Home / Blogs

The Kindness of Strangers, or Not

John Levine

A few days ago I was startled to get an anti-spam challenge from an Earthlink user, to whom I had not written. Challenges are a WKBA (well known bad idea) which I thought had been stamped out, but apparently not.

The plan of challenges seems simple enough; they demand that the sender does something to prove he's human that a spammer is unlikely to do. The simplest ones just ask you to respond to the challenge, the worse ones like this one have a variety of complicated hoops they expect you to jump through.

What this does, of course, is to outsource the management of your mailbox to people who probably do not share your interests.

In this case, I sent a message to a discussion list about church financial management, and the guy sending the challenges is a subscriber.

Needless to say, an anti-spam system that challenges messages from mailing lists to which the recipient has subscribed is pretty badly broken, but it's worse than that.

On the rare occasions that I get challenges, my goal is to make the challenges go away, so I have two possible responses:

  • If it's in response to mail I didn't send, i.e., they're responding to spam that happens to have a forged From: address in one of my domains, I immediately confirm it. That way, when the guy gets more spam from the forged address, it'll go straight to his inbox without bothering me. Since the vast majority of spam uses forged addresses, this handles the vast majority of the challenges.
  • If it's in response to mail I did send, I don't confirm it, since I generally feel that if it's not important enough for them to read my mail, it's not important enough for me to send any more. In this particular case, I wrote to the manager of the mailing list and encouraged him to suspend the offending subscriber, since if he's sending me challenges, he's sending them to everyone else who posts to the list, too.

You may have noticed that neither of these is likely to be what the person sending the challenges hoped I would do. But you know, if you give random strangers control over what gets into your inbox, you get what you get. So don't do that.

There are plenty of other reasons not to send challenges, notably that many mail systems treat them as "blowback" spam with consequent bad results when the system sending the challenges tries to send other mail, but I'd hope the fundamental foolishness of handing your inbox to strangers would be enough to make it stop.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Email, Spam

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

I just ignore the challenges Dan York  –  Sep 20, 2016 5:36 PM PDT

When I get one of these (and they are thankfully very rare these days), I just delete it. If it is from someone to whom I really want to communicate, I may try some other messaging channel. Or not. I agree they are foolish.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Promoted Post

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Port25 Announces Release of PowerMTA V4.5r5

New Case Study: Jobtome.com Replaces 30 Postfix Servers with a Single PowerMTA

An Update on Port25 and the Future of PowerMTA - One Year Later​

Encrypting Inbound and Outbound Email Connections with PowerMTA

V12 Group Sustains Customer Satisfaction by Deploying PowerMTA for Launchpad Platform

PowerMTA Now Offers Scheduled Delivery Control

DKIM for ESPs: The Struggle of Living Up to the Ideal

Reactivation Campaign: Shared vs. Dedicated IPs

To Where are Bounce Messages Sent?

An Open Source Perspective on Commercial MTAs

Five Essential PowerMTA Configuration Tips

What's New With Port25's PowerMTA v4.5

New Feature in PowerMTA v4.5: IP Based Rate Limiting

Case Study: Emergency Response Systems Rely on Timely Messaging Through PowerMTA

Port25 Announces Next Major Release of Its Email Delivery Solution, PowerMTA

Case Study: How PowerMTA Transparent Deliverability Metrics Paves Way for Email Service Provider

Case Study: MailChimp Achieves Efficient Execution and Reliability with PowerMTA

Case Study: Emma Swaps Its SMTP Infrastructure for PowerMTA to Handle Growing Mail Volume

Sponsored Topics