I recently built a challenge/response spam blocking system for myself, quite similar to SpamArrest. Anywho, I wrote up an article on my experiences and my thoughts on challenge/response anti-spam systems. Here is a snippet to whet your appetite!
I am no longer hesitant to give out my email address on the Internet - it's mitchell@4GuysFromRolla.com. Of course, I've never been too hesitant to publish my email address, it's on literally thousands of Web pages on the three Web sites I run (4GuysFromRolla.com, ASPFAQs.com, and ASPMessageboard.com), which helps explain why, prior to October 6th, 2003, I was receiving over 100 spam emails per day on one email address.
Spam has been a major problem for me for the past several years. With each passing year the number of spams I received has more than doubled. Assuming this continued exponential growth, I estimated by 2010 I would be receiving over 61,000 pieces of spam in my Inbox per day. That's over 42 pieces of spam per second. Of course, these estimations are more for a grin than to be taken seriously, but the fact remains: prior to October 6th I was inundated by a daily torrent of spam.
"What happened October 6th," you ask? Did I shut down Outlook for good? Nope, I employed what seems to me the only plausible way to end spam but still receive important email: I built a challenge/response (C/R) spam blocking system. A C/R spam blocking system works by allowing emails from a list of "trusted" email addresses (a white list), and refusing emails from a list of "black list" emails. When a new email arrives, the email's From (and possibly To) address is checked to see if it belongs in the white list or black list. Email messages from white listed addresses are downloaded by my email reader, while black listed emails are automatically deleted. When a message arrives from a sender who is in neither the white nor black list, the person is sent a challenge email, with directions on how to respond. The response process is simple, namely that they visit a Web page and enter a password. Once this step is completed, the person is added to the white list. Until this step is performed, their email is in limbo.
The whole idea behind a C/R spam blocking system is that the spammer will not take the time to respond to the challenge email, while people who are interested in contacting me will respond so that they can be added to the white list. This response is a one-time affair, and only takes a moment, so (in theory), anyone who is interested in contacting me won't mind the brief step they need to perform prior to emailing me. There are currently a couple of commercial companies that offer spam control via C/R. The one I have heard most talk about is SpamArrest, which charges a reasonable monthly fee for their service.
This article, I think you will agree, is a bit lengthy. It is divided up into three sections. In the first part, I examine the C/R spam blocking system I built, offerring advice and lessons learned to others who may be interested in implementing such a system. In the second section I evaluate the success of my C/R spam blocking system. Finally, in the third part I discuss both the negatives and positives of C/R spam blocking systems.
[Read the Rest of the Article!]