Spam challengedThere are a number of systems around which try to verify the sender’s email address before passing the incoming mail onto you. One of the popular ones is Challenge-Response. What it does is work with a whitelist of known email addresses. If the mail comes from one of these it passes it into your inbox. Fine. If it comes from an unknown address then it doesn’t just delete it, which is good, but it sends back an automated reply to the sender asking them to verify that they really did send the email in the first place. This sounds good; what happens is the person who wrote to you has to reply in a particular way or visit a web site to verify their address and then the original email is passed into your inbox. However if the email came from a spammer then they won’t reply and you will never see the original mail.
What is wrong with this; I am getting the mail I want and not getting the spam?
There are a number of answers to this. Firstly, you are making your correspondents jump through hoops just to write to you. Of course you will have put all your known correspondents into your whitelist already but that unexpected enquiry from someone who has read your blog, or auntie Jean who has just got an AOL account or a friend who has had to change providers will have to perform unnatural acts. Auntie Jean may never figure it out. Do you mind if you never receive the receipt from that widget you bought online.
Secondly, if you are a member of any mailing list, what happens if someone new joins. Their first mail goes to the list which is passed on to you. Your system replies asking for validation—but he has never heard of you. Worse still, your challenge may go to the list for everyone to see.
Third, what if the sender is using a similar system, what happens to your response (exercise for the reader).
Finally, and most importantly, it makes YOU a spammer. All those challenge replies you send, an equal number to the spam you receive, contribute to the network load. And where do you think they are going? Not to the spammer because he was careful not to put his own address on it; the return addresses are all forged, and a good percentage of them will belong to real users who not only get their normal ration of spam but are now also getting yours as well. And don’t think your ISP won’t notice either. They are used to large volumes of incoming mail because they know about spam but suddenly you are generating large volumes of outgoing mail as well; and they know about spam so are liable to cut you off.
Webmaster
I agree, “you are making your correspondents jump through hoops just to write to you.”
Seems this spam tactic is catching on, but I do find it very annoying to have to answer to these emails whenever I send a friend or a customer a valid email.
I am not exactly sure what you mean, Susan. If you send someone an email and they decide that they don’t like it and mark it as spam, it will have very little effect. Most of these systems are local only to the recipient so THEY will never see your mail again but it won’t affect anyone else. Some that are part of a cooperative, such as the Akismet comment spam system, require a significant number of thumbs down votes before it takes much action so one person that you may have offended will not make a lot of difference.
The equivalent of the schoolboy trick of filling in post-paid reply forms in someone else’s name would be to subscribe to spammy newsletters with someone else’s email address. There is not a lot you can do about that. Good and legitimate subscriptions require a confirmation before becoming active. The others will just accelerate the spam tide a little.
I was just wondering what happens if someone puts you on a spam list???
Ths Susan
I don’t like these ‘spam challenge’ systems for another reason – they usually come with a fee attached. They also take some set up (as you allude to). I tried Norton, but you only rent it. Once the subscription expires it switches itself off (which can’t be right, I thought I’d bought it…!) Instead I now use AVG, which is not perfect, but at least as effective as Norton, its free and soon catches on to spammers.