Comments on: EarthLink has just 31 challenge-response CAPTCHAs

By: Richard Clayton

Richard Clayton — Tue, 14 Feb 2006 16:04:19 +0000

I’m appalled that EarthLink’s spam detection is such that they have now sent me 325 challenges in the period since the 20th December. If they knew it was spam, they would not challenge. Nevertheless, to an academic, time spent educating users [turn the system OFF!] can surely never be time that is wasted?

By: Stiennon

Stiennon — Tue, 14 Feb 2006 15:48:35 +0000

While I applaud your vigilance I am appalled that you had time to capture 32 CAPCHTA’s from Earthlink.

Thank you for spending time the rest of us don’t have to discover this.

By: Richard Clayton

Richard Clayton — Mon, 13 Feb 2006 22:04:32 +0000

Blocking the EarthLink Challenge-Response emails is hardly rocket science… and has been described in many places such as here. It is of course an EarthLink specific detection rule (useless on other systems) — and failing to accept these messages does nothing towards getting the EarthLink customers to turn them off! So although it would help me to block these messages, it does nothing to help the rest of the Internet. Which is where we came in!

By: Justin Mason

Justin Mason — Mon, 13 Feb 2006 20:46:24 +0000

Nicely spotted.

I have a good SpamAssassin ruleset which blocks these — mail me if you’d like a link. It catches almost all of these mails. I still hand-confirm the ones that get past, of course, as a protest against the offensive cost-shifting that C/R represents.

By: Chris Walsh

Chris Walsh — Mon, 13 Feb 2006 16:57:21 +0000

I am very happy to have learned of this blog, and want to thank you in advance for all the good things you will be treating us to.

By: Tyler Moore

Tyler Moore — Mon, 13 Feb 2006 11:09:32 +0000

So now we have peer-to-peer spam filtering! No longer do ISPs have to make the blocking decision or carry the costs of filtering; they’ve shifted liability onto end users. Such a liability shift would only make sense if users were better placed to invest in spam defence than ISPs, which they clearly are not. ISPs are better placed to fight spam because they examine much more email than a user ever could and they have the authority to filter spam out in the first place.

So this technique creates an added inconvenience, transferring spam from the original recipient to the spoofed originator. The net effect on spam is nil (if you equate the original spam with Earthlink’s spam response). Though interestingly, enabling ‘Suspect Email Blocking’ makes sense to an individual Earthlink user since it diverts all of its spam over the Internet. Only with widespread adoption will the individual benefits of the blocking strategy diminish, as the Earthlink users begin receiving fake challenges from AOL, Hotmail, and Gmail users.