Posted on: Sunday, June 8, 2003
Anti-spam technique holds perils of its own
By Anick Jesdanun
Associated Press
NEW YORK It's being promoted as a surefire way to eliminate unsolicited e-mail: Force senders to prove they are human rather than one of those automated programs that inundate the Internet with spam.
Known as challenge-response, the technology obliges the senders to verify their authenticity before their electronic messages can be accepted.
But the technique has consequences far beyond stymieing spam-spitting software robots, and some leading anti-spam activists fear it could backfire and render e-mail useless if widely adopted.
EarthLink introduced challenge-response recently to its 5 million subscribers, which means legitimate senders of e-mail could now face many more hoops to get their messages delivered.
While the technique is not entirely new, usage has been limited to the thousands. But EarthLink expects half its customers will turn on the free service by year's end and other Internet providers are weighing a similar offering.
"Challenge-response is very, very unfriendly and rude to legitimate senders of e-mail," said Steve Atkins, an anti-spam consultant in Redwood City, Calif.
It typically works like this: When a recipient gets e-mail from an unknown sender, software automatically returns a message a challenge requiring the sender to perform a task such as filling out a form. Presumably, spammers won't bother.
Supporters liken the technique to knocking on a door and asking permission for entry.
Recipients may pre-approve senders the equivalent of giving them a set of keys so they won't have to knock every time. But if recipients forget, e-mail discussion lists and the people who run them could get bombarded with challenges. Some lists have thousands of subscribers.
Worse, some of those messages could get broadcast to all of a list's recipients, some of whom might send back additional challenges, creating an endless and annoying "mail loop."
In light of EarthLink's announcement and the prospect of millions more users sending challenges, many list administrators already have vowed to ignore them, effectively barring recipients who employ the technique.
"They can get pretty overwhelming is a nice polite way of putting it," said David Farber, a former Federal Communications Commission chief technologist who runs a 25,000-member list on technology.
EarthLink's spam filter blocks up to 80 percent of spam. But spam has increased sixfold over the past 18 months.
The company decided to offer its customers the challenge-response option because cranking up spam filtering would only cause more legitimate mailings to get tossed by mistake, said Jim Anderson, vice president of product development.
"It's as close to a silver bullet as you're going to get," Anderson said.
America Online blocks up to 80 percent of incoming e-mail, or more than 2 billion messages a day.
But company spokesman Nicholas Graham says AOL won't adopt challenge-response because having to send out 2 billion challenges a day would tax the system.