Story from Langa List:
-----------------------------------------------------------------------
Fred, This is from the Datamation IT Management Update that I
get. Most interesting! Thanks for all your efforts with the
LangaPlus List. ---Rob Morrison
"`Ultimate' Spam Weapon Coming to the Enterprise A brandnew
company has made a pretty gutsy promise -- to wipe out spam.
And what promises to be consumers' ultimate weapon against
spam could be ready for the enterprise as early as this year."
http://itmanagement.earthweb.com/secu/article.php/2172331
Thanks, Bob. I don't know what's up with Datamation, but this kind of
tool isn't new at all: It's called "challenge/response" technology, and
it's yet another deeply flawed approach to spam filtering.
The theory of challenge/response filters is that all inbound email gets
held while the software generates an automatic form letter (the
"challenge") that asks the sender to send a second email (the
"response") to verify the validity of the first email. Sometimes, the
challenge is a simple "reply to this email," but more often, it involves
a mini-Turing test to see if the sender is a live human. For example,
the challenge email may include a small photo of (say) cats, and ask
"please reply to this email and indicate the number of kittens in the
photo." If the response comes back with the right number, the original
email is let in.
As the Datamation article says, "Machine-generated email cannot reply to
the challenge email so the original email is never put into the
consumer's Inbox"
But the huge flaw with this approach--- aside from being very annoying
to your legitimate correspondents--- is that that *all* machine
generated email will get blocked. That includes things like this
newsletter, virus bulletins, news alerts, online auction or sales
payment confirmations, company newsletters and HR bulletins, etc.
Anything sent en masse, by machine--- even totally legitimate emails
you've asked for or need--- will never be authenticated, and thus will
be blocked.
"Matador/Mailfrontier" and "ChoiceMail" are perhaps the most widely used
anti-spam tools currently employing challenge/response technology. Every
week when I send out this newsletter, I get dozens of new challenge
emails asking me to reply with the number of kittens in a photo; or to
go to a web site, find a hidden password, and enter that password in
order for the newsletter to be delivered; or--- one of my favorites,
used by "ChoiceMail"--- to go to a special web site, "...fill in your
name and a short reason for wishing to send e-mail to me." Great! Essay
questions!
At first, I tried to keep up, but then I did the math:
For every 1,000 readers who use challenge/response, and assuming it
takes an optimistic 20 seconds to gather, open, read, reply, and send
back an email, I'd spend 6 hours doing nothing--- no other work at all-
-- but answering the challenge emails. If all my subscribers used
challenge/response, I have to set aside 4 full work months doing nothing
else at all but answering challenge emails, full time, all day, every
day. Four months!
Alas, challenge/response is another one of those technologies that
sounds good at first, but actually is really a very bad idea.
I still think Bayesian tools hold the most promise. See
http://www.informationweek.com/story/IWK20021115S0018
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
