challenge response email filtering


Outlook Express Spam Message

If you're tired of dealing with the daily scurge of email spam, you've no doubt invested in anti-spam software.   What you may not know is email spam challenge response are superior, in many ways to traditional filtering solutions, such as Norton and McAfee Internet Security, Trend Micro Internet Security, even dedicated products such as Mailcurb and IHateSpam.  All of these packages depend on what's called "baysian" filtering.  Baysian filtering is a way for software makers to scan your incoming messages and look for clues characteric of unsolicited email.   Such clues include keyword searching, including looking for common spam words and phrases.  If you're used to dealing with spam, you're no doubt aware of the tactics they use.  Typically most anti-spam filtering solutions over-filter and place legitimate email in the spam folder, causing you to have to visit the program's spam or junk mail folder and sift through hundreds of email messages making sure the spam filter didn't go overboard and filter some item you wanted, and missing that important correspondence.  If you reduce the threshold so the Spam filtering software isn't quite so aggressive, you risk passing spam into your main inbox.  Professional solutions exist for business, such as Appriver and Postini, but these companies require minimum monthly fees, making them cost prohibitive to individual users.

Spamarrest.com Challenge Screen

Challenge-Response anti-spam solutions are not a new idea.  The idea behind this if you get an e-mail from someone, the service sends an automatic reply to the original sender, requesting some information from them.  The idea is that a real person will respond to the "challenge" and send a signal to the Anti-Spam provider that they are a real person.  Spammers who send out automated junk mail cannot or will not reply to the challenge email they receive because they do not want to take the time to respond.  Spammers send emails in the hundreds of thousands, and even in the millions, often using fake originating addresses.   This means a majority of the time the Spammer never receives the challenge.  If the spammer never sees the challenge, he never knows his email was rejected.  In a way, his own system is working against him.

Spamarrest.com Captcha Response System


The Antispam challenge response system makes it very difficult for computers to perform automated replies.  So far, no one has figured out a way for computers to read distored or obsfugated Captcha images.   There are primarily two solutions - Client and Server solutions.

Comparing the two systems

Client solutions run on your PC, as a background process, Server solutions are a hosted web service.  Client applications have an up front cost (starting around $40, and incidents requiring technical support may incur support fees.  The customer may have to pay for periodic software updates.  Web Based solutions have monthly or yearly subscription fees.  Web services such as Spamarrest.com are easier to much implement and use than client based software.

Client solutions filter your email on your PC.  This works fine if you work primarily with one PC, and do not have multiple PC's, and you do not want to check your mail from other PC's, Blackberries, IPhones, or Smart Phones.  This is because spam filtering occurs downstream from your mail server.   Such client solutions include Bongo Antispam, Zaep, and Choicemail.

Web solutions poll email from your mail server and stores messages on their server.  The web service sends challenges to all unknown or unapproved senders.  The subscriber is able to logon to the spam filtering service to check out all messages pending.  Your email client, such as Microsoft Outlook or Outlook Express is changed so it polls messages from the spam filter service.

Controversy over Challenge Response Systems

Many users and technical people do not like Challenge Response systems, because in effect it further pollutes Internet traffic.  In a CR system, all email not on the sender's "approved" list is bounced back to the sender.  Technical people think this is a waste of bandwidth, network, and server resources.  An achillie's heel of Challenge Response system is email forgery.  That's where someone gets an email address of someone on your trusted list and starts sending spam with a forged email address.  For example if joe@joescrabshack.com is on your approved list, and someone uses the email address as its fake sender name, a Challenge Response system will let the message through to your inbox without any restrictions.  Victims of forged email addresses may feel the wrath of a challenge response system, getting bounceback challenges of email messages they never sent.

What PCNS has found is the challenge response system is highly effective where the user is barraged with spam and finds existing client server solutions ineffective or inaccurate.  Like traditional anti-spam products that use keyword scanning, challenge response systems require some setup so you do not send challenges to your known and trusted users.  Most packages will import your address book so they will not be challanged.  If you subscribe to newsletters or other automated feeds, those email addresses must be approved during the setup process.

How Viagra Spam works

The Captcha Challenge Response System

Full Disclosure:  PCNS has no marketing affiliation with Spamarrest.com.