| Challenge-Response Spam
Control
C-R software is built on a very simple premise: most people's legitimate email comes from a small group of addesses. Consequently, if we can establish a way to validate that group of addesses, we can junk all the rest of the email as being spam. So far so good. Now we need to figure out a way of doing this, and the solution that the C-R systems use is to put the unrecognised email into a holding queue and send back a challenge to the originator of the mail. The challenge requires the sender to return a response that only a human can figure out. Once a successful response has been received the original email is released, and the address of the sender is added to a list of emails to be sent straight through in the future. Sounds good doesn't it? Unfortunately, the whole edifice is built on a fundamentally flawed assumption and includes an ill-thought out technical gotcha. The flawed assumption is very simple. It is the assumption that all legitimate email senders are individual humans. This is simply not the case. Much of the non-spam email on the Internet is subscription lists. In my own, admittedly extreme, case, for instance, something like 90 percent of my non-spam email is from lists. And, of course, it is impossible for list owners with lists that may have thousands, if not tens of thousands of subscribers, to answer challenges from each of their subscribers' software. The technical gotcha is a classic. The Internet is creaking under the impact of millions of spam messages, and what do C-R systems propose to do? Reply to each and every spam message, thereby doubling the traffic that spam generates! This is another of those whiz-kid golden bullet solutions to the social problem of spam on the Internet. Most of this spam is generated by relatively few individuals (see, for instance, the story in shorts about the Buffalo spammer, who alone is alleged to have generated 825 -million- emails). The last estimate I saw was that about 200 individuals generate something like 90 percent of all spam. I can well believe it! We need to deal with the individuals, not apply destructive blanket measures to all email. The key problem with this solution is that it fails to understand the developments in the culture and direction of the Internet over the past five years. Subscription lists have become increasingly important because of their ability to provide individuals with information, analysis and commentary in a targeted way which is impossible even using a search engine/web site combination. Nice try, but unfortunately it doesn't meet the needs of the real world.
|
If you have any questions or comments about the articles on my web site, click here to send me email. |