trenchant.org

by adam mathes
archive · subscribe

Challenge This

Some friends of mine have begun using challenge/response systems to combat spam. These systems deal with the spam problem by sending an automated email response to any incoming email you receive, essentially asking you to prove that your email address is valid, and that you are a human and not a spammer’s robot. Usually this requires a quick visit to a web site to “verify” your address, or responding to the email with a particular string of text in the subject.

People who have switched to challenge/response systems are quite happy that they no longer see spam in their inboxes. Their happiness, however, is predicated on pissing everyone else off.

When I get an email from someone I have been emailing for years telling me to prove I’m a real human being before my mail goes through, it’s rather annoying, not to mention insulting. One of emails strong points is the ease, simplicity, and immediacy with which you can send a message and it arrives seconds later. Challenge/response systems inhibit that.

(Although any reasonable challenge/response system will have a whitelist - email addresses you specify that are valid - that allows messages to go through without the verification step that you can populate with your current addressbook. And once you do the verification then all your mail should be whitelisted and go through after that. However, since there is no standard, single database of “verified” email addresses, you could have to do this verification step for every new person you send an email to.)

Even if the annoyance to end users was justified, ISP’s and mail servers have to deal with the possibility of twice as much usless mail clogging their servers. Because, from an ISP’s perspective, an automated response to a fake address that passes through their servers is no different than the original spam message. It is an unsolicited, automated email message that wastes bandwidth. And, in the worst case scenario, if everyone used a challenge/response system, for every spam email you would have a response, effectively doubling the traffic and wasting everyone’s bandwidth, server CPU cycles, and money.

Already one of the more popular services, KnowSpam, has been blocked by Yahoo. My guess is that other large email services will follow suit since challenge/response systems will likely trigger their spam defenses.

It will be interesting to see if companies are willing to let companies like KnowSpam continue to operate and send automated responses or not. My guess is once they are blocked, ISP’s and mail services will be uninterested in ever unblocking them.

· · ·

If you enjoyed this post, please join my mailing list