Oh, the Humanity

Thursday, June 3, 2004

We need to start applying the Geneva Conventions to the war on spam. Specifically, the parts about protecting civilians during times of war.

I’m going somewhere with this, trust me.

Yesterday, I received a lead on a potential client for Smart Goat. I e-mailed the guy the usual: Hi… heard you need a web site… please visit our web site… fill out this form… will work for food… thanks ever so much…

About an hour after sending that e-mail to, let’s say, potentialclient@ISP X.com, I received the following from support@ISP Y.com:

We’re making sure our users are not bothered by SPAM email. One of the ways we do this is by issuing a challenge message.
This is a challenge message, it is just meant to ensure that you are a human and not a SPAM sending email computer.
To verify that you infact are human, please visit this link:
 …

You will be asked to enter the number sequence you see on your browser.
You will only be asked to do this one time!
Thanks for helping us control the SPAM email our users recieve.

If you have questions about the validity of this message feel free to reply to it and
one of our mail administrators will answer any questions you may have.

Sincerely,
Mail Server Administrators

See any problems with that e-mail? That’s right—it looks like spam. Didn’t catch it the first time? Read it again. The message has no context. There is nothing in that e-mail that tells me it was generated by something I did. Plus, it was sent from a different domain than the one I sent an e-mail to.

I almost flagged it as spam. I didn’t because the last e-mail I sent was to a potential client, so it seemed worth researching. I visited ISP X, and just happened to find a tutorial for their “Challenge/Response System” that was hosted at ISP Y.

I’ve never been a fan of challenge/response as a way to fight spam, and now I have two reasons. I didn’t like it before because it seemed rude. E-mail is primarily used in two instances: business and personal. I’m not going to make my friends and family jump through hoops to be able to e-mail me, and I’m sure not going to slow down potential clients from contacting me. This means more work for Thunderbird’s Bayesian filter, but so be it.

Now, the weapons against spam look like spam themselves. This is why we need the Geneva Conventions: To protect civilians from WSDs: Weapons of Spam Destruction.

All I ask is, if you operate a challenge/response system, give it some context. At the very least, include in the challenge the time stamp and subject line from the e-mail that caused it. That way, people can tell it’s not just another clever spam technique.

I mean, please, won’t someone think of the children?