Aug 052004

Challenge Response: Oy!

I don’t think the news about AOL buying Mailblocks and its challenge response anti-spam product is such a big deal in the grand scheme of things. But it does give me a quick opportunity to rant against challenge/response.

First, I don’t think the world is in danger of mass adoption of challenge/response. Earthlink, which in general has much more sophisticated customers than does AOL, has had a hard time gettings its adoption level of this up to the 7-10% level over a period of at least two years. I think it will be even tougher for AOL. I applaud AOL for trying to do more to help members fight spam, but I don’t think this is the answer.

So onto the rant. Challenge/response is a pretty poor solution to spam. Or, rather, I should say it’s an excellent solution to spam with humongous side effects. Some are documented in Pamela Parker’s article in ClickZ about this, but my top three issues are:

1. Challenge/response effectively eliminates everything other than personal email from people who like you. In other words, no emails from people like Fred who don’t have time to respond or work offline, no newsletters, no Wall Street Journal email alerts, no Amazon shipping confirmations, no eBay bid responses.

2. The flip side of the previous point is that for publishers and marketers, challenge/response is a nightmare. Manually responding to dozens of emails is hard enough — that is, if the marketer/publisher can find them and respond to them before they “expire.” But when the volume gets into the hundreds or thousands, it becomes a nightmare cost of being a non-spammer.

3. My final pet peeve? David Daniels nailed it in his quote in Pamela’s article — it solves the problem of too much email by tripling the volume of email (one email, one challenge, one response)!

Overall, it’s a crude solution to the problem, and one that I think will be obviated over time.

  • http://www.ensight.org Jeremy C. Wright

    While I agree, I also disagree (especially with 1-2), as there are solutions to these issues as well. Before I get into rifling off a couple let me say I firmly believe that any solution which is so flawed that it requires another solution isn’t really worth pursusing in the first place…

    But I’m a big Devil’s Advocate fan.

    If you wanted to make it so that C/R technology allowed you to subscribe to newsletters, get alerts, etc really your biggest challenge is letting users into the whitelist that C/R essentially creates. As far as I’m aware MailBlocks does allow this out of the box (haven’t used it in a few months though).

    #2 is most easily solved by an even more obfuscated method: service-based C/R. If the company keeps a central list of blacklisted and whitelisted sites (addresses which are from microsoft.com may be allowed because no spam originates there… but may be denied by users manually).

    Again, I’m not a supporter of these solutions and ultimately I agree: C/R is clunky and generally adds to the overall problem while not really solving the personal problem.

  • http://www.LiveMessage.net Royal

    I also agree. I like to say it another way: It addresses the symptoms, not the disease.

    But then, that’s the problem I have with all SPAM solutions out there today.

  • Pingback: pc4media

  • Pingback: pc4media

  • http://www.chihaironline.com chi flat iron

    The author’s writing is sharp XN.Your idea is novel,I like it,Thank you for sharing.

css.php