Re: [Asrg] Passive Spam Revocation

Rich Kulawiec <rsk@gsp.org> Mon, 26 October 2009 21:27 UTC

Return-Path: <rsk@gsp.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F232B28C164 for <asrg@core3.amsl.com>; Mon, 26 Oct 2009 14:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.134
X-Spam-Level:
X-Spam-Status: No, score=-6.134 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLvQAQhva3o1 for <asrg@core3.amsl.com>; Mon, 26 Oct 2009 14:27:35 -0700 (PDT)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by core3.amsl.com (Postfix) with ESMTP id 2FDEE28C0DB for <asrg@irtf.org>; Mon, 26 Oct 2009 14:27:35 -0700 (PDT)
Received: from squonk.gsp.org (bltmd-207.114.17.122.dsl.charm.net [207.114.17.122]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id n9QLRkvQ032680 for <asrg@irtf.org>; Mon, 26 Oct 2009 17:27:47 -0400 (EDT)
Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id n9QLPZXZ007586 for <asrg@irtf.org>; Mon, 26 Oct 2009 17:25:35 -0400 (EDT)
Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.3/8.14.3/Debian-4) with ESMTP id n9QLRfBb023530 for <asrg@irtf.org>; Mon, 26 Oct 2009 17:27:41 -0400
Received: (from rsk@localhost) by avatar.gsp.org (8.14.3/8.14.3/Submit) id n9QLRf9D023529 for asrg@irtf.org; Mon, 26 Oct 2009 17:27:41 -0400
Date: Mon, 26 Oct 2009 17:27:41 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20091026212741.GA23466@gsp.org>
References: <6679e0500910252145j69e51a6frb2cd90c86dff4bb4@mail.gmail.com> <20091026094358.GA32622@gsp.org> <4AE5750F.4000502@mines-paristech.fr> <20091026114107.GA8259@gsp.org> <18a603a60910260626i3e5afe29nb313cde341e5b09b@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <18a603a60910260626i3e5afe29nb313cde341e5b09b@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [Asrg] Passive Spam Revocation
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2009 21:27:36 -0000

On Mon, Oct 26, 2009 at 03:26:40PM +0200, Pars Mutaf wrote:
> What if the CAPTCHA needs to be solved before the status can be seen?
> That would work?

Nope.  (Let me pause to note that there are a number of other problems
with this idea as well, I just didn't articulate those.)

The gap between "captcha which is difficult enough to defeat a program"
and "captcha which is easy enough to be solved by a human" has already
closed -- and even if it hadn't, spammers have numerous other techniques
available to them that scale reasonably well, including (a) captcha
replay and (b) mass cheap labor.  So I think it's reasonable that if
it becomes advantageous to spammers to solve captchas en masse, they will.

---Rsk