[Baypiggies] Challenge/Response email systems
Marilyn Davis
marilyn at deliberate.com
Sat Jun 17 21:06:44 CEST 2006
----- On Saturday, June 17, 2006 ken at seehart.com wrote:
> Marilyn Davis wrote:
>
> ----- On Friday, June 16, 2006 aahz at pythoncraft.com wrote:
>
>
>
> On Fri, Jun 16, 2006, Marilyn Davis wrote:
>
>
> I haven't looked at other CR systems in a long time. They used to all
> go to the web. I don't quite understand how to do it as a reply-to-
> the-email-message. The challenge would have one image in the email
> and ask you to put the response where?
>
>
> Oh, an image. And where does that put those of us who mostly use
> text-only systems or blind people?
>
>
>
> Now that is an issue! What is the right thing? Provide a telephone number?
>
> After a night's sleep I remembered the problem we see with Ken's suggestion:
>
>
>
> My understanding is that there are a couple kinds of CR systems. One kind
> is blind, and sends a
> challenge to anyone not on a whitelist (call this Blind CR), and another
> kind that only sends a challenge when the email is:
>
> 1. Not on whitelist.
> 2. Has a moderately high spam score.
> 3. Doesn't have a super high spam score (just dump these in the spam
> bucket).
>
>
>
> Say that Guido's message had a low spam score and was delivered into my inbox. Does that automatically put him on my white list? What if his second message has a high spam score? Does he get a challenge on his second message?
>
> Ken, do you know how that works?
>
> Marilyn
>
>
> I don't know how existing systems work. The way I would want it to be
> implemented is this: It would temporarily light-gray-list him due to
> his good looking email, but if the user puts that message in the spam
> bucket later, he is removed from the light-gray-list, and send a
> challenge. :-)
I don't think I'd send a challenge. I guess if the user puts the message in the spam bucket, we ought not let the guy get it back into the inbox.
>
> Of course if you respond the the first email, he is permanently
> whitelisted.
>
> Perhaps reading an email without marking it as spam should whitelist
> the sender (this being reversible if the mail is later put in the spam
> bucket).
>
> Such a system would need to have memory of why senders are whitelisted,
> etc.
We keep lots of data. This would be no problem.
>
> Anyway, after much debate, I have decided to join the anti-CR league.
> (though I will happily respond to CR requests from others, provided the
> CR requests don't wind up in my spam bucket. My spam filter needs
> to have very few (or no) false positives. Any time a legitimate
> sender fails to reply to my CR for whatever reason, that would be
> effectively the same as a false positive.
>
> BTW, a system that puts my false positives in a bucket (whether server
> side or client side) along with all my spam that I can sort through
> later, is almost completely useless, since, for me, the purpose of a
> spam filter is to save me the trouble of manually sorting through spam.
> Temporarily postponing the job of sorting through junk mail just means
> that I am likely to occasionally bury important email for a couple
> weeks. However, no time is saved, so I gain nothing.
Yeh. That's no good in my eyeballs too.
Thanks for the spec. I think I'll lobby for something like this in the next iteration.
Marilyn
>
> - Ken
More information about the Baypiggies
mailing list