Turing test: origins and current applications

Authenticate senders as a last resort

The Turing test has become an almost inescapable part of online actions, particularly in the authentication process. What are the origins and forms of application of this technique, hated by spammers and web surfers in a hurry?

The origins of the Turing test go back to work on Artificial Intelligence in the 40s and 50s, when the aim was to define a criterion for qualifying a machine as intelligent. In 1950, mathematician Alan Turing devised a test in which a man, using a computer keyboard and screen, asked the computer and the man the same question. If the questioner is unable to distinguish between the answers given by the computer and those given by the human, then we can say that the machine (or the program running on it) is intelligent. Among the critics of the Turing test, the American philosopher John Searle refuted the very principle of the test, arguing that the machine could in no way be intelligent, even if it produces the same answers as a human, because it simply uses symbols according to defined rules, and doesn’t understand the meaning of these symbols. He illustrated this refutation with the famous example of the Chinese Chamber.

We know that one of the reasons why spam is so effective is that it is sent automatically. Among anti-spam methods, the most effective solutions are based on the ability to distinguish between man and machine. They are based on Human Interactive Proof (HIP) test classes, whose aim is to enable a human being to perform secure authentication in order to be recognized as a member of a group. When the more specific aim of the HIP test is to distinguish between human beings and machines, it is called CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart). Unlike the classic Turing test, the aim is no longer to prove to a human interrogator that he’s dealing with another human being, but to prove to a machine whether or not he’s dealing with a human. In the case of anti-spam more specifically, in addition to the man/machine distinction, we can penalize the speed at which the spammer sends his spam: if he has to manually carry out a test for each spam message sent, he loses an enormous amount of time, and his ability to cause harm is considerably reduced.

The purpose of a CAPTCHA is to present a problem that is insurmountable for a machine and easily dealt with by a human being. It must therefore be quick and easy to implement by a human being, accept all human users, be impossible for any machine to overcome, and be able to withstand any attack even if its algorithm and data are known. There are different types of CAPTCHA: text-based (based on the machine’s inability to decipher distorted and degraded text inserted into images), image-based (the user must solve a pattern recognition problem or based on the meaning of images), audio-based (with spoken text that is subject to significant distortion and background noise).
The application of Turing’s test principles in the fight against spam is therefore based on challenge/response systems: when we receive an email likely to be spam, we block it and send an email back with a “challenge” to confirm that the sender is a human being and not a robot. If the sender responds correctly, his mail is released and he won’t have to perform this test again.

The Turing challenge/response test is highly effective when used in conjunction with and after other anti-spam methods, particularly when it comes to dealing with false positives. Rather than immediately blocking a sender writing for the first time and suspected of being a spammer, it’s better to ask the question. At the end of the process, it’s a relevant solution. On the contrary, it is not recommended to place it at the beginning of the chain, as it may penalize legitimate senders who will be obliged to confirm e-mails. Some solutions simply use Turing tests systematically on all incoming messages, fortunately also managing a whitelist. ALTOSPAM, on the other hand, uses the Turing test only as a last resort when an email is interpreted by other technologies as spam, thus managing any false positives.

We invite you to continue reading by reading our article on the disadvantages of solutions using only the Turing test.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …