Slashdot Mirror

← Back to Stories (view on slashdot.org)

Baffling the Spam Bots

Posted by michael on from the change-addresses-every-six-weeks dept.

dumpster_dave writes "Scientific American is running an article, Baffling the Bots on techniques to outsmart and subvert spam bots and their chat-room cousins via CAPTCHA. You have probable seen this in the form of images containing text as gate-keepers to various on-line services. The latest evolution is using non-words and distorting the text such that even the best AI systems cannot decipher them, yet humans can not help but do so [cf., Gestalt Psychology]."

6 of 350 comments (clear)

  1. Blind Users by X-rated+Ouroboros · · Score: 5, Insightful

    I've often wondered how these types of systems can be made handicapped accessible

    --
    Simple Machines in Higher Dimensions
    1. Re:Blind Users by Talez · · Score: 4, Funny

      It's part of the three pronged attack on spam.

      1) Obfuscate e-mail addresses
      2) Stop spammers from getting to places containing real email addresses
      3) Keep stupid people off the internet so the revenue stream of spammers is cut off.

  2. Re:I've always thought by Grimster · · Score: 5, Interesting

    Yes this is a great solution if the only people you want to email you are a little towards the smart side. But speaking as someone who has to deal with "joe sixpack" daily I've seen people who are confused by user@NOSPAMdomain.com and when I tell them to go to http://webmail.domain.com/ to get their webmail they put www. on the front!

    These same people if I were verbally giving them the url to slashdot would end up at http://www.slash..org/ (god I wish I were trying to make a joke but seriously I've had this happen).

    Because of this my email is plainly visible on our web site, and in my forums, and on a few other forums and on an occasional usenet message. With a combination of RBL's, bayesian filtering, procmail soup and other goodies my spam count per day is kept to a low roar (double figures in spam number rather than four figures, again I wish this were joking).

    --
    --- www.f-theocean.com
  3. Keep tabs on where your address goes by bigberk · · Score: 4, Insightful

    Everyone should know this by know, but you can control spam by keeping tabs on where your email address goes.

    The address I use to post to USENET is completely disposable. The 'swen' worm in fact picked up my USENET addy and spammed it with about 40,000 emails. The address is now dead, but I saw that coming.

    I have a public address which I give to casual contacts (who may not be totally trustworthy). This address changes yearly, and this keeps it spam free.

    My well guarded private address, which I only give to my closest friends, has gotten no spam for 5 years. I receive about 20 emails per day at that private address and there is 0 spam.

  4. CAPTCHAs are not the answer by Eponymous+Cowboy · · Score: 4, Interesting

    Earthlink has an optional system like this, where unknown senders are blocked by default. They receive an autoreply giving them a URL to go to where they must enter the text from a CAPTCHA.

    Unfortunately, the system does not work very well. My dad sells on eBay, and a buyer of one of his auctions had an Earthlink account, which blocked the message that told how much the shipping would be, where to send payment, etc. When my dad went to the specified URL, and entered the CAPTCHA text as requested he would simply get an error message that he had entered it incorrectly. He forwarded me the Earthlink email and asked me if it was just him; it wasn't; I couldn't get it to work either. The random string of numbers and letters was very distorted, and there were four possible meanings; I tried those plus at least ten more with no sucess. The message never got through.

    There are many problems with this type of system. Consider: what if both parties have CAPTCHA-enabled accounts, from different providers? The confirmation messages from both parties get blocked. Smarter systems whitelist people as messages are sent to them, but as in the eBay case, the recipient had no way of knowing my dad's email until AFTER a message from him was received. It's a Catch-22.

    And for people who are visually impaired, universal deployment of this system this makes email essentially impossible. Earthlink's page had a link "if you cannot see the picture, click here" and when you got to that they said to call their 1-800 number if you have any problems. Right.

    Adding CAPTCHAs to everyone's email systems is NOT the way to solve the spam problem. We need a more realistic, permanent solution. For example, cryptographically authenticating the sender (the "From" field) at the level of the originating ISP (and rejecting messages from senders it cannot authenticate, by password or whatever means), and then having each relay in turn authenticating the previous relay if it trusts it. Headers can be inserted in the emails, signing the previous headers with private encryption keys with their public counterparts obtainable from the ISPs by simple DNS lookups. This will build a chain of trust, which stops when a message gets outside of the sender's network, and therefore allows the original sender to be properly identified back through their ISP. Once we know who messages are from, people can be held responsible. And at that point, anti-spam laws can handle the rest.

    --
    It's hard for thee to kick against the pricks.
  5. Re:A better way to do this... by Rosco+P.+Coltrane · · Score: 5, Funny

    I have a better idea : present a complex differential equation and ask the person to solve it in less than 10s. If he fails, he's human.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash