If you read my ramblings on a regular basis you may have noticed that spam filtering is an area that I take a particular interest in. Although I may dislike spammers I hold certain anti-spam “solutions” in equal disdain.
One of the things that annoys me and other email users is when we bear the brunt of other people’s attempts to block spam / UCE / UBE from reaching their inbox. While I would be amongst the first to complain about spam, I would also be amongst the first to complain about badly thought out filtering solutions.
For example, Comodo introduced a spam filtering solution several months ago. They claim:
Comodo Antispam Desktop 2005 is an intuitive, easy-to-use, client-based antispam software that is guaranteed to eliminate all spam from your computer.
They forget to mention that it will also block commercial email and result in lose of income.
So what is this wonderful solution of which they speak?
In technical circles it is referred to as “C/R” or “challenge / response”.
The idea is very simple. When you send an email to someone for the first time it will be blocked and you will receive an email asking you to verify yourself (challenge). Once you have verified yourself email from you to your intended recipient should go through without any issues as you have given the correct “response”.
Nice idea?
Possibly, but it’s more than a bit flawed as my example proves
However, explaining the the shortcomings of such a system can be a little awkward when someone is trying to stem the flow of unwanted junk into their inbox.
The idea of being able to block all spam is certainly attractive. The fact that you may block a lot of legitimate email and annoy a lot of innocent bystanders in the process is something that none of the vendors is going to mention.
As this is a topic that comes up quite often on certain mailing lists I asked one contributor, Steve Champeon, if I could plagiarise his very clear explanation of the issues and he agreed.
– most spam is sent from forged addresses
– C/R works by replying to mail that has already been accepted by
the mail server but not yet delivered to your mailbox, so the spammer
considers the message delivered and will continue to spam (on the odd
chance that they actually cull bounces out of their lists, YMMV)
– as most spam is forged, then assuming the C/R package replies to all
of the spam, the majority of the replies will be sent to innocent
third parties, thereby making them a victim twice and adding to their
useless mail load.
– many of the other replies will simply bounce as undeliverable, thereby
increasing the load on the friend’s own mail server, meaning that the
load on already overloaded systems is increased to no good end
– the few legit messages that are challenged may even get trapped or
refused by mail servers that consider C/R abusive, so legit mail may
be blocked/killed in quarantine/whatever and it’s all the fault of
the person using the C/R system.
– so, C/R systems act as amplifiers for spam, compound abusive behavior,
and create unnecessary delays in legitimate mail, which leads many mail
server admins to refuse such traffic when possible; this leads to the
inevitable conclusion that the use of C/R systems WILL lose legit mail
while not actually providing much protection except at others’ expense.
If Steve’s explanation sounds a bit too technical then you could think of it in simpler terms:
Email is a communication tool for both business and pleasure.
If you use email for business then you use email to help you make money.
If the flow of communication between you and your suppliers and clients / potential clients is disrupted in anyway it will affect your bottom line.
If you make it awkward for people to communicate with you they won’t and they will take their business elsewhere.
C/R slows down and impedes communication by placing unwanted barriers between you and your clients/suppliers.
If you must insist on using some form of C/R please make sure that you whitelist my address before you contact me as I will not reply to challenges.
Leave a Reply