If you are a user of a challenge-response e-mail system like SpamArrest, please note that we will not reply to e-mail challenges for the following reasons:

  1. There is no way for us to distinguish between legitimate challenges and those caused by spammers attempting to deliver e-mail with addresses forged to look like they come from our domain.
  2. There is no way to tell whether any given challenge is actually legitimate. Some spammers have been sending out e-mail that looks like e-mail challenges in order to get people to click links, whether to validate their e-mail addresses or to install malware on their systems.
  3. Some of the supposedly legitimate challenge-response operations have previously used their challenges to harvest other peoples’ addresses for unsolicited commercial e-mail (aka spam). There is also a concern that they may be retaining data on past communications for various purposes.
  4. Challenge-response places all of the burden for spam on legitimate senders of e-mail. Essentially you are fobbing your spam problem off on other users rather than taking responsibility for it yourself. The burden belongs on the spammers, not on legitimate users of e-mail, and so challenge-response is an inappropriate way to attempt to screen incoming mail. We do provide DKIM signatures on all outbound mail, and we also publish a draconian SPF record. These steps should enable e-mail providers to screen out any e-mail with forged addresses corresponding to our domain. And since we do not send spam, there should be no reason to use challenge-response addresses with us.

Categories:

Notices