How Invisible Inbox avoids the pitfalls of
Challenge/Response (C/R)
Other Challenge/Response based systems suffer from a wide range
of problems that are solved with Invisible Inbox. When done
properly, challenge/response offers solid, reliable protection
from SPAM. Check competitive systems, and be sure they do
everything Invisible Inbox does to protect you and that they do
it at a reasonable price!
What is Challenge/Response?
Challenge/Response or C/R is a technology where you can prove the validity of an email by confirming the authenticity of the sender. This is done by sending an email back to the person trying to email you for confirmation that the return address given is accurate.
Everyone who regularly emails
me needs to deal with C/R
The Problem:
As soon
as you install a C/R system, all your regular email partners will
need to deal with a challenge message.
Invisible Inbox Solution:
Invisible Inbox allows you to import your Address Book into the
approved senders list so that none of your friends will need to deal
with a challenge email when they email you.
Everyone I email needs to
deal with C/R if they reply
The Problem:
Everyone who replies to an email that you send needs to deal with
C/R.
Invisible Inbox Solution:
Add a keyword to your email
signature and add that key to the "Auto Approve" list. Then when
they respond, your signature will work as the key to allow their
email to be delivered without C/R.
No way to access email until
it's approved
The Problem:
While
email is waiting to be approved via C/R, it is held outside your
email program, usually in a centralized repository and cannot be
accessed. You don't know if an important email is waiting and you
have no way to approve the emails manually.
Invisible Inbox Solution:
Invisible Inbox holds all of your pending email on your
computer in a folder on your hard drive where you can access it any
time. Just click any email to read it. The program also has a
preview panel where you can review and approve (add to "Approved"
list) or reject (add to "Spammer" list) any email prior to the
receipt of a response from the sender.
Newsletters and
mailing lists can't deal with C/R
The Problem:
While
individuals have no problem with C/R, it simply doesn't fit when it
comes to mailing lists and newsletters.
Invisible Inbox Solution:
You can manually add any email account or domain to the "Approved"
list using expressions (*@someacct.com, *.mx??.* or %MAJORDOMO%) for
a very powerful way to pre-qualify any account to be delivered
without C/R. If you are familiar with the standard contents of the
newsletter or mailing list message you can also add a key that
consistently exists in the email to the "Auto Approved" list. You
could also wait until the first message arrives and manually approve
the message. Any of these methods will approve all future
newsletters or mailing list messages from that source which means
once the messages are flowing, you can remove the rule to be sure
SPAMMERS cannot take advantage of the hole.
Spoofed Response Messages
The Problem:
A SPAMMER sends a fake response without
ever receiving a challenge just to get approved and open the
flood gates, allowing them to send all the messages they want
without being blocked.
Invisible Inbox Solution:
When we send a challenge
email, it includes a special ID number generated at the time the
challenge is sent. Unless the response includes that ID, it
isn't accepted. As the ID is nine digits long, it would require
the SPAMMER to send ONE BILLION fake response emails just to
open one email address to allow delivery. Not something that is
going to happen!
First time
trusted mailers need to deal with C/R
The Problem:
All
new emailers will need to be approved through the C/R system
before their email can be delivered.
Invisible Inbox Solution:
You can specify as many different "Keys" which when included in an
email automatically cause the sender to be approved. Just tell your
friends to include one of your keys and their email account will be
marked approved immediately upon arrival of their first email. They
only need the key one time, after that they are approved and all
email will flow in without challenge.
You can change your keys as often as you like and have as many different keys as you like to assure that SPAMMERS never get hold of any key that might let them in.
Legitimate customers need to
deal with C/R
The Problem:
Customers with sales or support questions are put off by the need to
respond to a challenge email before their questions can be answered.
Invisible Inbox Solution:
Just put the names of each of your products or services in the "Auto
Approve" list and emails from customers will be delivered to you
without C/R. In fact, the customers account will be remembered and
future email from that customer will be delivered even if they do
not mention your product or service. You can add as many keywords as
needed to assure that customers never deal with C/R.
C/R - C/R deadlock
The Problem:
User A sends user B a valid
email. User A sends a challenge to use B. User B then sends a
challenge to user A who then in turn sends another challenge to
user B and the cycle continues forever. This is commonly seen
with "vacation" auto-responder systems.
Invisible Inbox Solution:
Each email address can only be
sent a single challenge message. This stops the deadlock before
it can start. One of the parties will need to manually accept
the challenge email if the two users use different C/R systems.
But if both users use Invisible Inbox, then the C/R process is
handled automatically. When a challenge is received, it is
automatically responded to. So you will never need to respond to
a challenge email from another user of Invisible Inbox. A great
reason to get all your friends to standardize on using this one
SPAM fighting solution.
Privacy Issues
The Problem:
A
centralized C/R center scans the content of all the email sent
to and from your account to collect personal information to be
used in who knows what ways. The centralized system sees and
monitors all your email.
Invisible Inbox Solution:
Invisible Inbox is distributed.
Your email is scanned only on your machine and any data about
each sender is stored only on your machine. We do a single C/R
check with you as you set up the program for the first time and
again when you register to assure that you are who you say you
are. We collect no data from you other than the data included in
the challenge email. No passwords, not even your name, are sent
in the challenge emails.
The initial challenge lets us assure that your end of the transaction is legitimate. This way we know that no SPAMMER is setting up fake accounts and that the program is not being used improperly.
Your computer then sends all challenges to those who email you, and thus only requires that your computer handles sending challenges and handling the responses from the other side of each conversation. We have no clue as to who emails you or who you email. Your privacy is secure with Invisible Inbox!
Potential integration into spam email harvest systems.
The Problem:
A SPAMMER gets back a challenge email
proving that the email address is a live account and thus
increasing the value of the address.
Invisible Inbox Solution:
While the challenge email does
prove the existence of a real account, it also effectively
defines the account as inaccessible to unsolicited marketing
emails. This drops the value of the account to zero for SPAMMERS
but allows valid marketers, willing to be identified to respond
to the challenge and then deliver marketing emails.
This assures that every marketing email received comes from a trusted source and that the normal unsubscribe process or manually listing the source as a SPAMMER will work to stop those messages from arriving. No one willing to be identified can be called a SPAMMER, even if they send unsolicited emails. If they do not use subject lines that accurately represent the content or they do not honor unsubscribe, then the fact that they are identified means that legal action can be taken against the sender.
C/R messages and users blacklisted or spam filtered
The Problem:
The challenge email causes problems
and complaints and
as such becomes blocked by popular spam filters or added to
personal blacklists.
Invisible Inbox Solution:
We took special care in
crafting our challenge message to make it clear, easy to read
and made sure it did not include any of the common "tells" that
mark an email as SPAM so that it is sure to travel through any
SPAM filter with ease. Unlike centralized C/R systems, Invisible
Inbox originates all challenges from your computer, and as such
the only personal black lists that would block the challenge
would be those that already had YOU listed as a SPAMMER. I don't
think that will happen, do you?