[Baypiggies] Challenge/Response email systems

Ken Seehart ken at seehart.com
Sat Jun 17 20:19:59 CEST 2006 

Marilyn Davis wrote:
> ----- On Friday, June 16, 2006 aahz at pythoncraft.com wrote:
>
>   
>> On Fri, Jun 16, 2006, Marilyn Davis wrote:
>>     
>>> I haven't looked at other CR systems in a long time.  They used to all
>>> go to the web.  I don't quite understand how to do it as a reply-to-
>>> the-email-message.  The challenge would have one image in the email
>>> and ask you to put the response where?
>>>       
>> Oh, an image.  And where does that put those of us who mostly use
>> text-only systems or blind people?
>>     
>
> Now that is an issue!  What is the right thing?  Provide a telephone number?
>
> After a night's sleep I remembered the problem we see with Ken's suggestion:
>
>   
>> My understanding is that there are a couple kinds of CR systems.  One kind
>> is blind, and sends a
>> challenge to anyone not on a whitelist (call this Blind CR), and another 
>> kind that only sends a challenge when the email is:
>>
>>    1. Not on whitelist.
>>    2. Has a moderately high spam score.
>>    3. Doesn't have a super high spam score (just dump these in the spam 
>> bucket).
>>     
>
> Say that Guido's message had a low spam score and was delivered into my inbox.  Does that automatically put him on my white list?  What if his second message has a high spam score? Does he get a challenge on his second message?  
>
> Ken, do you know how that works?
>
> Marilyn
>   
I don't know how existing systems work.  The way I would want it to be 
implemented is this:  It would temporarily light-gray-list him due to 
his good looking email, but if the user puts that message in the spam 
bucket later, he is removed from the light-gray-list, and send a 
challenge. :-)

Of course if you respond the the first email, he is permanently whitelisted.

Perhaps reading an email without marking it as spam should whitelist the 
sender (this being reversible if the mail is later put in the spam bucket).

Such a system would need to have memory of why senders are whitelisted, etc.

Anyway, after much debate, I have decided to join the anti-CR league.  
(though I will happily respond to CR requests from others, provided the 
CR requests don't wind up in my spam bucket.  /My spam filter needs to 
have very few (or no) false positives/.  Any time a legitimate sender 
fails to reply to my CR for whatever reason, that would be effectively 
the same as a false positive.

BTW, a system that puts my false positives in a bucket (whether server 
side or client side) along with all my spam that I can sort through 
later, is almost completely useless, since, for me, the purpose of a 
spam filter is to save me the trouble of manually sorting through spam. 
Temporarily postponing the job of sorting through junk mail just means 
that I am likely to occasionally bury important email for a couple 
weeks.  However, no time is saved, so I gain nothing.

- Ken

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/baypiggies/attachments/20060617/0d852274/attachment.htm

More information about the Baypiggies mailing list