Spam in my name and challenge-response

I recently discovered that some spam was being sent with my address as the return address–the bounces were coming to me.

Other than pissing me off, I wasn’t sure what those smegma-sucking spamming scumbags hoped to accomplish by doing this. Now I have an idea: it may be to undermine challenge-response spam-blocking systems.

These challenge-response systems are a klunky way of dealing with spam: if Alice sends Bob an e-mail, and she’s not on Bob’s whitelist, the system sends Alice an automated response asking her to visit a web page and prove that she’s a real human being worthy of Bob’s valuable attention. This usually involves looking at a graphic showing distorted text, and typing the text into a box.

Even if this all works according to plan (and there are plenty of reasons why it might not), it’s very annoying. But as soon as spammers start sending out e-mail purporting to come from real people, it really goes to hell:

  • If I am already whitelisted with a C/R service, the spam gets a free pass.
  • If I am not already whitelisted with a C/R service, the challenge comes to me. Maybe I’ll respond correctly, in which case the spam gets a free pass
  • Or maybe I won’t respond, or (acting mischievously or perversely) respond incorrectly, in which case the spam is blocked, but so is any e-mail I might want to send to any person using that system in the future.

1 thought on “Spam in my name and challenge-response”

  1. This has been happening to an old email address of mine as well. I hadn’t really thought much about it other than a casual ‘this sucks’… I guess now I have to bump it up to ‘this really sucks’.

Comments are closed.