Helping people with computers... one answer at a time.
Challenge/Response is a controversial spam fighting technique that forces senders to validate themselves before their email will be accepted.
A few years ago I came in contact - but unfortunately lost the contact - with a mail-application that blocked arriving mails and returned them to the sender with a request to include a certain "password" as the first word of the subject and resend the message. The second time the mail sent with that word in the subject line it would be delivered, as would all mails with that "password" as the first subject word. (Naturally, any password could be chosen.)
I think this was the most genius spam eliminator I have met - if I do not remember wrongly there was an option to keep a list of ALL arriving mails, 'legitimate' as well as 'unwanted' ones.
Do you know the name of this product?
I do not know the name of the product that provided that functionality.
However, I do know the terminology for that general class of spam fighting technique.
You may find it "genius", but I gotta say ... I find it one of the most annoying techniques on the market, and would never use it myself. Among other things, you'll end up missing a lot of email you really, honestly, wanted - and probably pissing off a few of your friends.
This general class is referred to as "challenge/response". In short, when someone sends you an email for the first time, they are sent back a "challenge", which validates their return address and instructs them to somehow prove that they are human and legitimate. They then return a "response" that proves that, and their original email is delivered. Thereafter, their email address is white listed, and they shouldn't see the challenge again.
What you describe is very similar: your challenge is to do something specific to the email message, and once done that, and all other emails that follow the same rule will be delivered without delay.
One commercial provider of this service is SpamArrest. Occasionally ISPs will provide this functionality, so you might want to check with yours.
OK, so why do I react so negatively to this technique?
To begin with, there's a philosophical argument. You're moving the "work" associated with your spam problem to anyone who emails you. You just made your problem their problem. As tempting as it is, that just feels very, very wrong.
The more practical matter are all the people, the legitimate senders, who won't respond to the challenge. And there are many reasons that they might not:
They might not receive it. Delivery could fail, or the challenge itself could be filtered as spam.
They might not understand it, and simply delete it. Given the vast quantities of spam we all do get, most of the challenges I've seen could easily be seen as spam or a phishing attempt on a quick glance, even though they're not.
The sender might feel as I do, and simply be unwilling to respond.
The sender might be a machine. This is the one that's a real deal breaker for me: say you sign up for a new account on some web site, which then sends you a confirmation email you must respond to in order to activate your account. You never get it. Why? Because your C/R system blocks it and sends a challenge back to the originating system - which doesn't know how to respond, or sends from a no-response email address.
Now, to be fair, there are counter arguments for every point I've raised. The challenges are of course architected to be deliverable and understandable. Senders such as myself are presumably in the minority. And if you remember to do so, you can typically proactively whitelist addresses that you know are going to be sending you email.
And yet, it all seems error prone to me. To me, getting a little more spam is less painful than missing an email for whatever reason.
But, obviously, you'll have to make your own decision.
Search for "challenge response" and you'll turn up a number of providers, as well as a number of opinions, both agreeing and disagreeing with me.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.