unfilterable spam.
Life is too short to proofread.
From my understanding, the use of image recognition in the captcha test would make it nearly impossible for blind people to pass the test.
I got just the opposite. I never ever ever use my yahoo account for anything. I checked it for the first time since July in late December and I had 900 messages. 800 were correctly identified as spam. 100 were spam messages that made it to my inbox. 89% block rate isn't too bad. But 900 spams in 3 months for an unused account is attrocious.
I use my hotmail address for pretty much everything and it's very clean. Instead of just deleting spam I use the block feature. Lately I've just been getting a lot of e-mail viruses.
Yahoo has a limit on the number of blocked addresses you can have. I ran into with those 100 spams in my inbox. I've yet to run into a limit with hotmail except on keywords.
So yeah, I'm sticking with hotmail for free accounts.
Ben
Work Safe Porn
What are you wittering on about? MS doesn't sell addresses to spammers, it's against the privacy policy and EVEN MS wouldn't be stupid enough to break their OWN privacy policy. The short/dictionary names are simply being bruteforced - anyone doing mail admin on a decent sized domain sees the same thing all the time.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"