Turing Tests to Stop Spam 284
cexy writes "The Register has a story about how Hotmail and Yahoo! are using Carnegie Mellon developed captcha technology (completely automated public Turing tests to tell computers and humans apart) to stop spammers from automating signups for accounts from which they can send spam. These guys are using captcha too, but to stop incoming spam."
Yahoo works, hotmail not (Score:4, Interesting)
Hotmail is more popular (Score:4, Interesting)
Re:CAPTCHA project (Score:3, Interesting)
The source code is there to download, but are we allowed to use it in our own sites?
'automated signup' (Score:2, Interesting)
Free-mail woes (Score:2, Interesting)
The truth is accounts like Yahoo and Hotmail only exist to turn a profit for their owners. I know not everyone can get an e-mail address that they can use for personal means in any other way, but you have to accept what you are getting into when you open one of these accounts.
Personally, I have several e-mail accounts and only use my hotmail and yahoo for things like web page registration.
Re:Yahoo works, hotmail not (Score:2, Interesting)
Comment removed (Score:3, Interesting)
Re:Yahoo works, hotmail not (Score:1, Interesting)
I sent them a bitch-o-gram about this not too long ago, and you know what? They had their LEGAL department respond to me. I'm really beginning to wish that I had kept their response, but it was something along the lines of "the legal contract that you signed by clicking on when you signed up for your Hotmail account allows us to send you offers from the companies who are so gracious as to provide you with a free account with us."
I can understand the part about these companies providing free Hotmail accounts, but spamming your own customers? That is just plain f*cking STUPID. Needless to say, this provided me with enough motivation to switch all my email off of Hotmail despite my having been a Hotmail user before the MS buyout.
Good riddance Hotmail.
I failed the Turing test! (Score:5, Interesting)
I recently had to create an e-mail address that I could use for posting to a mailing list where the addresses are all public. I tried Hotmail first, and although I passed part 1 of their Turing test, the captcha test, I think I failed part 2: once I was all done filling in my personal information (retired female homemaker in Antarctica, born in 1891), I got some kind of mystifying error message saying something about my .NET account (which I don't have). I guess if I was human, I'd have been able to figure out what they meant.
Oh well, I passed Yahoo's captcha test, and they didn't have a part 2...
As a recipient of spam, I also don't see this having any benificial effects. I gets lots and lots of spam from hotmail.com and yahoo.com addresses. They're all forged headers, so it doesn't matter that Yahoo and Hotmail have botproofing -- the accounts I'm getting spam from aren't even real Yahoo and Hotmail accounts. It's great that they're trying to make sure they aren't spam havens (and of course it costs them money if spammers use their services), but I really think the whole e-mail infrastructure needs reworking in order to get rid of spam. Sending e-mail should cost some token amount of money, and there should also be some way of tossing out mail with forged headers (e.g., my mail client should be able to tell whether the cryptographic signature on an e-mail indicates that it really came from hotmail.com or yahoo.com).
Re:I run a small server with a few user accounts. (Score:3, Interesting)
It's been tried. But don't wait a week to try to find them; they tend to, um, move a lot. A prosecutor I talked to said they needed three PI's and several months to corner one who started a new corporation every week.
is this really new? (Score:2, Interesting)
they've used this for years elsewhere. for example, Major League Baseball's Online All Star Voting has used it ever since pudge stuffed the ballot box [boston.com] right before the 1999 game.
Re:Captcha killers (Score:4, Interesting)
NY Times article [nytimes.com]
Berkeley press release [berkeley.edu]
Computer vision pages (w/papers) [berkeley.edu]
Greg's page on breaking Gimpy [berkeley.edu]
Spam Arrest -- Patent Pending? (Score:2, Interesting)
They have patent pending on "calling back to verify a phone number" except it's email.
I would suggest avoiding this company's products and services.
Re:Why? (Score:4, Interesting)
It works with Outlook (not Outlook Express).
The coolest part is when you find an email that is spam, which it didn't catch (perhaps about 5% of the time), just click "Block" and it'll record that you blocked it on their servers, so anyone else receiving the same (or nearly similar, I think) email will have it blocked as well.
In other words, it's a community-driven spam blocker which works better the more people use it. And it already works very well.
Spam Tax (Score:5, Interesting)
This idea means licensing them so that they are properly registered, Meaning we know who they are and where they live.
Meaning that they can be billed for use of service, etc. and jail those not properly licensed.
Meaning that we can send bill collectors and tax collectors hunting after them.
The bottom line is that IF we can make it profitable to go after these guys, someone will make a business of it. We just go to figure a way how.
Then we get to use the scum of society, such as bill collectors and tax collectors, and turn them to some good, going after spammers.
And we can use the money collected to subsidise the cost of something useful.
Now Lessig has also proposed something similar to this:
http://www.cioinsight.com/article2/0,3959,533225,0 0.asp [cioinsight.com]
Which essentially means that there are more eyeballs to track the scum down. And a financial reward to do so.
The twist in my proposal is to mach spam have a cost even if sent "legally" - [lots of states have finance problems], and make the penalties truly painful if done illegally. I want to set my own fees for receiving spam
Re:Why? (Score:2, Interesting)
Having said that, I believe that prevention is better than the cure. Especially from a bandwidth point of view.
Re:Is spamarrest a joke? (Score:3, Interesting)
Like what that Spam Jerky said, it's a business. What's going to keep someone from creating an extensive/ultimate filter list/software, and offer a safe loophole for other Spam Jerkies to get by for an X amount of dough?
Re:Accessibility (Score:5, Interesting)
I wrote Yahoo about this problem just about a year ago, after
finding no explanation in their online help on about how
visually impaired users were supposed to use their service,
and this is what they had to say.
I kind of thought this sucked, that apparently the solution
is to wait for a human operator to read the feedback
form and phone you back. Surely someone can come up with
a better system.
=-=-=-=
Hello,
Thank you for writing to Yahoo! Account Services.
If you are a visually impaired or blind user, please fill out the
feedback form at:
http://add.yahoo.com/fast/help/us/edit/cgi_access
A customer care representative will call you back, to assist you with
registering for a Yahoo! account.
If we can be of further assistance, please let us know.
Thank you again for contacting Yahoo! Customer Care.
Regards,
Yahoo! Customer Care
For assistance with all Yahoo! services, please visit:
http://help.yahoo.com/
Re:Yahoo works, hotmail not (Score:4, Interesting)
This is simply not true.
I used to have a short email address (5 characters) @ hotmail. I got A LOT of spam. I closed the account and made a new one, which included my first name, middle name and last name. I only gave out the e-mail address to a few people, and I have NEVER received a single piece of spam through that account.
Spammers are using "brute force" to find e-mail addresses randomly. They send a test e-mail (or even the 1st spam) and remove the ones that bounced. Voilla, now they have a complete list of all e-mail addresses 6 characters or less.
Re:The /. posting title is misleading (Score:1, Interesting)
Re:CAPTCHA project (Score:3, Interesting)
I believe we have miscommunicated, and I apologize. What I meant to point out was that the code was so inacessible that professional Slashdot programmers had to start from scratch rather than use any of the 5 systems developed at CMU. This means that not only was it a little harder than "make install", but it would have taken more time to adapt the CMU code than it did to attack the problem independently from scratch. There really isn't any other answer to the question of why Slashdot spent months developing a home-brewed system that doesn't even come close to measuring up. I think we'd all agree that the Occam's Razor dictates this answer, since the only other possible alternative was that deep-seated hubris or other mental defects prevented them from using off-the-shelf software.
How about the CCD noise approach to spam? (Score:3, Interesting)
Then, when you get mail at your "real" account that mail is examined to see if it matches any of the mail received at the "fake" account.
This is sort of like the digital camera technique of taking a "picture" of the CCD image with the shutter closed after a long exposure, to get an idea of what just the noise from the CCD looks like so it can be subtracted from the image data collected.
Of course, I'm not sure how well it would work in practice or if you'd really get the same spam very opten in both accounts...
The only thing that needs to be done... (Score:3, Interesting)
As long as you spam me from a legitmate email address I can request that the ISP delete your account. If the ISP chooses not to do so, then I can block the whole damn domain guilt-free. If the ISP has a decent EULA they could sue their subscriber for breaking the terms of their agreement and use that money to pay their various postmasters to take care of spam complaints.
automated turing test (Score:3, Interesting)
maybe it's just my cognitive science degree making me touchy, but i'd prefer the term "automated coherence filter" or something(even "automated intelligence test" would be an improvement).
Forward your spam to UCE@FTC.GOV (Score:2, Interesting)
FTC Consumer Complaint form [ftc.gov]
It's that simple. Once the federal government starts to get half a million reports of spam a day, may be someone will realize that it's costing a lot of money to a lot of people and maybe Congress will act.
Re:Yahoo works, hotmail not (Score:2, Interesting)
Title and From (Score:3, Interesting)
Use a little imagination; it isn't necessary for a spam filter to immediately trash suspect mails. By default, all SpamAssassin does is TAG the emails in their subject lines and add a scoring report to the body. It suffices for me to have probable spams all collected together so that it is only one quick scan and a button click away from destruction.
Come to think of it, if my quick from/subject scan method doesn't suffice, that attached scoring report does. A mail with a score of 33 with a web bug is certainly bogus. I'll cheerfully trash that without reading the rest of the body and those reports can be quickly parsed as well. Not that I usually bother. Simply having your signal not interleaved with the probable noise is useful and SpamAssassin can certainly be trusted for that.
Spam-proof email client (Score:2, Interesting)
The idea is to have a buddy list in your email client, which is a list of all the people authorized to send you email. If one of those people sends you an email you simply get it.
If someone not on your list sends you an email, the mail client automagically sends them a reply explaining that they need to pass a test. That test could be one with a scrambled text image or whatever. Once they pass the test (replying to the email with the right answer) the email client tells you that a new buddy sent you an email, and if you want to permanently add them to your list.
The list could also contain wildcards to use when you expect to get an automated email (like a bill from a credit card company) but you don't know the exact email ahead of time.
It sounds like a good idea to me, I was wondering if anyone could think of reasons why this wouldn't work