[tor-bugs] #9385 [BridgeDB]: bridgedb's email responder should fuzzy match email addresses within time periods
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 7 10:19:26 UTC 2013
#9385: bridgedb's email responder should fuzzy match email addresses within time
periods
-----------------------------------------+----------------------------------
Reporter: isis | Owner: isis
Type: defect | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Keywords: email,distributor,spam,bots | Parent:
Points: | Actualpoints:
-----------------------------------------+----------------------------------
Comment(by phw):
Replying to [comment:3 sysrqb]:
> We do handle the '+' notation already:
Great!
> So, limiting "incrementing" addresses and "similar" addresses is the
next challenge. I fear it will be a losing battle.
I'm not even sure if that is a battle worth fighting. Even if we come up
with the perfect algorithm to detect similar addresses, the adversary
could then simply start generating non-similar addresses by, e.g.,
randomly concatenating words from a dictionary. I feel like it would be
very expensive for us to fix this problem but trivial to circumvent our
fix once again. These rate-limiting strategies should be implemented by
the email provider (that's actually the very reason, we require
Yahoo/GMail addresses) and I'm afraid there's a good reason, they can't do
a better job.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9385#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list