|
A challenge–response (or C/R) system is a type of spam filter that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. In this reply, the sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to be performed is typically one that * can be performed once relatively effortlessly, but * needs great effort if performed in large numbers, in this way effectively filtering out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically whitelisted. ==The challenge in challenge–response systems== C/R systems attempt to provide challenges that can be fulfilled easily for legitimate senders and non-easily for spammers. Two characteristics that differ between legitimate senders and spammers are exploited in order to achieve this goal: * Legitimate senders have a valid return address, while spammers usually forge a return address. This means that most spammers won't get the challenge, making them automatically fail any required action. * Spammers send e-mail in large quantities and have to perform challenging actions in large numbers, while legitimate senders have to perform it at most once for every new e-mail contact. Listed below are examples of challenges that are or could be used to exploit these differences: * Simply sending an (unmodified) reply to the challenging message. * A challenge that includes a web URL, which can be loaded in an appropriate web browsing tool to respond to the challenge, so simply clicking on the link is sufficient to respond to the challenge. * A challenge requiring reading natural language instructions on how to reply, with the inclusion of a special string or pass-code in the reply. For example, converting a date string (such as 'Thu Jan 12 08:45:44 2012') into its corresponding timestamp (1326379544). Other Turing Test approaches include a simple problem, or answering a simple question about the text or the recipient. * Systems can attempt to produce challenges for which auto response is very difficult, or even an unsolved Artificial Intelligence problem. One example (also found in many web sites) is a "CAPTCHA" test in which the sender is required to view an image containing a word or phrase and respond with that word or phrase in text. Nowadays C/R systems are not used widely enough to make spammers bother to (automatically) respond to challenges. Therefore C/R systems generally just rely on a simple challenge that would be made more complicated if spammers ever build such automated responders. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Challenge–response spam filtering」の詳細全文を読む スポンサード リンク
|