Challenge/Response filtering, also called autowhitelisting, reverse whitelisting or permission-based email, is an increasingly popular method of filtering spam. Though it can be extremely effective, most implementations suffer from serious drawbacks that impinge upon other users. You can usually tell that a spam filter uses Challenge/Response when it claims to be "100% effective!" or to "suffer no false positives" or to use a "Turing test" - the marketing hides a reality that is far less than perfect.
Related
Challenge/Response has been a contentious technology, with strongly held social and technological arguments both for and against the use of the method. Most informed writers agree that Challenge/Response is usually not a good choice.
Principles
for Challenge/Response anti-spam - www.templetons.com/brad/spam/challengeresponse.html
Is
Challenge/Response filtering a good or bad thing? - www.templetons.com/brad/spam/crgood.html
Computers
beat Humans at Single Character Recognition in Reading based Human
Interaction Proofs (HIPs) - www.ceas.cc/papers-2005/160.pdf
EarthLink
CAPTCHAs - www.cl.cam.ac.uk/~rnc1/cr/earthlink.html
Recommendations
for Automatic Responses to Electronic Mail - www.faqs.org/rfcs/rfc3834.html
The
Effectiveness of Whitelisting: a User-Study - www.ceas.cc/2008/papers/ceas2008-paper-20.pdf
These are some reasons why you should carefully consider use of challenge/response - make sure that any implementation you choose to use doesn't fall foul of these criticisms.
John
Levine: Challenge-response systems are as harmful as spam - www.politechbot.com/p-04746.html
A
Challenging Response to Challenge-Response - www.freedom-to-tinker.com/index.php?p=389
Challenge-Response
Anti-Spam Systems Considered Harmful - linuxmafia.com/faq/Mail/challenge-response.html
How
Challenge/Response Spam Filters Work - email.about.com/cs/spamgeneral/a/challenge_resp.htm
Inaccessibility
of Visually-Oriented Anti-Robot Tests - www.w3.org/TR/2003/WD-turingtest-20031105/
Challenge-Response
systems make matters worse - pm-lib.sourceforge.net/README.html#4
Why
Challenge-Response is a Bad Idea - tardigrade.net/challengeresponse.html
Problems
with Graphical and Text Challenges - www.chebucto.ns.ca/~af380/how-many.htm
Challenge
and Response spamfilters - www.joewein.de/sw/spam-challenge-response.htm
Why
Challenge/Response is Bad - www.ferris.com/2005/04/15/why_challengere/
UOL Anti-Spam
- fedoraproject.org/wiki/UOL
TMDA
Users Can Blow Me - jeremy.zawodny.com/blog/archives/001931.html
What
about challenge-response filters? - www.rickconner.net/spamweb/filtering.html#challenge-response
An
anti-challenge-response Xmas linkfest - taint.org/2006/12/14/130136a.html
Bogus
Challenge-Response Bounces: I've Had Enough - taint.org/2005/09/11/012434a.html
Why
Challenge / Response Is not a Good Idea - www.mneylon.com/blog/archives/2005/11/09/why-challenge-response-is-a-bad-idea/
Moronic
Mail Autoresponders (A FAQ From Hell) - partmaps.org/era/mail/autoresponder-faq.html
Spam
Filtering Floods Innocent In-Boxes - www.informationweek.com/news/hardware/desktop/showArticle.jhtml?articleID=196601410
A
Spam-Fighter More Noxious Than Spam - www.businessweek.com/magazine/content/03_27/b3840044.htm
A
fundamental problem with challenge/response anti-spam systems
- utcc.utoronto.ca/~cks/space/blog/spam/CRProblem
Challenge/Response
Systems - www.jcb-sc.com/hostile/cr.html
Why
I hate Challenge-Response - blog.commtouch.com/cafe/miscellaneous/why-i-hate-challenge-response/
The
challenges of Challenge Response - blog.commtouch.com/cafe/email-security-news/the-challenges-of-challenge-response/
Is challenge response the ultimate anti spam technique? - blogs.computerworld.com/15534/ask_amir_3_is_challenge_response_the_ultimate_anti_spam_technique
Most challenge/response methods use emails sent to the originator, which must be manually responded to. Some newer techniques get around that objection by automating the challenge/response process at the email server level. However, this still burdens a server that may never have originated a message with a check, which contributes to large-scale backscatter.
Challenge/Response
at the SMTP
Level - jamesthornton.com/writing/challenge-response-at-smtp-level.html
Challenge / Response Interworking (CRI) Framework - draft Internet
standard, now not available
Slicing
Spam with Occam's Razor - www.cse.ucsd.edu/Dienst/UI/2.0/Describe/ncstrl.ucsd_cse/CS2007-0893
- pdf
Related
Challenge/Response Intellectual Property Issues
Challenge-Response
What it means for legitimate email marketers - www.digitalimpact.com/newsletter/sept03-challengeresponse.html
Responding
to Another E-Mail Challenge - www.clickz.com/showPage.html?page=2217851
If you are considering using a c/r method, please take the time to understand some of the issues surrounding c/r, and assess for yourself if the vendor you choose has created a sound solution or not. Any spam filter implementation that uses a challenge/response technique that is based on sending challenge messages to an address taken from the email envelope or headers is listed on this page in preference to the other pages on this site.
KnockKnock
- www.knockmail.com/
(Reviews: 1)
ChoiceMail
- www.digiportal.com/
(Reviews: 1
2)
Steven
- www.softwaredevelopment.net.au/pge_steven.htm
(Reviews: 1)
Spam Research
Center - www.spamresearchcenter.com/
Vanquish - www.vanquish.com/
(Reviews: 1)
Mail Unknown
- www.mailunknown.com/
spamPepper
- www.spampepper.com/
(Reviews: 1)
Kens Spam Filter
- www.gb7abc.net/spam.html
Caller ID for
Email - www.calleridforemail.com/
AntiSpam
Personal - babastik.com/AntiSpam-Personal/
WinAntiSpam
- www.winantispam.com/
(Reviews: 1)
QuarantineMail
- quarantinemail.com/
(Reviews: 1)
Geobytes 'm - m.geobytes.com/
UseBestMail
- www.usebestmail.com/
Em@ilCRX - www.emailcrx.com/
Comodo AntiSpam
Desktop - www.comodoantispam.com/
ASB AntiSpam
- asbsoft.netwu.com/
PostShield
- www.postshield.net/
Powder Antispam
- powderantispam.com/
CleanMyMailbox
- www.cleanmymailbox.com/
(Reviews: 1)
GoodbyeSpam
- www.goodbyespam.com/
iPermitMail
- www.ipermitmail.com/
0Spam.com - www.0spam.com/
(Reviews: 1)
SpamFry - www.spamfry.net/
Bluebottle
- www.bluebottle.com/
mailDuster
- www.mailduster.com/
SpamRestraint
- spamrestraint.com/
Affini - www.affini.com/
(Reviews: 1)
Spam Snag - spamsnag.com/
SpamBlocks
- www.spamblocks.net/
SpamCerbere
- www.spamcerbere.com/en/
MailCircuit
- www.mailcircuit.com/
(Reviews: 1)
myprivacy .ca
- www.myprivacy.ca/
- for .ca domain registrations
Email Validation Service
- www.evsmail.com/
Spam Wall - www.spamwall.net/
BoxSentry - www.boxsentry.com/
AlienCamel - aliencamel.com/
(Reviews: 1)
mapSoN
- cryp.to/mapson/
Active Spam Killer
- a-s-k.sourceforge.net/
Rejecting
spam with a procmail accept list - www.angel.net/~nic/spam-x/
BLOWBACK - www.cs.cmu.edu/~sleator/blowback/
These services all include some form of payment for email, in order to discourage spammers. In reality, they tend to operate as a challenge/response system, or a whitelisting system, since no spammer is going to actually pay to spam people; the payment scheme is window-dressing.
CashRamSpam
- www.cashramspam.com/
Boxbe -
https://www.boxbe.com/ama/home
Related
ChoiceMail
- www.digiportal.com/
- Windows
SpamLion - www.spamlion.com/
- ASP or gateway
Sendio - www.sendio.com/
- appliance (Reviews: 1)
Qordia - www.qordia.com/
- ASP
Antispam -
www.spamkilling.com/
- Sendmail
CAPTCHA - www.captcha.net/
Petmail - petmail.lothar.com/
- Python
Tagged Message Delivery Agent
(TMDA) - tmda.net/ - Unix
FairUCE
- https://secure.alphaworks.ibm.com/tech/fairuce
- Linux
An
Effective Solution for Spam - home.nyc.rr.com/spamsolution/An%20Effective%20Solution%20for%20Spam.htm
SquareAnswer
- squareanswer.com/
White List Email
- www.rfc1149.net/devel/wle
Tenbu
Query-Response - domino-240.drcc.com/publicaccess/news.nsf/preview/DCRR-69PKU5
- Java
SPAMJadoo - www.spamjadoo.com/
- ASP, uses TitanKey
PrivateMail - privatemail.com/
- uses TitanKey
Spamboomerang
- www.triveni.com.au/Spamboomerang/Spam_Index.html
- uses TitanKey
Vanquish
Appliance - www.vanquish.com/products/products_appliance_antispam.shtml
Vanquish
ASP - www.vanquish.com/products/products_virtual_antispam.shtml
Countering
Spam with Ham-Authenticated Email and the Guarded Email Protocol
- www.dwheeler.com/guarded-email/
qconfirm
- smarden.org/qconfirm/
- qmail
MARP
- www.clifford.ac/software.html
- procmail
rcptauthsender
- www.jmaimon.com/sendmail/
- Sendmail
Spamfinder
- www.reddoxx.com/front_content.php?idcat=85
- appliance
iPermitMail
- www.ipermitmail.com/
- ASP
Junk
Mail Buffering Agent (JMBA) - www.ivarch.com/programs/jmba.shtml
Sporkie
- www.syncleus.com/sporkieProject/
- Java