Spam stopper. (Was Re: "ABC Consumer Reports" doesn't recommend Linux)

From: Andy Baxter (news2_at_earthsong.null.free-online.co.uk)
Date: 08/11/03 

Date: Mon, 11 Aug 2003 01:41:47 +0100

Alan Connor wrote:

> Well, I am just polishing up a little program that kills ALL spam.
>
> And lets any mail I want through.
>
> It's simple and it's free and it works PERFECTLY. Can be installed in
> minutes on a *nix box with the standard utilities and uses almost no
> memory or disk space.
>

I just had a look at your spam stopping script, which is a little bit like
something I was thinking of doing - instead of challenge/response, I was
thinking of sending an autoreply to unknown senders which directed them to
a website with a send-email form and no visible email address. But your
script is probably easier for people who want to email me to use. For the
moment I'm just blocking all attachments and html mail unless there's a
code in the subject line notifying that someone wants to send these.

The thing is, I can see how your method would work for you and a small
number of people who start using it (as I may do), as most spammers are
probably getting enough responses from the fools who reply to them that
they can't be bothered trying to get round obscure protection systems. But
if a lot of people started using it, it wouldn't be hard to write a mail
script that sent an email to an msp protected address, then automatically
pasted the password into the subject line of a piece of spam which would
then end up in your inbox as usual. Unless I've misunderstood how the
system works, in which could could you explain?

I'm not trying to slag off your script here - like I said I've thought of
doing stuff like this myself, and I'm happy enough to find methods which
will protect my own inbox and which I can pass on to friends. But for me
this brings up a theoretical point about the difference between
(current???) machine and human intelligence which I find interesting, and
which also suggests a better approach.

The way I see it, the challenge part of the challenge/response should be
something which machines find easy and quick but humans find slow or boring
- i.e. you want your computer to do this to save you the trouble of going
through all the spam trying to find the genuine email, which was the whole
point in the first place. But the response part ideally needs to be
something which humans find easy but machines find difficult or impossible,
otherwise someone can write a robot to get round it.

So - how about 'riddle/response'? I.e. send out a question in natural
language which any person who speaks english will easily be able to answer
with a single definite word, and ask them to put that answer in the subject
line in between square brackets. As far as I remember from the AI course I
did years ago, computers are pretty bad at natural language processing, so
this should keep the spammers at bay for some time to come. Examples might
be:

How many fingers (not thumbs) do most people have on one hand? (allow [four]
or [4])
What year is it in numbers? (allow [2003])
What colour is a clear daytime sky? (allow [blue])
What is the capital city of great britain (allow [london])

Each individual user of the system could make a database of perhaps a dozen
'riddles' which would be chosen at random for a particular email. If spam
ever started getting through, they'd just remove the riddles they'd been
spammed on and write new ones. If someone couldn't answer a particular
riddle, or spelt it wrong, they'd just have to try again until they got it
right.

What do you think? If I get time I'll see if I can adapt your scripts to do
this, and post the results.

andy baxter. 

-- 
Please don't send me html mail or un-notified attachments. These will be
automatically filed under spam unless I'm expecting an email which hasn't
come.
If you do need to send an attachment or html mail, put [attachment] or
[html] in the subject line.
Thanks, andy.

Relevant Pages