Home / Blogs

The Kindness of Strangers, or Not

By John Levine Author, Consultant & Speaker

A few days ago I was startled to get an anti-spam challenge from an Earthlink user, to whom I had not written. Challenges are a WKBA (well known bad idea) which I thought had been stamped out, but apparently not.

The plan of challenges seems simple enough; they demand that the sender does something to prove he’s human that a spammer is unlikely to do. The simplest ones just ask you to respond to the challenge, the worse ones like this one have a variety of complicated hoops they expect you to jump through.

What this does, of course, is to outsource the management of your mailbox to people who probably do not share your interests.

In this case, I sent a message to a discussion list about church financial management, and the guy sending the challenges is a subscriber.

Needless to say, an anti-spam system that challenges messages from mailing lists to which the recipient has subscribed is pretty badly broken, but it’s worse than that.

On the rare occasions that I get challenges, my goal is to make the challenges go away, so I have two possible responses:

  • If it’s in response to mail I didn’t send, i.e., they’re responding to spam that happens to have a forged From: address in one of my domains, I immediately confirm it. That way, when the guy gets more spam from the forged address, it’ll go straight to his inbox without bothering me. Since the vast majority of spam uses forged addresses, this handles the vast majority of the challenges.
  • If it’s in response to mail I did send, I don’t confirm it, since I generally feel that if it’s not important enough for them to read my mail, it’s not important enough for me to send any more. In this particular case, I wrote to the manager of the mailing list and encouraged him to suspend the offending subscriber, since if he’s sending me challenges, he’s sending them to everyone else who posts to the list, too.

You may have noticed that neither of these is likely to be what the person sending the challenges hoped I would do. But you know, if you give random strangers control over what gets into your inbox, you get what you get. So don’t do that.

There are plenty of other reasons not to send challenges, notably that many mail systems treat them as “blowback” spam with consequent bad results when the system sending the challenges tries to send other mail, but I’d hope the fundamental foolishness of handing your inbox to strangers would be enough to make it stop.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

I just ignore the challenges Dan York  –  Sep 21, 2016 12:36 AM

When I get one of these (and they are thankfully very rare these days), I just delete it. If it is from someone to whom I really want to communicate, I may try some other messaging channel. Or not. I agree they are foolish.

# 1 Reply  |  Link  |  Report Problems

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

View All Topics