Spam Links > Filter > Challenge/Response

Challenge/Response Spam Filters

Challenge/Response filtering, also called autowhitelisting, reverse whitelisting or permission-based email, is an increasingly popular method of filtering spam. Though it can be extremely effective, most implementations suffer from serious drawbacks that impinge upon other users. You can usually tell that a spam filter uses Challenge/Response when it claims to be "100% effective!" or to "suffer no false positives" or to use a "Turing test" - the marketing hides a reality that is far less than perfect.

Challenge/Response: The Issues
Challenge/Response Spam Filters

Challenge/Response: The Issues

Challenge/Response has been a contentious technology, with strongly held social and technological arguments both for and against the use of the method. Most informed writers agree that Challenge/Response is usually not a good choice.

Background of Challenge/Response
Challenge/Response Considered Harmful
Challenge/Response at the SMTP Level
Challenge/Response Intellectual Property Issues
Challenge/Response Articles by Marketers

Background of Challenge/Response

Principles for Challenge/Response anti-spam - www.templetons.com/brad/spam/challengeresponse.html
Is Challenge/Response filtering a good or bad thing? - www.templetons.com/brad/spam/crgood.html
Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) - www.ceas.cc/papers-2005/160.pdf
EarthLink CAPTCHAs - www.cl.cam.ac.uk/~rnc1/cr/earthlink.html
Recommendations for Automatic Responses to Electronic Mail - www.faqs.org/rfcs/rfc3834.html

Challenge/Response Considered Harmful

These are some reasons why you should carefully consider use of challenge/response - make sure that any implementation you choose to use doesn't fall foul of these criticisms.

John Levine: Challenge-response systems are as harmful as spam - www.politechbot.com/p-04746.html
A Challenging Response to Challenge-Response - www.freedom-to-tinker.com/index.php?p=389
Challenge-Response Anti-Spam Systems Considered Harmful - linuxmafia.com/faq/Mail/challenge-response.html
How Challenge/Response Spam Filters Work - email.about.com/cs/spamgeneral/a/challenge_resp.htm
Inaccessibility of Visually-Oriented Anti-Robot Tests - www.w3.org/TR/2003/WD-turingtest-20031105/
Challenge-Response systems make matters worse - pm-lib.sourceforge.net/README.html#4
Why Challenge-Response is a Bad Idea - tardigrade.net/challengeresponse.html
Problems with Graphical and Text Challenges - www.chebucto.ns.ca/~af380/how-many.htm
Challenge and Response spamfilters - www.joewein.de/sw/spam-challenge-response.htm
Why Challenge/Response is Bad - www.ferris.com/2005/04/15/why_challengere/
UOL Anti-Spam - fedoraproject.org/wiki/UOL
TMDA Users Can Blow Me - jeremy.zawodny.com/blog/archives/001931.html
What about challenge-response filters? - www.rickconner.net/spamweb/filtering.html#challenge-response
An anti-challenge-response Xmas linkfest - taint.org/2006/12/14/130136a.html
Bogus Challenge-Response Bounces: I've Had Enough - taint.org/2005/09/11/012434a.html
Why Challenge / Response Is not a Good Idea - www.mneylon.com/blog/archives/2005/11/09/why-challenge-response-is-a-bad-idea/
Moronic Mail Autoresponders (A FAQ From Hell) - partmaps.org/era/mail/autoresponder-faq.html
Spam Filtering Floods Innocent In-Boxes - www.informationweek.com/news/hardware/desktop/showArticle.jhtml?articleID=196601410
A Spam-Fighter More Noxious Than Spam - www.businessweek.com/magazine/content/03_27/b3840044.htm
A fundamental problem with challenge/response anti-spam systems - utcc.utoronto.ca/~cks/space/blog/spam/CRProblem
Challenge/Response Systems - www.jcb-sc.com/hostile/cr.html
Why I hate Challenge-Response - blog.commtouch.com/cafe/miscellaneous/why-i-hate-challenge-response/
The challenges of Challenge Response - blog.commtouch.com/cafe/email-security-news/the-challenges-of-challenge-response/

Challenge/Response at the SMTP Level

Most challenge/response methods use emails sent to the originator, which must be manually responded to. Some newer techniques get around that objection by automating the challenge/response process at the email server level. However, this still burdens a server that may never have originated a message with a check, which contributes to large-scale backscatter.

Challenge/Response at the SMTP Level - jamesthornton.com/writing/challenge-response-at-smtp-level.html
Challenge / Response Interworking (CRI) Framework - draft Internet standard, now not available
Slicing Spam with Occam's Razor - www.cse.ucsd.edu/Dienst/UI/2.0/Describe/ncstrl.ucsd_cse/CS2007-0893 - pdf

Message Verification

Challenge/Response Intellectual Property Issues

Challenge/Response Articles by Marketers

Challenge-Response What it means for legitimate email marketers - www.digitalimpact.com/newsletter/sept03-challengeresponse.html
Responding to Another E-Mail Challenge - www.clickz.com/showPage.html?page=2217851

Challenge/Response Spam Filters

If you are considering using a c/r method, please take the time to understand some of the issues surrounding c/r, and assess for yourself if the vendor you choose has created a sound solution or not. Any spam filter implementation that uses a challenge/response technique that is based on sending challenge messages to an address taken from the email envelope or headers is listed on this page in preference to the other pages on this site.

Client Side Challenge/Response Spam Filters
Server Side Challenge/Response Spam Filters

“Email Postage” Accounts

These services all include some form of payment for email, in order to discourage spammers. In reality, they tend to operate as a challenge/response system, or a whitelisting system, since no spammer is going to actually pay to spam people; the payment scheme is window-dressing.

CashRamSpam - www.cashramspam.com/
Boxbe - https://www.boxbe.com/ama/home