I recently discovered that some spam was being sent with my address as the return address–the bounces were coming to me.
Other than pissing me off, I wasn’t sure what those smegma-sucking spamming scumbags hoped to accomplish by doing this. Now I have an idea: it may be to undermine challenge-response spam-blocking systems.
These challenge-response systems are a klunky way of dealing with spam: if Alice sends Bob an e-mail, and she’s not on Bob’s whitelist, the system sends Alice an automated response asking her to visit a web page and prove that she’s a real human being worthy of Bob’s valuable attention. This usually involves looking at a graphic showing distorted text, and typing the text into a box.
Even if this all works according to plan (and there are plenty of reasons why it might not), it’s very annoying. But as soon as spammers start sending out e-mail purporting to come from real people, it really goes to hell:
- If I am already whitelisted with a C/R service, the spam gets a free pass.
- If I am not already whitelisted with a C/R service, the challenge comes to me. Maybe I’ll respond correctly, in which case the spam gets a free pass
- Or maybe I won’t respond, or (acting mischievously or perversely) respond incorrectly, in which case the spam is blocked, but so is any e-mail I might want to send to any person using that system in the future.