Challenging Challenge Response Anti-Spam Systems
from the false-positives-galore dept
I've been pretty vocal in explaining why I don't like challenge-response email systems for spam prevention. It seems that the problems with such plans are starting to get a lot more attention. Some are even saying that if challenge-response systems are put in place widely, it could render email useless. I wouldn't go that far, but there clearly are problems with challenge-response systems. This article mostly focuses on problems involving mailing lists, but I don't think that's the worst issue for challenge-response systems. The biggest problem, in my mind, is the "false positive" issue. Anyone who legitimately emails you, but doesn't follow through on the challenge-response can be classified as a false-positive - a legitimate email that was "blocked" by your spam filter. A good anti-spam system should look at ways to minimize both false positives and false negatives (though, there are always tradeoffs). Meanwhile, challenge-response systems can also be seen as increasing spam, for anyone who sends a legitimate email and has to deal with all the incoming challenges.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Combining spam detection and challenge/response
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
No Subject Given
- when you set it up in Outlook, you see both your inbox (good, verified email), and your pending email, so you can pull someone out of "jail" even if they haven't responded to the challenge.
On the other hand, I sent a friend an email the other day and he was using "ChoiceMail" -- a client-based challenge/response tool (being sued by Mailblocks), and I found it pretty annoying to have to fill out the form to send him an email.
Mailblocks hasn't yet gotten their whitelisting procedures down -- you can't import your address books from Outlook, though it is their number 1 request in the FAQ. Once they do that, AND allow domain wildcard whitelisting, they'll be a pretty good option, I think.
Until then, I'm sticking to spamassassin and the delete key.
[ link to this | view in chronology ]
My option
Some say C&R is a pain for those wishing to send me email. Well, understand, sending me an email is a privilege. You should have to earn my attention, not simply get it by screaming or slamming my email box. To send me a letter, you earn this privilege by putting a stamp on it. To earn my attention on the telephone, you must pass call screening and caller ID.
Anyone who has anything important to tell me in an email will go through the trouble of responding to my challenge. If not, I'm simply not interested. No stranger has EVER sent me an email that was important. On the otherhand, myself and my time are the most important things in my life, and if you want a piece of it, you've got to earn it.
That's how I see it!
[ link to this | view in chronology ]
I agree
We have caller ID also. If the President calls and has no ID, by golly, he will just have to leave a message.
[ link to this | view in chronology ]