EarthLink, the US ISP, provides its users with a number of spam blocking and filtering systems. One of these systems, deployed since 2003 or so, is called “Suspect Email Blocking” and is one of those tedious and ineffective “Challenge-Response” systems. They might have made sense once, but now they just send out their challenges to the third parties whose identity has been stolen by the spammers.
Since the spammers have been stealing my identity a LOT recently — and since Earthlink is failing to detect their emails as spam — I have received several hundred of these Challenge-Response emails 🙁 Effectively, EarthLink customers are dumping their spam filtering costs onto me.
Well I’m now mad as hell and not going to take it any more. So I’ve been responding to these challenges, and whenever possible I’ve been sending along a message that indicates the practical effect of the system. Of course this will mean that the spam will be delivered (and the forged email address will be whitelisted in future) which is hardly what is desired! Since this should be quite noticeable, if everyone was to spend a few minutes each day responding to the challenges then Challenge-Response systems would die out overnight! So please join in!!
Howver, responding is rather tedious (the idea, after all, is that the spammers won’t be able to afford to do it — though in practice they would be able to keep sending their more profitable spam by using labour from the Third World). To avoid this tedium I’ve been working on the automation of my responses. However, the EarthLink web page on which you respond contains a visual CAPTCHA — specifically so as to prevent automatic responses to the challenges. Nevertheless, I got a lot slicker at answering the questions when I wrote some Perl and put up a little Tk widget to collect the answer to the CAPTCHAs.
The idea was to move on to some fancy image processing since there’s been a lot of success at this (see here and here for starters)… However, that won’t be necessary. It turns out, nearly 300 challenges later, that EarthLink only have 31 CAPTCHAs in total… although since some turn up a great deal more more rarely than others, it may be that there’s a few more to be collected!
01 | 02 | 03 |
04 | 05 | 06 |
07 | 08 | 09 |
10 | 11 | 12 |
13 | 14 | 15 |
16 | 17 | 18 |
19 | 20 | 21 |
22 | 23 | 24 |
25 | 26 | 27 |
28 | 29 | 30 |
31 |
For rather more detail, and the current totals for each CAPTCHA (some have turned up nearly 30 times, some just once) please see the detailed account which I’ve placed on my own webspace.
By the way: If you’re an EarthLink user reading this — then please turn OFF “Suspect Email Blocking”! You’re just annoying everyone else 🙁
So now we have peer-to-peer spam filtering! No longer do ISPs have to make the blocking decision or carry the costs of filtering; they’ve shifted liability onto end users. Such a liability shift would only make sense if users were better placed to invest in spam defence than ISPs, which they clearly are not. ISPs are better placed to fight spam because they examine much more email than a user ever could and they have the authority to filter spam out in the first place.
So this technique creates an added inconvenience, transferring spam from the original recipient to the spoofed originator. The net effect on spam is nil (if you equate the original spam with Earthlink’s spam response). Though interestingly, enabling ‘Suspect Email Blocking’ makes sense to an individual Earthlink user since it diverts all of its spam over the Internet. Only with widespread adoption will the individual benefits of the blocking strategy diminish, as the Earthlink users begin receiving fake challenges from AOL, Hotmail, and Gmail users.
I am very happy to have learned of this blog, and want to thank you in advance for all the good things you will be treating us to.
Nicely spotted. 😉
I have a good SpamAssassin ruleset which blocks these — mail me if you’d like a link. It catches almost all of these mails. I still hand-confirm the ones that get past, of course, as a protest against the offensive cost-shifting that C/R represents.
Blocking the EarthLink Challenge-Response emails is hardly rocket science… and has been described in many places such as here. It is of course an EarthLink specific detection rule (useless on other systems) — and failing to accept these messages does nothing towards getting the EarthLink customers to turn them off! So although it would help me to block these messages, it does nothing to help the rest of the Internet. Which is where we came in!
While I applaud your vigilance I am appalled that you had time to capture 32 CAPCHTA’s from Earthlink.
Thank you for spending time the rest of us don’t have to discover this.
I’m appalled that EarthLink’s spam detection is such that they have now sent me 325 challenges in the period since the 20th December. If they knew it was spam, they would not challenge. Nevertheless, to an academic, time spent educating users [turn the system OFF!] can surely never be time that is wasted?