[Baypiggies] Challenge/Response email systems

Marilyn Davis marilyn at deliberate.com
Sat Jun 17 06:05:59 CEST 2006


Thanks for your comments.

I guess the social aspects are a matter of taste.


> Yeah, I think the real problem is that people who you want to hear from
> might send you an e-mail, get a challenge, and decide not to bother.
> Then you don't get an e-mail that you might really want to have
> received, and whoever it was at the other end might get annoyed with
> you. The fact that people on this list need to be convinced that

Oh, I don't know about that.  Lots of good ideas meet resistance at
first.  That's classic human behavior.  Time will tell.

> challenge-response is a good idea does not bode well for someone using a
> challenge-response system.
> I think Bayesian filtering works great. I use SpamBayes (written in

(That moved to a new thread ... good idea)

On Fri, 16 Jun 2006, Anna Ravenscroft wrote:

> On 6/16/06, Anna Ravenscroft <annaraven at gmail.com> wrote:
> > Lastly, on a less "practical" plane and more emotional one: my
> > emotional reading of it as a signal is - "oh, this person wants to be
> > left alone. Okay, I won't bother them anymore. " and avoid emailing
> > the person in the future. This may not be the person's intent (and may
> > or may not be a common reading), but it's something users of C/R
> > systems may want to be aware of.

Hmmm.  The plan is to make the challenge message customizable by the
user.  Then, if the user wants, she can beg and plead for people to
respond, saying she really wants to get your message.

> Ick! I had clicked on "reply to all" to send my response to the
> lmailing list and it sent a copy automatically to Marilyn. Instead of
> the usual "reply to this email" challenge, it expects me to click on a
> link!

I haven't looked at other CR systems in a long time.  They used to all
go to the web.  I don't quite understand how to do it as a reply-to-
the-email-message.  The challenge would have one image in the email
and ask you to put the response where?  The nice thing about going to
the web is that we can give people several chances to get it right.

The 'reply to this email' auto-responders that I am aware of are not
spam preventers, not CR, but Joe Job preventers, called "confirmation"
messages.  Like, when you made a request to join this list, you
received an email asking you to confirm your subscription request.

A challenge has to be something that a human can do, but a computer
cannot, so a simple reply-to isn't good enough.

A Joe Job is an evil prank where someone forges your address to a
jillion subscription requests and fake addresses and everything they
can find so that your email gets filled up with stuff and becomes
unusable.  Spammers don't do that because they want to sell you stuff,
not ruin your mail and make you angry.  

> Talk about a way for spammers to get real eddresses (oh yes, click
> here!) I don't remember every single person I may have emailed (yes -
> I probably *do* send far too much email) so no way would I just click
> on some random link that happened to be in an email. The *least* I
> would expect would be a copy of my original email to Marilyn so I
> could at least judge whether it's a legitimate challenge to something
> I actually sent or something out of the blue from some spammer,
> without making me have to search through my sent box.

The challenge comes right away, unless the network is broken.  It
bears the subject line, although it would be a nit to include more of
the message.  So thank you, I'll think about it.  Maybe a the first 10
lines would be a help to someone.

> [shudder] Sorry but this is a really unpleasant variant of the
> challenge/response system, imho.

Like I said, I don't understand how to do it all in email, and give
people more than one chance to get the challenge right.  Or, if they
get it wrong, do I send them another message with a new image?  That
seems even more tedious.  

I don't know.  I'll think about it.  But if you just sent me a message
and yet you don't trust a link I send right back to you, or don't
remember that you sent me a personal message, well, I guess I lose
that one.  I guess it wasn't so personal after all?

Anyhow, I do appreciate people taking the time to think about this
with me.  And I'm glad that the arguments seem to have come down to

Some people love it.

BTW, it isn't quite bulletproof.  Some spammers actually answer the
challenge.  It's very rare and it tends to be those personal sob
stories spams.  It's heart-wrenching because I tend to imagine that
some poor honest person in trouble spent their last few hundred
dollars to buy a spammers' list and they are hoping to get saved from
their situation.  The only response they get is my challenge, they
answer it, and then all quiet.

Too much imagination!

Thanks again,


> Anna


More information about the Baypiggies mailing list