1. Field of the Invention
This invention generally relates to Internet anti-spam technology. More particularly, the invention relates to a system and method for preventing an automated process from extracting users' screen names or e-mail addresses from a chat room or an instant messaging service where a communication screen is viewed by a plurality of users.
2. Description of the Prior Art
Spam usually refers to unsolicited e-mail documents consisting of advertising materials for the lease, sale, rental, gift offer or other disposition of any realty, goods, services or extension of credit when the documents (a) are addressed to recipients who do not have existing business or personal relationships with the initiator, and (b) were not sent at the request of or with the consent of the recipient. An unsolicited e-mail is not necessarily a spam, but all spam is unsolicited.
Spam has become ubiquitous. It is estimated that thirty six percent of all e-mails sent on a given day consists of unsolicited e-mails, otherwise known as “spam”. Most people see spam as the scourge of e-mail. On the low end, spam is simply annoying. On the high side, spam is expensive to eliminate and those costs are usually passed on to the consumers. Hence more and more people look for ways to stop it from infecting their e-mail boxes. However, until strong anti-spam laws are passed and actually enforced, spam proliferation would continue because it is a very effective way to reach a mass audience at one time at little or no cost to the sender.
Spam proliferation is harmful to both Internet service providers (ISPs) and consumers. ISPs incur significant business-related costs accommodating bulk mail advertising and answering consumer complaints. Recipients of spam expend resources to sort, read and discard unwanted junk e-mails. If an employee undertakes this exercise at work, the employer also suffers the financial consequences of the wasted time. It is estimated that five man-weeks are wasted for each million recipients who spend just one second to delete an unsolicited e-mail.
In addition to wasting recipients' time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, many organizations and individuals have taken it upon themselves to fight spam with a variety of techniques. Because the Internet is public, there is really little that can be done to prevent spam, just as it is not easy to prevent regular junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers.
Spammers need e-mail addresses as much as possible. E-mail collectors collect e-mail addresses and sell their list to spammers who look for e-mail addresses. There are many ways to collect e-mail addresses. The primitive way is to collect manually from advertisements, newspapers, business-cards, or other resources available to the public. Many offline stores even ask their customers to provide their e-mail addresses in exchange for discounts or free merchandise.
Various automated methods for collecting e-mail addresses have been developed. In one of these methods, a program is run to troll the Internet looking for e-mail addresses, much like throwing a net in the ocean and seeing what gets caught in it. Another method is to use a program to screen-scrape a chat room or instant messaging service where a communication screen is viewed by many users. This is possible because users' screen names are displayed as text in the chat rooms or instant messaging services. Screen scrapers can use an automated process to scrape the communication screens every few minutes to get valid screen names in order to send spam to the holders of the screen names.
To block an automated process, one solution is to disable a program's recognition function by getting a living person involved in the process. For example, a program can recognize and process text information easily, but it is usually unable to recognize and process a message which is included in a graphic in a purposefully confusing manner unless a very powerful graphic recognition function is incorporated.
Image based human-recognition steps have been used in e-mail account registration processes. For every living person who has ever taken an online poll or signed up for free web-based e-mail, there are legions of computer-automated Internet robots trying to do the same thing. The automatically produced e-mail accounts are hard to block or trace, making them ideal vehicles for sending spam to legitimate e-mail users. Researchers at Carnegie Mellon University in Pittsburgh have created a security system, known as Gimpy, to thwart the automated process that relentlessly scour cyberspace for opportunities to register new e-mail addresses, stuff ballots for online polls and direct unwitting participants in Internet chat rooms to advertisement.
Gimpy is based on the human ability to read extremely distorted, squiggly, fuzzy or otherwise corrupted text, and the inability of current computer programs to do the same. Gimpy works by choosing a certain number of words from a dictionary, and then displaying them corrupted and distorted in an image. After that, Gimpy asks the user to type the words displayed in the image. While human users have no problem typing the words displayed, current computer programs, such as those based upon optical character recognition (OCR) technology, would be easily flustered if the text were not clear and free of background clutter.
Both Yahoo and MSN have implemented the Gimpy graphic recognition step in their new e-mail account registration process to prevent automated registration. Being usually at the very end of the registration process, the graphic recognition step requires the applicant to type a pass contained in an image into a form field. The pass is typically a randomly given word or combination of characters. FIG. 1 shows a part of MSN's registration screen which requires “Type the characters that you see in the picture”. The characters are included in the image 101 in a distorted way to confuse graphic recognition application. If the entered text information 102 matches the correct text information of the pass, then the registration process continues; otherwise, the applicant is prompted to type it again. To enter the correct text information of the pass, the applicant must read and recognize the text information from the given image 101. Typing the pass from the image helps ensure that a person—not an automated program—is completing the registration form. This is important because attackers use harmful programs to try to register large numbers of accounts with Web services such as Yahoo and MSN. Attackers can use these accounts to cause problems for other users, such as sending junk e-mail messages or slowing down the service by repeatedly signing into multiple accounts simultaneously. In most cases, an automated registration program is unable to recognize the characters in the image. Without a living person's involvement, the registration process cannot be completed.
The purpose of this invention is to use a human's natural visual recognition and provide a solution to disable all automated screen scraping processes without having to get a living person's involvement.