Sendio Followup: Challenge/Response Is Still a Bad Idea

Last month, David wrote a bulletin about Sendio. This bulletin is a follow-up to that.

As the first bulletin mentioned, Sendio has a heritage of challenge/response (C/R) technology. As regular readers will know, we're no fans of C/R -- to put it mildly. In brief, our advice is to avoid any spam filter that replies to spam. The main two reasons are:

  1. It's a great way to get your own mail servers blacklisted, because you will inevitably be sending email to an innocent third party -- a party whose email address has been forged by the spammer. This is known as the "backscatter" problem (sometimes "outscatter" or "blowback").
  2. C/R causes a much higher false-positive problem than mainstream, state-of-the-art spam filters. In other words, you're less likely to receive the email you want. The reason is that the challenges often don't reach the legitimate senders, or if they do, some senders don't seem to respond to the challenge.

I've been researching email, spam, and spam filtering techniques since 1985. I've seen a host of "final, ultimate solutions to the spam problem" come and go. The vast majority are, quite simply, over-hyped.

Sendio is one of a gaggle of C/R vendors, many of whom are committed members of the "all spam filters are bad" religion. Sadly, these true believers' understanding of state-of-the-art spam filter techniques is naive at best.

Granted, many users suffer with poor spam filters, but the answer isn't to use C/R -- the answer is to get a better spam filter.

As always, we cordially invite Sendio or any other C/R vendor to tell us why we're wrong...

... Richi Jennings

    You seem to be misguided at best. We started using the Sendio appliance last November… zero spam and zero false positives instantly… and zero folder management for me. The product worked so well we decided to start selling it. I would be happy to show you how few challange/responses get sent and why that is only a fraction of why this appliance works better than any filtering (or should I say guessing) appliance.

    Joe Heinzen
    e-Convergence Solutions
    703-815-8828 x101

    Sadly, users of C/R are rarely aware of the false positive problem.

    As to the claim that “few” challenges are sent, this isn’t supported by the facts, as my spamtraps will testify.

    However, we wish Joe well in his business of reselling Sendio products.

