Came across the latest anti-spam measure – challenge and response system (CRS). Prospective spammers are asked to confirm their mail by filling in a form – you know the one where you have to “enter the word as you see it in the box”. In fact all those people whose mail id is not on the contact list, are asked to fill this form. Its cool. So I’ve decided to put forth a proposal. All mail services, pay attention.
- Enable a CRS for your service. For all sections which involve receiving mail – on-line trading, web storage, hosting, community sites, anything that gets mail.
- If a user xyz is determined as a spammer, block him for ALL mail on ALL services BUT if a user xyz is determined as NOT a spammer, allow him ONLY for the recipient to which he is sending the mail.
- Maintain a response index (RI). If a user email@example.com has a good RI, then flexible CRS can be applied to him.
- Maintain reciprocal RI. In most cases, we have accounts with many service providers. In all cases, we give backup email ids. If firstname.lastname@example.org is the backup id of email@example.com, then this.com can keep an RI of firstname.lastname@example.org in the ‘email@example.com’ account and allow relatively flexible CRS for firstname.lastname@example.org.
- Obviously, CRS will not come into play if the id is present in your address box/contact list. Thus, it will cause a flurry of challenges and responses once it is introduced and people accept each others’ ids but then it will stabilise. Only those who are mailing you for the first time to a person will be challenged.
Services like cashette and spamarrest are ok but isn’t it time for the mainstream providers to start CRS?