BoxSentry Ditches Challenge/Response

Singapore-based BoxSentry has historically been known as a challenge/response spam filter vendor. Readers will probably be aware that we’re no fans of C/R.

Briefly, if a C/R recipient is sent email “from” a sender that it’s never heard of, it auto-replies with a challenge. Until the sender has satisfactorily responded to the challenge, the mail doesn’t get through to the recipient’s inbox. The technique is generally less accurate than those used by today’s state-of-the-art spam filters. A significant number of people just don’t respond to challenges, which means that the false-positive problem is worse than with conventional filtering. Users who employ C/R are also seen by some as spammers in their own right, because most spam has forged sender addresses — much of them the addresses of innocent third parties.

As time goes by, BoxSentry has gradually de-emphasized C/R, but until recently it was still sending challenges for a small but significant proportion of the spam it received — and hence was sending unsolicited “replies” to people who had never sent email to the BoxSentry user.

At the RSA Conference, BoxSentry confirmed that it no longer uses C/R. This is great news for Internet users. We heartily welcome this development.

Richi Jennings

One Comment

  1. Posted May 7, 2009 at 4:08 PM | Permalink

    So then what *are* they doing? I hear rumors of a secret project happening over there in Singapore, but no announcements yet.

  2. Posted May 8, 2009 at 5:11 PM | Permalink

    Ken, expect another post on this subject coming soon.

Post a comment

You must be logged in to post a comment. To comment, first join our community.