Challenge-Response mail filters block themselves
Every week I get seven or eight email messages from challenge-response spam-blocking services like MailBlocks or Earthlink’s Spamblocker, asking me to take a few simple extra steps to get my email delivered. For the most part, I delete them.
I don’t believe in services like this because they start with the assumption that the recipient’s time is far more important than mine. Worse, most of the blocked messages are my responses to people’s questions. If you’re going to email me a question, don’t make it hard for me to get the answer to you. I won’t bother.
Now I read in techdirt that people like me aren’t the only thing keeping these systems from working. In an ironic twist, the challenge messages are being blocked by spam filters, so the sender often doesn’t see them at all.
This makes me wonder: what happens if everyone uses a service like this?
- I send you a message.
- Your spam blocker holds the message and sends me a challenge message.
- My spam blocker holds the challenge message and sends you a challenge.
- Your spam blocker holds the message….
I imagine MailBlocks has a way to prevent loops like this within their system, but if everyone uses different systems, what can they do? If they start whitelisting anything that looks like a challenge message, spam and viruses will start looking like challenge messages to get through. This whole idea just doesn’t scale.
The challenge system needs to have some integration with the protectee’s mail sending sytem. My own challenge system checks for an In-Reply-To header on incoming messages. If the header exists, my system checks the specified message-id against the message-ids in my Sent messages. Basically if it’s a reply to a message that I sent, it gets through.