Summary of Challenge-Response: a Panacea or Abuse?

Challenge response systems have been around long enough now that pretty much everybody has an opinion on them. The end users who use challenge response systems seem to love them. But legitimate email senders often never respond to challenges, and so the end users are actually missing out on a lot of wanted email.

Challenge-Response: a Panacea or Abuse?

Challenge-response systems have been around long enough now that pretty much everybody has an opinion on them.

The end users who use challenge response systems love them, at least for the most part, because they really do stop spam from getting in. In fact, many think that challenge response will solve - indeed has solved - their spam problem for them.

I say “for the most part” because they also really do stop wanted email from getting in. And that’s because many email senders do not - or will not - respond to the challenges.

Let’s look at why this is.

First, challenges often end up being eaten by spam filters, so that the email sender never receives the challenge, and thus can’t respond to it. This is for a few reasons, not the least of which is that many spammers have sent spam which emulates - that is the spam is made to look like - a challenge to email that the spam target has supposedly sent.

Another reason that challenges are eaten by spam filters is because, let’s face it, they are unsolicited mail. Some consider this abuse. And because one’s challenges all look the same as they are sent out, they appear to spam filters as unsolicited bulk mail. It’s no wonder that spam filters eat them.

And while we’re talking about email abuse in the challenge response context, if someone forges your email address as the sending “From” address in a spam run, guess where all the challenges from the challenge response systems triggered by that spam run will go? That’s right - to you.

Still another reason that senders don’t respond to challenges though - and really that is what we are here to talk about today - is because challenges are the bane of the legitimate commercial email senders’ existence - especially if the sender is sending out bulk email.

Higher volume email senders may send thousands - indeed hundreds of thousands - of emails a day. There is simply no way that they are going to manually respond to the dozens of challenges per day that such a sending volume could generate.

And, many feel, nor should they have to. If you have asked to receive someone’s mailings, then you should not transfer the burden of your receiving that mailing to the sender.

This is such a burden, and hassle, in fact, that many commercial email senders have a policy (unstated or otherwise) that they simply will not respond to challenge response challenges.

Unfortunately, people in the “challenge response is awesome” camp and those in the “challenge response is abuse” camp seem firmly entrenched where they are. And so challenge response is probably both here to stay, and being completely ignored.

Get delivered to the inbox with SuretyMail Email Accreditation. Guaranteed!

Download our Email Deliverability Handbook here!

Get Free Email Alerts of New Articles!

3 Comments »

  1. Comment by:
    Peter Bowyer

    A complete no-brainer, Anne. C/R creates more unsolicited mail, not less; much of it in the form of backscatter to forged sender addresses. Only the blinkered, selfish and deluded could consider that this is a good thing.

  2. Comment by:
    Russell Nelson

    Challenge Response Authorization Protocol == CRAP.

  3. Comment by:
    Jim

    What really bugs me is when somebody sends me an email to which I reply and they have the temetry to request that I verify who I am. In some instances, I am compelled to do because I am answering an important question, but it sure is irritating.

RSS feed for comments on this post.

Leave a comment

If you want to leave a feedback to this post or to some other user´s comment, simply fill out the form below.

(required)

(required)