funsec mailing list archives

Evading antispam captchas

From: Drsolly <drsollyp () drsolly com>
Date: Thu, 11 May 2006 15:31:33 +0100 (BST)

I don't know if they're doing this on purpose, but here's the thing.

I get an email from someone "To control spam I only allow ...", and I have 
to click on a link which leads to a captcha, and I read the hard-to-read 
characters and type them in.

All of this is pretty much done on automatic pilot.

And I get a message back saying that my email will now be delivered, as 
will all subsequent emails from me. 

At that point, I notice that the from-name isn't mine. It's Paula Mayo.
And the to-name isn't anyone I know.

So, I guess that I've now opened the floodgates of spam to some poor user.


And then I thought a bit more. 

If you wanted to tempt people to visit a web site to drive-by them, this 
would be a good way to do it (I'm not too worried that this will happen to 
me, I run Linux).


I still think that the only way to beat spam will be the Penny Post.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Bizarre Story of the Day: Why Faking Fingerprints with Toe Prints is a Bad Idea Fergie (May 09)
- Re: Bizarre Story of the Day: Why Faking Fingerprints with Toe Prints is a Bad Idea Dude VanWinkle (May 10)
  - Re: Bizarre Story of the Day: Why Faking Fingerprints with Toe Prints is a Bad Idea Ron (May 11)
    - Re: Bizarre Story of the Day: Why Faking Fingerprints with Toe Prints is a Bad Idea James Kehl (May 11)
    - Re: Bizarre Story of the Day: Why Faking Fingerprints with Toe Prints is a Bad Idea Drsolly (May 11)
    - Evading antispam captchas Drsolly (May 11)
    - Re: Evading antispam captchas Blue Boar (May 11)