Closed Bug 506651 Opened 15 years ago Closed 15 years ago

"Challenge-response" spam filtering

Categories

(Thunderbird :: General, enhancement)

Product:
Thunderbird
Component:
General
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: cantalou.thunderbird, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
Build Identifier: version 2.0.0.22 (20090605)

Thunderbird uses algorithms to get rid of spam as explained in Bug #228674: https://bugzilla.mozilla.org/show_bug.cgi?id=228674
Algorithms may filter or not correctly email.

To treat spam, my company uses MailInBlack: http://www.mailinblack.com
It is really accurate.

Enhancement request about Thunderbird spam screening process:

1. When an email is incoming, Thunderbird download email header only to win time.
2. Thunderbird checks based on email header info in the address Book if the sender is "whitelisted".
3.a If the sender is "whitelisted", then Thunderbird download the complete email based on email account preferences.
3.b If sender is not listed in address Book then Thunderbird send back an email with a captcha requesting sender authorization.
http://en.wikipedia.org/wiki/Captcha

4. As long as the sender did not reply to the captcha, email header remains in a sub-folder of Junk mail called "Waiting for authorization"
Thunderbird user can directly authorize or blacklist a sender within this "Waiting for authorization" folder" and/or donwload the complete email.
After 7 or whatever days, emails without authorization are moved to Junk Mail folder and sender is blacklisted.
If the user send back a mail with correct answer to the captcha, then complete email is download to InBox folder.

Issue:
1. This process increase the overall number of email travelling on Internet because of Spam.
Each spam coming from an address not in Thunderbird address Book, would get an authorization request email.
So somehow, Thunderbird would create double spam by returning an email.
2. Spam mail frequently steal email address.
This solution implies that Thunderbird recognize steal address from the address book.
And we're back to algorithms.
3. Captcha is not 100% sure
But time/cost for spammers to crack all authorizations captcha coming back would probably make it virtually impossible for spam email to reach Thunderbird user Inbox.

Did Thunderbird development team already thinks about such a solution using authorization through Captcha? or any other Authentication process: http://en.wikipedia.org/wiki/Authentication

Reproducible: Always
See bug 265226.

Implementing a captcha would double the traffic of emails you would send back most of it would end up in on existing emails.

Captcah are easily crackable these days - it would just require spammer more cpu power.

to reduce the amount of spam the best thing is to implement things server side.

Tempting for a wontfix. Hope above explainations are clear.
(In reply to comment #1)
> 
> to reduce the amount of spam the best thing is to implement things server side.
> 

While I agree with that statement, still the implementation of a captcha-based local approach would make a huge difference, it's just really annoying so I would never encourage its use. The fact that other methods also work does not invalidate this request. Still, I can't imagine this being part of the stock TB product. It should really be in an extension.

It would be nice if we had some method to validate requests like this, but encourage their implementation in an extension. The extension might need some core hooks to work cleanly, which I'm sure we would be willing to incorporate.
> Did Thunderbird development team already thinks about such a solution using
> authorization through Captcha? or any other Authentication process:
> http://en.wikipedia.org/wiki/Authentication

The proper term for your proposal would be "Challenge-response" spam filtering:
<http://en.wikipedia.org/wiki/Challenge-response_spam_filtering>.

To reiterate what Ludovic said, this is not a terribly effective way to eliminate spam; the biggest problem of spam is its sheer volume, which this would magnify.

For similar reasons as the previous two comments, I also recommend WONTFIX, although this does sound like a useful extension (there is no extension on addons.mozilla.org that I could find...).
Per discussion over IRC with a Thunderbird driver, this is WONTFIX.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
Summary: Spam: Authenticating mail sender → "Challenge-response" spam filtering
You need to log in before you can comment on or make changes to this bug.