Educate me. I don't know of any such system

For starters, this would be a nice improvement across the board.

SPF: Sender Policy Framework
[openspf.org...]

IMO, it misses a few critical elements that I proposed when I was in the email industry in the early 90s, but that's all water under the bridge, you have to start somewhere and SPF is a step in the right direction.

From what I've read here, it appears that people assume the CAPTCHA is images with distored text. This is not true, this is only one poor implementation of CAPTCHA. There are many other much more effective methods available, and some which are 100% accessible too.

As someone already mentioned, asking a random question in plain text does the job perfectly well [ goog 'free contact form'! for scripts ].

But this still only defends against automated spam bots. There will always be an army of human spammers there.... and for that there is no reasonable solution, only ways to make it harder for them.

I very much enjoyed all your comments.

I was not talking about administrative, or end-user spam solutions. I was not talking about how one technology, solution, method, or enforcement was any better then an other.

I simply pointed out the potential ironic nature of the developement of character recognition to be built into anti-spam software to be then used for CAPTCHA defeat by other type of spammers.

I simply pointed out the potential ironic nature of the developement of character recognition to be built into anti-spam software to be then used for CAPTCHA defeat by other type of spammers.

You have a very narrow definition of CAPTCHA.

The following are CAPTCHA's as well:

1. Picture of something, let's use a tree as an example, with a multiple choice answer "a) Dog, B) Tree, C) Frog". You'll need a bit more technology than character recognition to bypass this one.

2. A math question such as "What's 10+6?" and you type in the answer.

3. A javascript challenge "Enable Javascript and CLICK HERE to continue".

4. An automatic javascript redirect, which doesn't even bother the end user, as everyone running javascript will be redirected past the CAPTCHA page automatically.

5. A random question with simple answers such as "What color is the sky?"

The best solution is a random application of the various types of CAPTCHA's so the odds of them all being bypassed at any given time is fairly minimal at the moment.

I do not disagree that my definition is narrow, but just as my definition is narrow - so is the implementation of what you described.

Most (all that I have seen) will implement one, at best - two of the above listed CAPTCHA solutions.

If you don't have at least an SPF record, there is a good chance that up to 50% or more of your mail is not being received

If that's the case, it's because the recipients aren't following the protocol. Mail from domains without any SPF record should be delivered, because most domains don't have one. In other words, can't fix stupid.

In other words, can't fix stupid

or intolerant, overzealous admins grasping at straws.

you know, the same ones who burst a blood vessel over top posting.

spf is bad, broken and stupid.

burst a blood vessel over top posting

hehe, yeah. But I think don't think SPF is stupid. I think it's good for preventing forgery. Unfortunately, it doesn't stop spam.

the potential ironic nature of the developement of character recognition to be built into anti-spam software to be then used for CAPTCHA defeat by other type of spammers.

This is already done though, the images sent by spammers in an e-mail are going to be easily read by either a human or a bot. Any character recognition ability built into spam filters will be far less than what is already in use. Just as an example the image captcha for phpbb2 has a 98% failure against the most common software used to defeat captcha's.

It's easily defeated for a variety of reasons but it's not something that would be very practical if your intent is to send spam in an e-mail that you want read.

as others mentioned already, gmail catches the image spam pretty successfully. can anyone point me to any info about which methods they use?

can anyone point me to any info about which methods they use?

Google are unlikely to publish this information - spammers could use it to bypass the filters.

I wouldn't publish the intimate details of my spam filtering methods either. Sorry! :-(

A good collection of esotheric comments.

plumsauce wrote:

spf is bad, broken and stupid

Would you be kind and elucidate?