Sendio Followup: Challenge/Response Is Still a Bad Idea
Last month, David wrote a bulletin about Sendio. This bulletin is a follow-up to that.
As the first bulletin mentioned, Sendio has a heritage of challenge/response (C/R) technology. As regular readers will know, we're no fans of C/R -- to put it mildly. In brief, our advice is to avoid any spam filter that replies to spam. The main two reasons are:
- It's a great way to get your own mail servers blacklisted, because you will inevitably be sending email to an innocent third party -- a party whose email address has been forged by the spammer. This is known as the "backscatter" problem (sometimes "outscatter" or "blowback").
- C/R causes a much higher false-positive problem than mainstream, state-of-the-art spam filters. In other words, you're less likely to receive the email you want. The reason is that the challenges often don't reach the legitimate senders, or if they do, some senders don't seem to respond to the challenge.
I've been researching email, spam, and spam filtering techniques since 1985. I've seen a host of "final, ultimate solutions to the spam problem" come and go. The vast majority are, quite simply, over-hyped.
Sendio is one of a gaggle of C/R vendors, many of whom are committed members of the "all spam filters are bad" religion. Sadly, these true believers' understanding of state-of-the-art spam filter techniques is naive at best.
Granted, many users suffer with poor spam filters, but the answer isn't to use C/R -- the answer is to get a better spam filter.
As always, we cordially invite Sendio or any other C/R vendor to tell us why we're wrong. ... Richi Jennings