Challenging Challenge Response Anti-Spam Systems

from the false-positives-galore dept

I’ve been pretty vocal in explaining why I don’t like challenge-response email systems for spam prevention. It seems that the problems with such plans are starting to get a lot more attention. Some are even saying that if challenge-response systems are put in place widely, it could render email useless. I wouldn’t go that far, but there clearly are problems with challenge-response systems. This article mostly focuses on problems involving mailing lists, but I don’t think that’s the worst issue for challenge-response systems. The biggest problem, in my mind, is the “false positive” issue. Anyone who legitimately emails you, but doesn’t follow through on the challenge-response can be classified as a false-positive – a legitimate email that was “blocked” by your spam filter. A good anti-spam system should look at ways to minimize both false positives and false negatives (though, there are always tradeoffs). Meanwhile, challenge-response systems can also be seen as increasing spam, for anyone who sends a legitimate email and has to deal with all the incoming challenges.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Challenging Challenge Response Anti-Spam Systems”

Subscribe: RSS Leave a comment
Anonymous Coward says:

No Subject Given

Despite Earthlink being sued, they still launched their spam challenge setup over the weekend. I implemented it on my accounts and have not received a spam through them yet. One nice things is that I can go in and view all the pending messages, so that if I see a message or 2 in the pending area from legit sources, I can immediately approve them without having them follow through.

todd says:

No Subject Given

I opened a Mailblocks account to try it out and I haven’t used it much, but:
– when you set it up in Outlook, you see both your inbox (good, verified email), and your pending email, so you can pull someone out of “jail” even if they haven’t responded to the challenge.

On the other hand, I sent a friend an email the other day and he was using “ChoiceMail” — a client-based challenge/response tool (being sued by Mailblocks), and I found it pretty annoying to have to fill out the form to send him an email.

Mailblocks hasn’t yet gotten their whitelisting procedures down — you can’t import your address books from Outlook, though it is their number 1 request in the FAQ. Once they do that, AND allow domain wildcard whitelisting, they’ll be a pretty good option, I think.

Until then, I’m sticking to spamassassin and the delete key.

Junk 'n Stuff (profile) says:

My option

Challenge & Response is the best method, period. NO program can make decisions as accurately as I can, though they can make more decisions more quickly. That’s where SpamAssassin let me down — its assumptions as to what is spam were just too narrow.

Some say C&R is a pain for those wishing to send me email. Well, understand, sending me an email is a privilege. You should have to earn my attention, not simply get it by screaming or slamming my email box. To send me a letter, you earn this privilege by putting a stamp on it. To earn my attention on the telephone, you must pass call screening and caller ID.

Anyone who has anything important to tell me in an email will go through the trouble of responding to my challenge. If not, I’m simply not interested. No stranger has EVER sent me an email that was important. On the otherhand, myself and my time are the most important things in my life, and if you want a piece of it, you’ve got to earn it.

That’s how I see it!

James moomey says:

Re: I agree

Not that I get that much junk because I try to be carefull online but it does add up and once you make a mistake….they must pass it around: Hey, we got a good address here! Most ‘good’ email is to and from people we know.

We have caller ID also. If the President calls and has no ID, by golly, he will just have to leave a message.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...