kSpam - Feature Request: Sender reply verification - Comments please
The usual term for this is "challenge-response", and it is widely viewed as being a bad idea. Most spam has forged sender addresses, and it is often the case that the forged address is someone's *real* address. I have no right to make my problem (my inbound spam) into your problem by sending you a challenge for a message that you didn't send. In combination with SPF, where the SPF data indicates that the address is probably not forged, perhaps challenge-response might be reasonable. But what happens when I send an email message to you from an airport kiosk, using my gmail account which I've never used to email you before, and then get on a plane for a trans-Pacific flight? Your challenge sits in my gmail mailbox for 12 hours or more, and my mail doesn't get delivered. It still leaves a bad taste in my mouth.
-rich
Taken Actions by Owners