Consequences of  'Spammers, porn and accessibility'

by Karel Thönissen

Matt May wrote a nice blog entry about the use of captchas against spam. Captchas are little tests often found at the end of a web form that are hard for computers and easy for man. Usually they are visual puzzles. These little Turing-tests should make it difficult that spam bots can automatically gain access to resources such as news groups, mail lists, etc. A good idea until the spammers catch up.

The example he provides is so funny, it must be true. Spammers automatically fill in the web form for the resource they want access to, and redirect the captcha to free porn sites. So the visitor of the pron site solves the puzzle in return for free entry. The answer from the porn site visitor is then used by the spammer to obtain the access that they wanted in the other system. It is free-trading pleasure for a little of one's time.

By the same mechanism the initiative from Microsoft as launched by BillG recently will ultimately fail. Gates proposed that if one receives an email from an unknown sender, the email is suspended and a challenge is sent back to the original sender. That challenge is a hard cryptographic puzzle that takes a few seconds to solve on the sender's computer. If the reply to the puzzle is not received within reasonable time, then the original message is dropped, otherwise it is passed on to the user. The idea behind this protocol is that a spammer sending out millions of spam messages a day will get so many cryptographic challenges, that there are not enough seconds in the day to solve them all without buying a lot of additional expensive hardware. The problem is of course that the challenges can also be redirected to free porn site visitors' computers. Paying a few seconds of cpu-time for free access is probably in most visitor's view a fair deal.

The only solution a real hard money. True euros. Sending email should cost hard cash like snail mail requires hard cash for the stamp. Sending out millions of spam messages is possible but very costly. Redirection to free porn sites is also possible, except that these sites then will no longer be free.