Re: [exim] Anti Phishing Trick

Matthew Byng-Maddick wrote:
>
> Quite apart from the bogus nature of most of this post and a lack of
> understanding of how the system as a whole works, it seems to me that
> you're missing a crucial bit of info in understanding how spammers deal
> with those fun OCR fonts.
>
> (hint, it's designed for humans to solve, so get humans to solve it for
> you...)
> (hint 2, humans like porn...)
> (hint 3, nothing ties the OCR to the agent viewing that page...)

I'm on your side on this one, Matthew, but I fear that you're setting up
a straw man for the other side here. The "pass the captcha on to
willing humans via a promise of free porn" scenario is purely
theoretical at this point, as far as I'm aware. I've yet to see any
evidence that spammers are actually doing it to get through a C/R type
system. I truly doubt that will ever happen, because a> C/R is rare,
due to the fact that most of the educated mail admin world is aware of
how broken and harmful it is, and b> there's so damn much low hanging
fruit for the spammers to hit, they have no need to go after the harder
addresses to deliver to.

So, in a nutshell, I think that we must concede that on today's
internet, C/R with a captcha does indeed work pretty well for its stated
aim of passing the bulk of a server's spam problem off to other people.
That doesn't change the fact that it's still broken, harmful to the
internet at large, and aggressively rude to innocent third parties, though.

- Marc