homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

Using "CAPTCHA" against spammers.
Check this crazy idea I had.

 5:44 pm on Dec 6, 2006 (gmt 0)

When I started to read this:

I thought it was about an idea I've had, and it's about implementing a captcha on the smtp servers to receive email. Of course this have some cons.

It goes like this:
John Doe wants to send an email, he is using Outlook, Eudora or Thunderbird, whatever, all email clients should be prepared to handle the captcha request (First con).
When an email is sent the receiving server sends a capcha (a gif content-type) to the sending server, which in turns send it to the client and the client present it to the user. Then the user needs to decipher the captcha in a textbox, hit send, and it is send all the way back. Thus, confirming it is a human generated email, not automated.

When Joe Spammer uses his massive email too, he will have to respond to every captcha is returned, otherwise email will never arrive.

Now, how to deal with legal massive emails? Easy: whitelist.
If I want my CNN alerts to arrive, or my Google notification, or whatever, all I need to to is to whitelist this address by mailbox.

Hard to implement? Yes.
Hard to beat? A lot.
Am I crazy? May be.



 9:43 pm on Dec 6, 2006 (gmt 0)

Well...that would do it (at least until CAPTCHA can be read with OCR), but it makes my head ache to think about all the complications of implementing systems like that. Not to mention the security problems that are sure to arise from Micro - er, some companies' implementation of accepting the return CAPTCHA images.

In fact, what's to stop spammers from sending CAPTCHA "confirmation" images en masse with the simple idea of getting busy people to confirm their e-mail addresses by completing the CAPTCHA for e-mails they never sent?

Overall, I see this as an effective solution, but one that would likely kill legitimate newsletters and require too much effort on the part of Joe User to continue sending much e-mail. (Not that it would hurt any of us to give up e-mail and get out in the sun a little more.... :) )


 5:47 am on Dec 7, 2006 (gmt 0)

I don't think it needs to be implemented in client software. SMTP can already return message queue IDs, in this case it would return e.g.
CAPTCHA-PATH: captureprovider/ha/2006/12/14n43234l3k4jjj

If the client developer had decided to implement CAPTCHA support then the client could parse that and display etc.

The SMTP server could also email a CAPTCHA-Response-Required email in a standard format to the return address. A CAPTHA-enabled email client can happily auto-delete the message - general clients however would display it and the text would ask the user to click a link and pass CAPTCHA there.

Alternatively, emailing the CAPTCHA image as an attachment and then accepting the response via return email would allow those without a webbrowser to complete validation.

A link to an audio version should also be included for those who can't see the CAPTCHA properly.


 12:35 pm on Dec 7, 2006 (gmt 0)

I heard the spammers are too clever now, they are even outsourcing their captcha need (http://www.eukhost.com/forums/showthread.php?t=891) Its too much now. -(


 12:42 pm on Dec 7, 2006 (gmt 0)

Are you suggesting I authenticate every email address that sends an email to me?


'Then the user needs to decipher the captcha in a textbox, hit send, and it is send all the way back. Thus, confirming it is a human generated email, not automated.'

How does that confirm it's a originally a human email, it just confirms I think it is a human email?

Sorry think I'm missing something here?


 3:25 pm on Dec 7, 2006 (gmt 0)

johnblack, the way I read it was that when you send an email you will have to complete a CAPTCHA to show that you are a human.


 3:02 am on Dec 8, 2006 (gmt 0)

I like the idea. Maybe some sort of fast and safe way to verify the images. Say someone sends an e-mail and instantaneously an image appears from the server and he just has to type whatever is in it and send it along with the e-mail. It'd have to be some simple text because I'd hate e-mails to be bouncing back and forth because I can't read those darn letters... On the other hand, we shouldn't be doing any more work just because of those spammers. I suggest better law enforcement against them...


 12:15 pm on Dec 8, 2006 (gmt 0)

Hold on, hold on ...

It's a neat idea - but variations of 'confirm you're a human' have been used by email filtering systems since 1998.

They work, but they are cumbersome, and can put off some genuine mailers who feel insulted by being asked to get whitelisted.

The future is in filters, which really are amazingly effective and reliable these days.

I virtually never get 'white' mail blacklisted, and rarely get more than single figures of spam in my inbox - some is inevitable, as spammers change methods, and filtering systems can only learn by feedback.


 1:05 pm on Dec 8, 2006 (gmt 0)

Sounds like a great idea - at first first. A lot of problems though:

- Blind people could not send emails any more.

- No more newsletters.

- You would also not be able to send carbon copies without problems. So if you want to send a birthday invitation to all your friends you would have to sit down and type in captchas for one hour.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved