Re: [tor-bugs] #9385 [BridgeDB]: bridgedb's email responder should fuzzy match email addresses within time periods

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#9385: bridgedb's email responder should fuzzy match email addresses within time
periods
-----------------------------------------+----------------------------------
 Reporter:  isis                         |          Owner:  isis
     Type:  defect                       |         Status:  new 
 Priority:  normal                       |      Milestone:      
Component:  BridgeDB                     |        Version:      
 Keywords:  email,distributor,spam,bots  |         Parent:      
   Points:                               |   Actualpoints:      
-----------------------------------------+----------------------------------

Comment(by phw):

 Replying to [comment:3 sysrqb]:

 > We do handle the '+' notation already:

 Great!

 > So, limiting "incrementing" addresses and "similar" addresses is the
 next challenge. I fear it will be a losing battle.

 I'm not even sure if that is a battle worth fighting. Even if we come up
 with the perfect algorithm to detect similar addresses, the adversary
 could then simply start generating non-similar addresses by, e.g.,
 randomly concatenating words from a dictionary. I feel like it would be
 very expensive for us to fix this problem but trivial to circumvent our
 fix once again. These rate-limiting strategies should be implemented by
 the email provider (that's actually the very reason, we require
 Yahoo/GMail addresses) and I'm afraid there's a good reason, they can't do
 a better job.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9385#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs