, 2006-05-30
Kelly Martin takes a step back from e-mail's unstoppable phishing-virus-spam epidemic and imagines a world where secure e-mail could be the next big killer app.
Expand all |
Post comment
Rubbish! What are the probIem ISSUES ????
2006-05-31
Dom De Vitto (1 replies)
Dom De Vitto (1 replies)
Re: Rubbish! What are the probIem ISSUES ????
2006-06-01
Jeff H (1 replies)
Jeff H (1 replies)
Re: Re: Rubbish! What are the probIem ISSUES ????
2006-06-01
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Re: Rubbish! What are the probIem ISSUES ????
2006-06-06
Jeff H (1 replies)
Jeff H (1 replies)
Um, I Have Your Solution
2006-06-01
Reynolds Kosloskey (3 replies)
Reynolds Kosloskey (3 replies)
I for one receive emails from an automated scripts that cannot be replied to, yet it is imperative that I receive these emails. An example that comes to mind is from the University I attend. We receive important notices about our financial aid, bills, classes, and other things exclusively through email (without other options), these email often cannot be replied to so challenge response probably wouldn't work. It sounds like one would have to know what these addresses are and preprogram them into this type of challenge/response system, but how is one to know the addresses of all these systems before receiving the emails in the first place?
Further, if this technology really caught on, I almost guarantee that some savvy spammer would create a spam system that incorporated auto responses to these challenges. Just look at CAPTCHA (the images of letters and numbers that you have to type in a box to prove you're a human). At first these were simple boxes with words in them that were very simple to read. But those were too easy to design algorithms to break them. Now look what they've become. It is not that uncommon that I come across one that I can't read myself. Likely the same would happen with email challenge-responses, but when does it become so much of a hassel that people won't put up with it anymore?
Here's another problem. You and I have never emailed each other, and you want to email me. So you do, but we both have challenge response systems setup. Well, I won't receive your email because it will be held until you answer a challenge that my system has sent out. But you never receive my challenge because your c/r system doesn't recognize my address so it just sends a challenge back, which prompts a new challenge from my system... and so on. Of course, maybe this can be prevented by automatically adding addresses to the safe list when you send an email to them, but I have a hard time believing that this type of a challenge response system would be effective and solve the problems with our current email system.
In the end, if mass adopted, I think this type of challenge response system would just end up being extra work for those who have to respond to these things all the time, and only a slight inconvenience to the spammers and other bad guys...
In the meantime, however, it does sound like it might be a viable solution for at least the small number of users who currently employ it.
By the way, in trying to submit this message, I entered a third incorrect response for the morning to the CAPTCHA below. I swear I thought I knew what it said!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/404/33798#33798