|
Gmail's CAPTCHA may be blown |
|
Written by Brian Austin
|
|
Friday, 21 March 2008 |
 Could a rise in Spam originating from Gmail accounts indicate the nearing end of effective CAPTCHA scheme? The folks at IT world believe that to be the case. They attribute the rise to more sophisticated CAPTCHA busting algorithm which defeat Google's account creation scheme. While not perfect CAPTCHA is the main line of defense for most web based apps including user signup, blog and message board commenting, and query tools such as DNS lookup.
My view is that while CAPTCHA isn't perfect it still works most of the time. When applied along with a layered approach such as user/admin moderation the technique weeds out well over 95% of site Spam. Unfortunately this isn't a practical system for Gmail who I'd estimate receives thousands of new account creation requests per day. Ultimately email users can't rely on CAPTCHA to prevent Spam, especially from Google. Until a better Turing test can be developed folks will have to rely upon Bayesian filters, white lists and black holes for basic Spam management.
Rise in Gmail spam indicates more solved CAPTCHAs
Spam originating from Google's Gmail domain doubled last month, indicating that spammers are still defeating the CAPTCHA, the distorted text used as a security test to thwart mass registration of e-mail accounts and other Web site abuse.
Gmail spam went from 1.3 percent of all spam e-mail to 2.6 percent in February, according to data released by e-mail security vendor MessageLabs on Monday.
The new statistics are another nail in the coffin for CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
Powered by AkoComment 2.0 ( + SecureBot ) |
