I am wondering how people react to receiving automated challenges from email filtering systems such
as TMDA.
Technology background: TMDA, or Tagged Message Delivery Agent, is an email filtering system that only passes emails from addresses that are explicitly allowed. However, rather than immediately discarding non-whitelisted emails, TMDA uses an automatic challenge system to resolve them. When a message is received from an unrecognized sender, TMDA stores the message in a clearing-house and sends a challenge to the sender: “Your email address is unknown. Reply to this email to confirm your legitimacy and your email will be passed on to the recipient.” (Of course it says so in more pleasant terms.) This is a one-time process; addresses are added to the whitelist upon receipt of a reply so the challenge only occurs once.
The result is that automated spam-bots and such, which do not use replyable sender addresses or do not reply to email, do not confirm their spam. The whitelist ensures no false negatives, the reply ensures no false positives. Spam is filtered with high effectiveness.
The downside is that all your friends and business relations (whom you haven’t manually added to your whitelist) receive an automated challenge and have to reply to same.
My question is how do you feel when you receive one of these automated challenges? Do you just follow the instructions and reply? Do you puzzle over it? Do you feel offended that you’ve been rejected by some automated gatekeeper? Put out that you have to prove yourself?
Or, if you’ve never received one, how do you think you’d feel?
If I encountered such a challenge I would most likely think that it’s some kind of spambot trying to get me to verify my address.
I’m assuming that if I e-mail John Doe at john@someaddress.com it would specifically challenge me with something like:
"Your address is unknown to ‘john@someaddress.com’, please reply to this address… etc. "
But even if it was that specific, I would think “Spambot!” and would not reply. (I’m extremely protective of my address. HATE spam.) Especially if it was a vague business contact, I’d be inclined to delete the challenge and go on with my day.
It sounds like it could also mess up legitimate automated business e-mails. Example/ an e-commerce site I work with has an automated system for order confirmations. We do have a webjockey who monitors messages, so the challenge would eventually be answered, but more heavily on automated business might find it problematic.
Question: How long is the message held at the server? If I didn’t answer for over a week (say I don’t check my mail regularly) will it still be there? Wouldn’t that clog down a server if there’s a big backlog of unanswered challenges?
The challenge email specifically says “you sent a message to this address” and includes some or all of the original message, so it’s clear to the challenged party that this isn’t just a random attempt at address harvesting. But I’d want to be very sure that nobody could possibly mistake my challenge for an unsolicited spam before using such a system.
I would assume the length of time messages are stored is variable; one challenge I received said 24h. I would also assume you could manually examine the stack to check for legitimate emails that haven’t been confirmed. However, that becomes more like checking your Bayesianesque spam filter for false positives, which is what this setup is trying to avoid. And, as I haven’t used any such system myself, I can only guess as to their capabilities.
Interesting thought: What if both people are using this system, so you just Challenge Wars! “You sent a messge…” “YOU sent a message…” “You sent a message…”
I would still probably end up trying to phone the person to double-check. Someone who is lazy and didn’t read thoroughly could potentially mistake it for a “bounced message” notice too.
That makes sense, you probably would be able to control how long the message is kept on the server. 24h, one week, one month…
It still wouldn’t work well with accounts that aren’t checked regularly and urgent messages could get messed up (I have family members who log into their e-mail accounts only a couple of times a month.)
And I’d still be concerned about legitimate automated systems. Today, a system I subscribed to sent an automated message with my login information. I wouldn’t have known their address to enter it onto my “friendly” list, and I haven’t a clue what would happen if the automated system had been challenged – wouldn’t there be a risk that the auomated system would record it as a “bounced message?”
As for etiquette, I’ve no idea how some people would react. Thinking of my telephone, I imagine myself phoning my friend and getting his secretary who tells me she has call display, doesn’t recgonize my number, and to please hang up. Then the secretary calls me back:
Secretary: “Is this Charmian?”
Me: “Yes, speaking.”
S: “Did you just call Dave from 555-1234?”
Me: “Yes, I did just try to call Dave from my work phone number.”
S: “Okay, please hang up and call back. I’ll put your call through.”
Actually, the phone version of this isn’t all that uncommon. My former boss, who is something of a local celebrity, had a system like this on his phone. When you called, you got an automated message asking you to speak your name or state your business. The system then put you on hold while his phone rang. He would hear your name and could accept or reject the call.
The only reason I use email is because it’s easier than picking up the phone and calling someone. If I had to call someone to confirm that it was okay to send email to him, and then I had to submit to the bidding of his mail server, then to heck with email. A one-step communication process just ballooned up to four or five steps.
Doesn’t help that I’m normally fairly uncommunicative. If somebody’s got something set up to make it more difficult for me to communicate with them, maybe I don’t need to. If it’s important enough, they’ll contact me.
I would most likely not respond to the email right away, but call my friend and let them know that this was happening, to ask wtf was up with their email.
Does it bother me that these measures are in place? Not really.
Does it bother me that SPAM is this terrible that these things have to be created? Yeah. I despise SPAM.
Ethilrist, the idea is that you only have to confirm the once. Once you’re on the list, you’re golden. I suppose that’s a step up from racekarl’s former boss’ electronic secretary.
What I really want to know is what reaction you’d have if you weren’t close to the person you’d emailed. Say you are a business contact. Someone who picked the email address off the person’s website and are cold-emailing to ask for further info about something on the site. Or, worse, say you were a potential employer emailing to offer an interview. Would you be put off by the challenge, or would you think, “that’s interesting,” and reply to continue the communication?
If I already know you, I’d probably have manually added you to the list. It’s the people I don’t know that I’m wondering about.
If it wasn’t someone I really knew, I might well just give up and not respond, especially if I didn’t know about the particular service. If it was someone at a company that I was mailing, I might well suspect that maybe it was something from the company that was collecting my E-mail for use on a list, and it was confirming this was a live address.
I myself would only use that service for a “friends only” E-mail, not one that I used on resumes, to sign up for offers, etc.
This is something like how spamcop originally was. You had your white list of approved people then you had the option of holding mail from non-white list people, releasing all mail even if they are not on the white-list or sending a message back top the sender asking them to confirm they are a real person. It worked pretty good when I was using it
I would be concerned about some of the potential problems already mentioned here. But I see a bigger problem; this would be a temporary fix at best. If it works really well and becomes popular then advertisers will program their spambots to recognize and respond to the confirmation emails. Then, not only will you continue to get spam but the internet will experience 3 times the spam related traffic: The original spammail, the confirmation request; and the response! The only upside I see is that they will no longer be able to hide behind bogus return addresses.