EarthLink To Offer Challenge-Response Anti-Spam E-Mail System
from the good-luck... dept
Ever since the idea of using whitelists and challenge-response systems have been brought up, I've been against them. I don't think they'll work. People tell me that I'm crazy, and users will get over the hurdles, once they realize that they're better than spam. I'm not convinced, but it appears I'm in a minority. Earthlink is getting ready to offer their customers a free challenge-response system as a way to block spam. There are any number of issues with such systems. First off, I don't see why I'm so important that anyone who wants to email me needs to jump through an extra hoop - and I'd bet many people trying to email me would feel the same way. The challenge-response messages are likely to confuse or annoy way too many people to make it worthwhile. To me, challenge-response systems end up giving way too many "false positives" because they effectively "block" all the legitimate mail from anyone who refuses to jump through extra hoops to reach me. While filtering systems let an occasional spam through, they tend not to block too many legitimate emails. That's not at all true with whitelists. On top of that, there are all sorts of problems concerning dealing with mailing lists, and automated responses. Just think, every time you buy something, and the website emails you your receipt, you might not get it, because of the whitelist. Earthlink says they have a way around this - which is that you give them another email address that doesn't use a whitelist. And, what happens when the spammers get ahold of that email address? Furthermore, how long will it be until spammers figure out a way around these sorts of challenge-response mechanisms? As a random aside, the article mentions that Mailblocks (the tremendously overhyped "me-too" challenge-response company that claims to own the patents on challenge response) is suing Spam Arrest, the challenge-response company that was sending out spam themselves.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Challenge/Response and the Current Environment
While the challenge/response only needs to happen once per pair of email addresses, that's still a pretty significant addition to the volume of email traffic if we see widespread adoption.
If challenges get filtered out, contact between two people fails. If a challenge message gets classified as spam by a collaborative filtering system like cloudmark, contact between many people fails. This woudn't necessarily happen, but is certainly a potential risk.
Even more frightening, though, is the possibility that people will become accustomed to challenges, and start responding automatically. This seems pretty reasonable to me -- when I'm working I may send dozens or hundreds of emails a day, and a fair number of them can be going to people that I don't know; if challenge/response was standard, I doubt that I'd look too closely at the 20 or 30 challenges in my inbox before responding to them.
What's the next logical step from there? Well, if I'm a spammer, the next step is to send out "challenge" messages with "validation" links that link to my pornographic septic tank discount pharmaceutical site. Then we've got the process starting all over again -- how do we distinguish the good messages from the bad?
I don't think that challenge/response is unworkable by any means, but any purely technological solution can be weakened or defeated by new technological attacks.
[ link to this | view in chronology ]
No Subject Given
1) legistation that makes the spammer (i.e. the mailer) AND the actual advertiser jointly liable for violations of the law (Failure to mark messages as ADV and spoofed addresses in particular). Followed up by some very swift and punitive enforcement.
and
2) Providing users with a simple and effective way to filter out mail at the domain level. (I've noticed that increasely spam is "coming from" .tv, .ru, .etc. and a host of places that may not even exist. I'm comfortable kill-filtering all .tv, .ru, .cz, etc. mail.
[ link to this | view in chronology ]
No Subject Given
I don't think a challenge - response system can work for a business, but for personal email, I think it is very workable.
[ link to this | view in chronology ]