We have built a very good challenge response system (and I'll save the
marketing plug). It works real well...except that I find that the concept
doesn't particularly work real well. By this, I mean, many people simply
don't respond to the challenge verification...I'm not sure this will
change..doesn't matter if it does. Therefore it's an option that users can
disable.
However, what is of value is that we use the C/R as a probe to see if an
actual email address really exists. When a spammer spoofs an aol or yahoo
address..and use a bogus sender..we get an immediate unknown-user reject..as
opposed to other systems that ingest the message and then bounce later
(bounce messages are of a type variety). We actually drop a non-trivial
percentage of spam just by probing the sender's email address.
I see Challenge/Response as the final threshhold of Spam
Blocking. If it is
done wrong on a large scale, it could sour the idea for everyone.
Then when
a truly good way to impliment it comes, everyone will dismiss it
as having
the same old problems.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg