Validation Code Image use by spammers
Wed, 2006-10-25 04:14 — peterpaulwinter
The complaint system depends on automatic submission of complaints through the spammers' order/response form.
If the spammer uses a 'Validation Code Image' (see below) for his response form, how could the complaint script still be successful? Would not the whole Okopipi approach be defeated? It seems to be an obvious countermeasure by spammers, once Okopipi starts being successful.
I have not found any discussion on this topic, so I wonder how the proposed software is going to deal with this problem.
----
Validation Code Image examples:
http://www.dmxzone.com/ShowDetail.asp?NewsId=6509
https://edit.yahoo.com/config/eval_register
Similar entries
Poll
Do you think Blue Frog was the best or Black Frog is or is going to be better ?
Blue Frog was better
44%
Balck frog is better or is going to be better
56%
Total votes: 73
Recent comments
- Re: Cash Till Payday Loans: Money Your Pocket Right Away
1 week 2 days ago - Re: Knujon.com
1 week 4 days ago - Re: Upside Down Car Loans
2 weeks 5 days ago - Re: Cash Till Payday Loans: Money Your Pocket Right Away
3 weeks 11 hours ago - Re: SPAM SOFTWARE I JUST FOUND
3 weeks 1 day ago - Re: Fighting SPAM, PHISHING and INTERNET FRAUD
3 weeks 3 days ago - To be a winner....
3 weeks 3 days ago - Re: Myers Briggs Personality Test
5 weeks 8 hours ago - Re: Mortgage Loan Refinance, Refinancing Mortgage Loans, Mortgag
5 weeks 4 days ago - Re: BLACK FROG
5 weeks 6 days ago
Syndicate
not a dramatic problem
This wasn't a problem that Blue Security ran into, even as they grew. It may seem like an obvious countermeasure, but spammers don't *want* to employ countermeasures like that if they can possibly avoid it... CAPTCHAs weed out paying clients, also.
I suggest crossing that bridge when we come to it.
It might not be the first countermeasure that spammers use by a long shot; it makes more sense to react to countermeasures in order as they gain prominence. The simplest countermeasure (as Blue Security found) is for spammers to simply clean their lists.
If it does come up, we could work out a system where Okopipi users can volunteer to enter a set of, say, 25 CAPTCHAs when they have a spare minute -- this would open a screen in the client that pulls down CAPTCHAs from a set of sites that require it, the user enters the text, and the submission proceeds. A tad more work, but technologically feasible (sort of the Mechanical Turk approach) once we have a sufficiently large user base.
CAPTCHAs
These code images are called CAPTCHAs ( http://en.wikipedia.org/wiki/Captcha ). We have discussed this, but it was quite some time ago.
In that discussion people mentioned that there are two kinds of CAPTCHA, the easy ones and the difficult ones. Spammers probably have to use the easy ones, otherwise they'll lose too many customers. That's because even with the easy ones there are many people who have great difficulty getting past them.
The easy CAPTCHAs can be decoded automatically. We can add this functionality to Okopipi if we find that it's needed.
There will be a kind of arms race, with spammers refining ways to outsmart Okopipi and us refining ways to outsmart the spammers.
The CPU cost for generating
The CPU cost for generating hundreds of verification images per second would bring the webserver to a halt anyway.
Plus spammers will start to use DoS protection scripts that just change the website content when it comes under attack.
--
PharmaMaster is a jerk. Regulation of the internet prevents the majority (angry users) from kicking the arse of the minority (millionaire spammers).