Tag Archives: challenge-response

Don’t Challenge That E-mail!



When I ask IT people what they see is the biggest problem on the net today, the most common response is spam. When I ask non-techies the same question, I always get the answer: spam.

There’s not much we can do at the moment to combat spam except install filtering software that keeps an eye out for common spam terms (I don’t want to list them here because there’s a good chance your filtering software will trash this newsletter).

There’s an alternative to e-mail filtering that’s being discussed when ISPs and other technical folk gather: challenge-response messaging. With this e-mail technology, senders will receive a challenge e-mail message the first time they send a message to an e-mail account that has enabled challenge-response security. If the sender appropriately responds to the challenge, the original message is then delivered to the recipient, and future messages sent to the same e-mail account will also be delivered.

This process verifies the sender’s return e-mail address and adds the address to the recipient’s white list, the tally of addresses from which e-mail messages may be received.

Dave’s Opinion
At first this sounds like a good idea; however, there are a few limitations to the system. The first is that challenge-response white lists may allow all e-mail from the sender’s domain to be delivered. If john@doe.com responds appropriately to a challenge, then not only will his future messages be delivered but also jane@doe.com, and charlie@doe.com.

The second problem I see is for e-zine (e-mail newsletter) publishers, including me. Challenges that are sent in response to the newsletter will result in the recipient’s being unsubscribed from the newsletter. Bounced e-zine messages are usually automatically removed from the subscriber list. This isn’t just a problem for publishers but also for readers who may not realize why they’re no longer receiving their newsletters after the challenge-response system has been installed by the corporate IT staffer.

And worst of all, the challenge-response system adds at least two additional e-mail messages traversing the net and corporate e-mail servers each time a new relationship is created.

Let’s solve the spam problem at it’s root by continuing to work through the legal system to stop spammers. In the mean time, do your part to make the spamming less enticing: don’t buy anything from spammers and don’t reply to their messages, you’re only confirming that they’ve reached a valid e-mail address.

ITinfo