All the Perl that's Practical to Extract and Report

Then t' ducks 'll come an' ate up t' worms

nicholas on 2003-07-04T13:33:20

I'm not the first to say this, and I won't be the last

Challenge-response systems suck

In the good old days, if someone wrote a worm for Windows that sends a mail to a third party address with an envelope faked as if I sent it then one of two things could happen:

  1. It is delivered to that address - I see nothing
  2. It fails to reach that address, and I see a bounce.
Count that carefully - at most, one worm mail generates one message to me.

Enter challenge response systems. This is the third message I have had asking to confirm the message that "I" sent:

Date: Thu, 03 Jul 2003 19:02:30 -0700
From: Xxxxxxx Xxxxxxxx
X-MB-Message-Source: MailblocksSystem
X-MB-Message-Type: ChallengeReminder
Subject: Re: Re: Movie [Reminder]
To: nick@flirble.org


Final Reminder:

You have sent email to my Mailblocks spam-free email service.
Because you have not yet confirmed yourself, your messages still
have not been delivered.

It's simple. To prove your message comes from a human and not a
computer, go to:
http://app2.mailblocks.com/confirm2.aspx?ckC=1GbpxGY3JXAkBBauNWQrZGasJXbiUGbuJ3unx2rcw**

Here is a list of the email messages you have sent that are in my
Pending folder waiting for your quick authentication:

Sent: Deletion Time: Subject:
---------------- --------------- -----------------------------
Jun 26, 06:58 PM Jul 10, 06:58 PM Re: Movie


Please note if you have not confirmed by the deletion times shown
above, your messages will automatically be deleted.

-----
Email for Humans... Mailblocks
Try Mailblocks web-based personal email -- faster, cleaner interface, more
storage, bigger attachments, and 100% spam-free. http://about.mailblocks.com/?src=email7day

(c) 2003 Mailblocks Inc. All rights reserved.

Notice how I can't shut them up even I want to - there is no link to click to say "forget it, this wasn't me". I've been quite tempted to click on that link to let the message through - after all, in the short term, I lose nothing by doing that, but gain silence. Maybe there is a good use for all these Windows worms - I hope that all these challenge-response store systems are suffocating under the weight of SOBIG and Klez, and we soon will be rid of them.

There's only one way to deal with them...

pdcawley on 2003-07-04T20:21:24

Filter all challenge/reponse messages that are addressed to your 'real' mailboxes into the trash. Read, and respond to all the ones sent to invalid addresses, certifying that whatever got sent wasn't spam.

If enough people do this, eventually we'll see such fuckwitted systems dying out.

Now, all we need is for the DNS based 'only these hosts have authority to send mail from this domain' spam stop thing to gain traction...

Re:There's only one way to deal with them...

sheriff_p on 2003-07-07T10:13:52

Which would be SPF:

http://spf.pobox.com/

Re:There's only one way to deal with them...

pdcawley on 2003-07-08T23:43:49

That's the name I was looking for.

Re:There's only one way to deal with them...

nicholas on 2003-07-10T12:18:22

such fuckwitted systems

I've just received another from someone else, thanks to SOBIG.E. This challenge wants me to respond with a reply to an e-mail address. Helpfully it's set the Reply-To to that address. That way lies madness - if the faked from address had not been me, but that of any autoresponder, then the challenge will be met, and the orginal unwanted message will get through. Then again, it's not my problem if the C/R luser gets the infected message sent to him/her/it.