A few years ago I came in contact – but unfortunately lost the
contact – with a mail-application that blocked arriving mails and
returned them to the sender with a request to include a certain
“password” as the first word of the subject and resend the message. The
second time the mail sent with that word in the subject line it would
be delivered, as would all mails with that “password” as the first
subject word. (Naturally, any password could be chosen.)
I think this was the most genius spam eliminator I have met – if I
do not remember wrongly there was an option to keep a list of ALL
arriving mails, ‘legitimate’ as well as ‘unwanted’ ones.
Do you know the name of this product?
I do not know the name of the product that provided that
However, I do know the terminology for that general class of spam
You may find it “genius”, but I gotta say … I find it one of the
most annoying techniques on the market, and would never use it myself.
Among other things, you’ll end up missing a lot of email you really,
honestly, wanted – and probably pissing off a few of your friends.
Become a Patron of Ask Leo! and go ad-free!
This general class is referred to as “challenge/response”. In short,
when someone sends you an email for the first time, they are sent back
a “challenge”, which validates their return address and instructs them
to somehow prove that they are human and legitimate. They then return a
“response” that proves that, and their original email is delivered.
Thereafter, their email address is white listed, and they shouldn’t see
the challenge again.
What you describe is very similar: your challenge is to do something
specific to the email message, and once done that, and all other emails
that follow the same rule will be delivered without delay.
One commercial provider of this service is SpamArrest. Occasionally ISPs will provide this
functionality, so you might want to check with yours.
OK, so why do I react so negatively to this technique?
To begin with, there’s a philosophical argument. You’re moving the
“work” associated with your spam problem to anyone who emails
you. You just made your problem their problem. As tempting as it is,
that just feels very, very wrong.
The more practical matter are all the people, the legitimate
senders, who won’t respond to the challenge. And there are many reasons
that they might not:
They might not receive it. Delivery could fail, or the challenge
itself could be filtered as spam.
They might not understand it, and simply delete it. Given the vast
quantities of spam we all do get, most of the challenges I’ve seen
could easily be seen as spam or a phishing attempt on a quick glance,
even though they’re not.
The sender might feel as I do, and simply be unwilling to
The sender might be a machine. This is the one that’s a real deal
breaker for me: say you sign up for a new account on some web site,
which then sends you a confirmation email you must respond to in order
to activate your account. You never get it. Why? Because your C/R
system blocks it and sends a challenge back to the originating system –
which doesn’t know how to respond, or sends from a no-response email
Now, to be fair, there are counter arguments for every point I’ve
raised. The challenges are of course architected to be deliverable and
understandable. Senders such as myself are presumably in the minority.
And if you remember to do so, you can typically proactively whitelist
addresses that you know are going to be sending you email.
And yet, it all seems error prone to me. To me, getting a little
more spam is less painful than missing an email for whatever
But, obviously, you’ll have to make your own decision.
Search for “challenge response” and you’ll turn up a number of
providers, as well as a number of opinions, both agreeing and
disagreeing with me.