How Spammers Will Beat Challenge-Response Systems, And Other Conversations About

from the spam-spam-spam-spam dept

Lots and lots of spam stories today. For all my complaints about challenge-response anti-spam systems, I've always assumed that they would at least work to the level they promise. Mitch Wagner over at Internet Week is explaining how spammers will get around challenge response systems. He suggests that, first, spammers will start sending out fake challenges, getting people to respond (indicating their email address is real). Then, he points out that all challenge-response systems have some sort of "override" that will let messages through - and it won't take long for spammers to figure out how to forge that and break through any challenge-response system. So, then you'll still be getting spam and you'll be annoying anyone who wants to email you legitimately. Sounds like a lose-lose situation. Meanwhile, on the corporate side, too many executives don't realize how big a threat spam is and many office places don't have an official policy for how to deal with spam. The fear in both cases is that employees will help bring an avalanche more spam into the corporate network and that the company could face some legal liability for pornographic spam received. Finally, here's a study saying that spam is costing companies billions. Like studies about software and entertainment theft, I question how they come up with these figures, but it looks like the majority portion is in extra IT resources to deal with the spam problem - which is a legitimate cost (unlike "lost productivity" which is very difficult to measure).
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    kevin brown, 18 May 2004 @ 8:13pm

    Challenge Response faults

    So heres a solution. The challenge response system should include a built in function so that if the email looks like spam, it sends an "email ping" to the originating address, if it comes back host unknown, then it dumps the email and does not send the challenge response.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.