Tuesday, May 06, 2008

harnessing the power of spam

one of the things i really like is the concept of using the bad guy's tactics against them... i enjoy the subtle irony, so when dmitry chan mentioned the possibility of harnessing the power of spam over on the securiteam blog my creative juices started to flow... i thought i'd share the idea i came up with if for no other reason than because i think it's kind of funny...

the idea is that you use spam emails in CAPTCHAs... if you can pick the ham out of the spam then you pass the test... as the bad guys make advances to beat such spam-based CAPTCHA systems, we use their advances in our spam filters and remove the now detectable spams from the spam-based CAPTCHA so that the bad guys have to keep advancing the art of spam detection in order to bust the CAPTCHAs that stand between them and the ability to produce more spam...

this may well not be workable in practice (i imagine it may simply get too hard for real people to identify the ham) but it's still fun to imagine spammers working against themselves (or more likely against each other since it offers them a new way to compete against each other)...

2 comments:

cdman83 said...

It's an interesting idea, however there are at least two problems with it (IMHO):

- as you pointed out, somebody's spam might be an other people's ham (it is hard to categorize the "gray" emails like newsletters - and this is the same area anti-spam products have the most difficulty to)
- the second (and IMHO bigger) problem is that not many people are willing to make their email public (which this method would require as I understand it). Even if information like sender and receiver would to be masked, there is still plenty of possibility for private information to be divulged in the body of the email.

On a sidenote: reCaptcah does something similar: they use captcha solving to OCR old books. Every problematic word (for which the OCR engine doesn't have a high confidence level) is distributed as a captcha (together with a known word, so that you can verify at least partially if the answer is correct. Also it requires multiple coinciding solutions to accept a word.

kurt wismer said...

only 2 problems? i kinda expected more...

part of me isn't really expecting it to work... i shared it more for the entertainment value...

that said, if someone does make it work, that would be awesome...