Showing posts with label spam. Show all posts
Showing posts with label spam. Show all posts

Friday, September 17, 2010

CAPTCHA for CASH - The end is nigh for the CAPTCHA

I  thought you may like to know (unless I'm the last one to cotton on!) that a scenario we've theorised about on the ASRG mailing list for years is finally here, there's now at least one commercial service that will translate CAPTCHA's for cash.

I found the link (shown below) to a service that will decode captcha's for you for $2 per 1000 successes. (Ironically it was in an ad served to me by gmail.)

So to anyone who ever proposed a spam "solution" that relied on differentiating between people and machines, and doubted us when we told them that the commercial imperative would be its downfall, read this: 

We told you so, and it only costs two bucks for a thousand!
I predict much more of this in time, with costs falling as more competition enters the market, and I honestly think it presages the end of the useful life of the captcha.

That link: http://www.decaptcher.com/client/

-- correction: Kevin H. politely pointed out, in a comment, that I hadn't read it properly
That isn't $2 per success - it's $2 per 1000 successes. Minimum purchase is $10 = 5,000 spam, er, advertising opportunities
Thanks Kevin, I've updated the post to reflect this.

-- updates:  According to ASRG folks

a) This site has been known about since Oct, '09, so yes I am last to the party as ever!

b) Chris Lewis kindly point this out:
... found sweatshops in India quoting some small number of rupees per thousand, claiming to be able to supply up to 250,000 per day.  At _least_ three years ago.
...
Incidentally, some of the spam filter companies, as part of their technology for trying to figure out whether the jpeg is naughty or not, _claim_ they can solve >90% of all captchas on the fly.
c) More intriguingly Steve Atkins said:
There's even a neural net implemented in javascript as a greasemonkey plugin that'll solve some simple captchas in the browser.
 I had a Googlearound and found this, that may interest you http://ejohn.org/blog/ocr-and-neural-nets-in-javascript/

I found that particularly fascinating, because last year Nikki was telling me all about cognitive psychology and various theories of word and character recognition in humans. I still have all that to look forward to, in my OU degree, but I'm beginning to get an idea of the kind of things I could do for my project if I ever get that far!




Labels: , ,

Thursday, July 26, 2007

I Told you so!

In the previous post I predicted that postmaster@xxx would be too busy to reply, I got his reply just now..

Thank you for contacting XXX's E-mail Postmaster.
Because of the large volume of postmaster e-mail traffic, this response is automated.

LOL!



Labels: ,

We keep spending most our lives living in the living in the Spama's Paradise

I just got an email today which appears from its headers to be a bona-fide bounce triggered by spam with my @apache address on it. I also googled for some of the people on the list, and they do indeed work where where it says they do. So I think its genuine.

I've quoted the whole thing below, the scary part is summed up by this sentence "A list of all the people to whom these addresses might refer appears below" and sure enough right below the stuff I quote there's a list of people who's address might match michael@xxx formatted like :

name: Michael xxx
send_email_to: mikex@xxx
phone: 007-234-4354
address: 695 XXX Road
department: XXX-Housekeeping

For heavens sakes! I've spent years trying to explain why returning "mailbox does not exist" can be used by spammers to harvest addresses, and then I find out that people are still doing this. Priceless. I've sent a mail to the postmaster@xxx asking him if he's insane. I don't expect a reply from the current incumbent any time soon, he's probably fighting off a mail-storm.

The text of that message:

I'm sorry, but we had problems delivering your mail.
The errors we encountered appear below. If you have any questions,
contact the xxxxx Postmaster as postmaster@xxxxx.yyy.
Please include a copy of this message with your correspondence.
--------

The following addreses each refer to more than one person in our
directory. A list of all the people to whom these addresses might
 refer appears below. You should resend to your intended recipient
using the address in the 'send_email_to:' field.

If your intended recipient is not on the list, then the person is
either not registered in the central directory or the address is
misspelled.



Labels: ,

Thursday, January 18, 2007

Criteria for judging proposed "solutions" to the problem of spam

At:
http://www.killerbees.co.uk/draft-irtf-asrg-criteria-00.html

You will find a document which outlines an idea I've had for a while.

The thrust of the document is that while we don't know what the silver
bullet solution for spam is we do know some of the characteristics
which we expect it to exhibit.

We also know that very many ideas are presented on the asrg@ietf.org list which
fail to meet one or more of those criteria, this draft is intended to
provide a reference which describes those criteria, and could be used
as a partial statement of requirements for a technique to solve the
problem of spam.

Obviously this is just my own 2c at the moment, so let me know, preferably on the asrg list) what
your opinions are and I'll modify, abandon or replace this as
necessary.

FYI the abstract reads:

"The Internet Research Task Force Anti-Spam Research Group (ASRG) is
frequently presented with proposals for techniques for managing spam
from authors who wish to elicit an expert critique of their
proposals. In many cases proposals fall foul of issues and risks
which are well known and understood by members of the ASRG. This
Internet Draft is intended to enumerate and explain a number of the
more important of the criteria which tend to be applied. This
document will then serve as a normative checklist for anyone wishing
to present a technique to the ASRG."



Labels:

Is spam going to kill SMTP?

I read this post about the scale of the spam problem today. Its pretty chilling, but I guess it was meant to be. As far as I can tell the question it poses is, are we're really looking at a doomsday scenario and if so should we now be considering the unthinkable and pull the plug on SMTP?
I'm assuming that we all agree that the problem of spam is a direct result of SMTP being designed without any of the controls necessary to protect the network from this abuse.
Can SMTP be revised or does it need a flag day? I don't want the character of email to change, but I'm fed up with trying to explain why the problem of spam is so intractable, perhaps its time to get some traction and stop flogging a dead horse. WDYT?



Labels:
Subscribe to: Posts (Atom)

I know nothing, I'm not a fortune teller, and you'd be insane to think that I am. This disclaimer was cribbed from an email footer I once received. It is so ridiculous I had to have it for myself.

Statements in this blog that are not purely historical are forward-looking statements including, without limitation, statements regarding my expectations, objectives, anticipations, plans, hopes, beliefs, intentions or strategies regarding the future. Factors that could cause actual results to differ materially from the forward looking statements include risks and uncertainties such as any unforeseen event or any unforeseen system failures, and other risks. It is important to note that actual outcomes could differ materially from those in such forward-looking statements.

Danny Angus Copyright © 2006-2013 (OMG that's seven years of this nonsense)