Challenging Challenge Response Anti-Spam Systems
from the false-positives-galore dept
I've been pretty vocal in explaining why I don't like challenge-response email systems for spam prevention. It seems that the problems with such plans are starting to get a lot more attention. Some are even saying that if challenge-response systems are put in place widely, it could render email useless. I wouldn't go that far, but there clearly are problems with challenge-response systems. This article mostly focuses on problems involving mailing lists, but I don't think that's the worst issue for challenge-response systems. The biggest problem, in my mind, is the "false positive" issue. Anyone who legitimately emails you, but doesn't follow through on the challenge-response can be classified as a false-positive - a legitimate email that was "blocked" by your spam filter. A good anti-spam system should look at ways to minimize both false positives and false negatives (though, there are always tradeoffs). Meanwhile, challenge-response systems can also be seen as increasing spam, for anyone who sends a legitimate email and has to deal with all the incoming challenges.