Richard Clayton, February 2006
EarthLink, the US ISP, provides its users with a number of spam blocking and filtering systems. One of these systems, deployed since 2003 or so, is a so-called "Challenge-Response" system.
EarthLink's web pages provide full details of the system, but to summarize:
The default spam blocking system for EarthLink users is called "Known Spam Blocking" and involves placing spam into a special folder. Up to 500 messages will be preserved, with old ones deleted automatically. A second system, which is off by default, is called "Suspect Email Blocking" and for all the email that the "Known Spam" system didn't block then, if the (purported) sender is not in the user's address book, a challenge email is sent.
These systems are used not only by "earthlink.com" users but also by the users of "mindspring.com", "ix.netcom.com", "supernet.com" and many other brands as well.
Unless you're in the habit of writing to random strangers who use EarthLink as their ISP, then the first you will learn of these systems is when a spammer borrows your identity and sends their junk to an EarthLink user who has enabled the "Suspect Email Blocking" system. Assuming that the spam isn't detected by EarthLink's filters (and they do seem to miss quite a lot) then your in-box will receive an email rather like this one (with the names changed to protect the guilty):
Return-Path: <spamblocker-challenge AT bounce.earthlink.net> From: example AT earthlink.net Date: Thu, 2 Feb 2006 11:04:53 -0500 (EST) Subject: Re: Re: Get your viagra here Reply-to: nobody AT earthlink.net Errors-to: nobody AT earthlink.net Precedence: auto_reply To: "Fred Person" <person AT example.com> I apologize for this automatic reply to your email. To control spam, I now allow incoming messages only from senders I have approved beforehand. If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience. Click the link below to fill out the request: https://webmail.pas.earthlink.net/wam/addme?a=example AT earthlink.net&id=etc
Should you decide not to ignore the challenge, you have received then following the https:// link from within the email leads to a page like this:
If you then fill in this page -- because you refuse to let strangers dump their spam filtering costs onto you -- then the EarthLink user will receive an email along these lines (I expect it's pretty HTML, but I don't have a copy to hand, since I'm not an EarthLink user):
From: spamBlocker AT earthlink.net Sent: Feb 2, 2006 11:50 AM To: example AT earthlink.net Subject: Allowed Sender Request from "Fred Person" AllowedSenderMessage DeletionDays="14" E-mailAddresses="person AT example.com" FirstName="Fred" LastName="Person" Message="Your tedious challenge-response system sends junk to me whenever you receive spam. Turn it off!" MessageParms="&fromDisplay=Fred+Person+" MessageUidl="1f4GX37cN3Nl34j1" Subject="Re: Get your viagra here"
As you can see from this email, there's a limitation in what you can say in 100 characters, but I try and do my best to express the problem that I perceive! I've had a couple of (short) interchanges with EarthLink users as to whether they propose to take my advice. Those who have written have declined -- exploiting some limited, albeit direct, vocabulary in doing so. I like to think that the several hundred others (I have received a LOT of these challenge responses) who have not shared their thoughts with me have seen the error of their ways.
Automating the response
Now of course, visiting the website and typing in my words of advice gets very boring and time-consuming (that's why challenge-response proponents think these systems are effective, although they're wrong). Hence, I decided to automate my responses by creating a small Perl script to process the emails (exported from my email client in Berkeley mailbox format).
The difficulty with automating the challenge responses is (intentionally by EarthLink) the need to transfer the text from the "CAPTCHA" image into the POST response. The Perl script does this by asking for help from a human (me) by means of a little Tk request window:
My aim was to develop some image processing to take the human (me) out of the loop. However, it currently looks as if this will be a waste of effort because, despite my having fetched nearly 300 of them, EarthLink currently appear to only have 31 distinct CAPTCHA images:
These challenges do not appear randomly. At present (early February 2006) the distribution of the 293 challenges I have been able to respond to looks like this:
29, TZSLK 26, VPXMN 21, VMPZR 20, XBXRH 20, VHKZR 19, VXPBV 19, TVNST 16, VTKPP 15, XHTFS 14, TSKXS 11, TNVKP 10, XSPNV 9, XXNLN 9, TMLZL 9, THPNZ 8, XMVVP 8, SPXRZ 7, SXMVZ 4, ZPNBT 4, SSXTH 3, ZLHLT 3, RXBBS 2, ZVZRT 2, ZFLKK 2, SLRPR 2, BBHZZ 1, PTHTN
There were also 24 other occasions when I received a challenge, but the EarthLink site reported that it was "too late" to respond :-(
Note that graphing the distribution gives an almost straight line -- which ought to give a hint about the way EarthLink decides (or messes up trying to decide) which challenge to issue.
Here's the Perl script I developed. It is provided AS IS without instructions or any guarantees whatsoever that it will do what you wish. If you cannot work out how to run it without my help then it is NOT for you!