[Baypiggies] Challenge/Response email systems

Marilyn Davis marilyn at deliberate.com
Sat Jun 17 21:06:44 CEST 2006 

----- On Saturday, June 17, 2006 ken at seehart.com wrote:

> Marilyn Davis wrote:
> 
>   ----- On Friday, June 16, 2006 aahz at pythoncraft.com wrote:
> 
> 
> 
>     On Fri, Jun 16, 2006, Marilyn Davis wrote:
> 
> 
>       I haven't looked at other CR systems in a long time.  They used to all
> go to the web.  I don't quite understand how to do it as a reply-to-
> the-email-message.  The challenge would have one image in the email
> and ask you to put the response where?
> 
> 
>     Oh, an image.  And where does that put those of us who mostly use
> text-only systems or blind people?
> 
> 
> 
> Now that is an issue!  What is the right thing?  Provide a telephone number?
> 
> After a night's sleep I remembered the problem we see with Ken's suggestion:
> 
> 
> 
>     My understanding is that there are a couple kinds of CR systems.  One kind
> is blind, and sends a
> challenge to anyone not on a whitelist (call this Blind CR), and another
> kind that only sends a challenge when the email is:
> 
>    1. Not on whitelist.
>    2. Has a moderately high spam score.
>    3. Doesn't have a super high spam score (just dump these in the spam
> bucket).
> 
> 
> 
> Say that Guido's message had a low spam score and was delivered into my inbox.  Does that automatically put him on my white list?  What if his second message has a high spam score? Does he get a challenge on his second message?
> 
> Ken, do you know how that works?
> 
> Marilyn
> 
> 
> I don't know how existing systems work.  The way I would want it to be
> implemented is this:  It would temporarily light-gray-list him due to
> his good looking email, but if the user puts that message in the spam
> bucket later, he is removed from the light-gray-list, and send a
> challenge.  :-)

I don't think I'd send a challenge.  I guess if the user puts the message in the spam bucket, we ought not let the guy get it back into the inbox.

> 
> Of course if you respond the the first email, he is permanently
> whitelisted.
> 
> Perhaps reading an email without marking it as spam should whitelist
> the sender (this being reversible if the mail is later put in the spam
> bucket).
> 
> Such a system would need to have memory of why senders are whitelisted,
> etc.

We keep lots of data.  This would be no problem.

> 
> Anyway, after much debate, I have decided to join the anti-CR league. 
> (though I will happily respond to CR requests from others, provided the
> CR requests don't wind up in my spam bucket.  My spam filter needs
> to have very few (or no) false positives.  Any time a legitimate
> sender fails to reply to my CR for whatever reason, that would be
> effectively the same as a false positive.
> 
> BTW, a system that puts my false positives in a bucket (whether server
> side or client side) along with all my spam that I can sort through
> later, is almost completely useless, since, for me, the purpose of a
> spam filter is to save me the trouble of manually sorting through spam.
> Temporarily postponing the job of sorting through junk mail just means
> that I am likely to occasionally bury important email for a couple
> weeks.  However, no time is saved, so I gain nothing.

Yeh.  That's no good in my eyeballs too.

Thanks for the spec.  I think I'll lobby for something like this in the next iteration.

Marilyn
> 
> - Ken

More information about the Baypiggies mailing list