Email challenge-response: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>David MacQuigg
(stub article)
 
mNo edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{subpages}}
{{slashtitle|Email challenge/response}}
{{slashtitle|Email challenge/response}}
{{subpages}}


'''Challenge/Response (C/R)''' is a method of filtering spam email.
'''Challenge/Response (C/R)''' is a method of filtering spam email.
The sender is asked to respond to a challenge, on the theory that only legitimate senders with important messages will respond.
C/R is controversial due to its potential for generating unwanted challenges to forged sender addresses.
The sender address may be:
1) A fictitious or invalid address.
2) An address of a real person, either
  a) the actual sender's address, or
  b) a forged address.
C/R is 100% effective in eliminating category 1.  Category 2a is less than 100% effective identifying legitimate senders, because some will not respond to the challenge. 
Category 2b is almost always an annoyance to the person whose address was forged.  Many will report these challenges as "backscatter spam".  Few will take action to avoid such backscatter.
Backscatter spam may be reduced by publishing an [[Sender Policy Framework|SPF record]].  Spammers generally avoid using return addresses that are protected by SPF.
A properly-designed C/R system will not send a challenge to an SPF-protected sender's address, unless that address passes the SPF check.  In that case, a challenge to a forged address should be a welcome alert to its recipient, leading to correction of a problem on the recipient's side.[[Category:Suggestion Bot Tag]]

Latest revision as of 16:00, 11 August 2024

This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.
Due to technical limitations, this article uses an unusual title. It should be called  Email challenge/response.

Challenge/Response (C/R) is a method of filtering spam email.

The sender is asked to respond to a challenge, on the theory that only legitimate senders with important messages will respond.

C/R is controversial due to its potential for generating unwanted challenges to forged sender addresses.

The sender address may be:

1) A fictitious or invalid address.
2) An address of a real person, either
  a) the actual sender's address, or
  b) a forged address.

C/R is 100% effective in eliminating category 1. Category 2a is less than 100% effective identifying legitimate senders, because some will not respond to the challenge.

Category 2b is almost always an annoyance to the person whose address was forged. Many will report these challenges as "backscatter spam". Few will take action to avoid such backscatter.

Backscatter spam may be reduced by publishing an SPF record. Spammers generally avoid using return addresses that are protected by SPF.

A properly-designed C/R system will not send a challenge to an SPF-protected sender's address, unless that address passes the SPF check. In that case, a challenge to a forged address should be a welcome alert to its recipient, leading to correction of a problem on the recipient's side.