|
Summary: Challenge/Response is a controversial spam fighting technique that forces senders to validate themselves before their email will be accepted.
I do not know the name of the product that provided that functionality. However, I do know the terminology for that general class of spam fighting technique. You may find it "genius", but I gotta say ... I find it one of the most annoying techniques on the market, and would never use it myself. Among other things, you'll end up missing a lot of email you really, honestly, wanted - and probably pissing off a few of your friends. • This general class is referred to as "challenge/response". In short, when someone sends you an email for the first time, they are sent back a "challenge", which validates their return address and instructs them to somehow prove that they are human and legitimate. They then return a "response" that proves that, and their original email is delivered. Thereafter, their email address is white listed, and they shouldn't see the challenge again. "You just made your problem their
problem."
What you describe is very similar: your challenge is to do something specific to the email message, and once done that, and all other emails that follow the same rule will be delivered without delay. One commercial provider of this service is SpamArrest. Occasionally ISPs will provide this functionality, so you might want to check with yours. OK, so why do I react so negatively to this technique? To begin with, there's a philosophical argument. You're moving the "work" associated with your spam problem to anyone who emails you. You just made your problem their problem. As tempting as it is, that just feels very, very wrong. The more practical matter are all the people, the legitimate senders, who won't respond to the challenge. And there are many reasons that they might not:
Now, to be fair, there are counter arguments for every point I've raised. The challenges are of course architected to be deliverable and understandable. Senders such as myself are presumably in the minority. And if you remember to do so, you can typically proactively whitelist addresses that you know are going to be sending you email. And yet, it all seems error prone to me. To me, getting a little more spam is less painful than missing an email for whatever reason. But, obviously, you'll have to make your own decision. Search for "challenge response" and you'll turn up a number of providers, as well as a number of opinions, both agreeing and disagreeing with me. Related:
Article 12475 | Posted June 4, 2008 |
Popular & Hot How do I make a new MSN Hotmail account? How do I delete history items from my Google tool bar? My desktop Recycle Bin has disappeared - why, and how do I get it back? I accidentally deleted my Recycle Bin in Vista - how do I get it back? New & Important How can I get the old Windows Live Hotmail back? Internet Safety: How do I keep my computer safe on the internet? Are free email services worth it? Would you please recover my password? My account has been hacked or I've forgotten it.
Stay Informed Archives Advertisers |
|
•
You forgot one of the biggest (IMHO) problems with C/R -- "backscatter".
Remember, every spam that you get from an "unknown" sender gets a challenge sent to the forged "from" address. And a good portion of those forged "from" addresses are valid, resulting in you generating unwanted, unsolicited e-mails (read: spam) to those innocent bystanders.
Posted by: Ken B at June 4, 2008 12:11 PMBackscatter indeed is the biggest problem with C/R, IMO. As someone whose email address is all over the Internet, I get dozens of bunk C/R messages every day. Once every couple months someone sends out a huge spam run with the "from" as my address and I'll get thousands of bounces and C/R garbage a day for a couple days.
Anything that creates backscatter is considered a poor practice by most people these days, and some spam blacklists will list you for doing it, which will cause problems with your ability to send email to some people.
Posted by: Chris Buechler at June 4, 2008 04:19 PMAdditionally, the specific example of C/R asked about in the question sounds very easy to program a bot to bypass. How difficult it is to create an email bot to put a word from an email into the subject - especially as these emails are probably quite standardised and it wouldn't be that difficult to program a bot to "find" the password and stick it in the subject.
Posted by: Eli Coten at June 7, 2008 03:37 PMI use Digiportal's Choice Mail--a challenge/response whitelist program. The simple truth is that NOTHING works except challenge/response in conjunction with whitelisting. Without c/r, all that happens is you are forced to constantly check the junk box. You're back to sorting email. Without whitelisting, you're at the mercy of rules-based spam programs that are either too inclusive (false positives) or too lax (too much spam gets through). Digiportal has had its issues over the years--including the addition of some rules to go with the whitelisting. (I just delete the rules since it is contrary to the fundamental concept of the program.) But unlike most other challenge/response programs, you can actually BUY the program without having to pay monthly fees.
Posted by: Mark S at June 8, 2008 07:52 AMMy technique is to use my ISP's mail filters to label (prefix) all suspected Spam with "***SPAM*** ", and to whitelist those people and services I use or communicate with regularly. I still have to scan my Inbox, but the labelling segregates the Spam (my Inbox is sorted) and makes verification (i.e., correction of any false positives) and deletion MUCH faster and easier. I'll add that my ISP's spam filters seem quite good -- I get perhaps 80 Spam per day, and I'd say I get a false-positive no more often than once in 2,500 messages. I could probably get away with having my ISP auto-delete my Spam, but I check them instead, on general principles, as I'd FAR rather put up with minor the annoyance of giving the Spam a quick once-over before consigning them to oblivion to missing even one single E-Mail that I genuinely want to receive.
The rare false-positive is usually some service I've just signed up for. I simply copy the sender's address, paste it into the mail filters and set it to whitelist, and Bing! no more false positive (for that sender)! Now, it is true that my whitelist has grown to about 150 entries -- and I must STILL scan my Inbox! -- so I can see why some people will think me an idiot. :) But maintaining that whitelist still makes dealing with Spam much easier, and I am quite satisfied.
Posted by: Glenn P. at June 10, 2008 11:43 AM