Join thousands of weekly readers and receive practical marketing advice for FREE.
MarketingSherpa's Case Studies, New Research Data, How-tos, Interviews and Articles

Enter your email below to join thousands of marketers and get FREE weekly newsletters with practical Case Studies, research and training, as well as MarketingSherpa updates and promotions.


Please refer to our Privacy Policy and About Us page for contact details.

No thanks, take me to MarketingSherpa

First Name:
Last Name:
Feb 11, 2004
How To

Handle Challenge Response Filters Affecting Up to 10% of Your List

SUMMARY: Up to 10% of the names on your list are using a challenge- response system to block incoming mail. Unfortunately your standard delivery report won't show you how many or who they are. (In fact, it looks like your mail was delivered.) Our new article explains for emailers:
How Does Challenge-response Work?
How Many Email Addresses are Using Challenge-response?
4 Steps Emailers Should Take to Handle Challenge-response
By MarketingSherpa Editor Janet Roberts

The last mailing you sent out didn't reach as many email addresses as you thought it did. One to 10 emails per 1,000 (roughly 5,000 on a 1-million name list) are sitting in bulk-mail folders somewhere, waiting for you to verify by hand that you are a legitimate sender, not a spammer.

This spam-blocking method is called "challenge-response." Senders must to respond to each challenge individually in order to get emails delivered, even if the recipient opted-in (or double opted in) to be on your list.

The good news is, if you keep your "from" email address the same for all mailings, your mailings are whitelisted once you've responded by hand once. The bad news is the "by hand" part -- this definitely can't be automated.

Here's what you need to know to handle this growing concern for broadcast emailers:

How Does Challenge-Response Work?

Let's say a typical name on your list signs up with one of the growing numbers of companies offering challenge-response anti-spam software, such as Spam Arrest, Mailblocks (which patented the method), MailFrontier, MailWiper, VetoMail, Qurb, ChoiceMail by DigiPortal, or EarthLink's spamBlocker.

It won't change his or her email address ( will still be; but, the next time you send Bob an email, his challenge-response service will check your "from" address against his new personal whitelist.

If your "from" address isn't listed, it will trigger a challenge -- an automated message sent from Bob's email address asking you either to reply to the message by hand, or to click a link by hand, in order to have your email address added to his whitelist from now on.

This challenge message is sent to your mail's reply address, which means it ends up mixed in with all the other replies, bounces, and autoresponder messages that flood in following a mailing. If you don't pick it out of the pile and deal with it, your mail to Bob won't ever get through again.

Once you do click on the challenge's link, you'll be asked to perform a trick that humans can do but automated software (in theory) can't, such as typing in a word or number series.

If you answer correctly, the system adds your email address to your recipient's "whitelist" of acceptable senders. All emails sent after that should go through without blocking.

How Many Email Addresses are Using Challenge-response?

According to Jerry Grasso, EarthLink's Corporate Communications Director, 375,600 subscribers out of a 5.1-million base, or about 7.4 percent, have signed up for the service since it launched in May 2003.

We couldn't get any of the other companies in challenge-response such as MailBlocks to reveal their user numbers, but suffice to say there are plenty of them and it's a rapidly growing field.

Unless you are dealing with the messages now, you won't know how many you're getting. Your email broadcast reports almost certainly do not show these names as delivery failures, because the message went somewhere -- it just didn't get all the way to your subscriber. Instead it's sitting quarantined in a "possible spam" folder.

Right now, challenge-response isn't as hard to deal with as keyword filters, which can trash entire mailings based on just one offending word or phrase, or blacklists, which target the sender's IP address. However, you still need to deal with them if delivery is important to you.

4 Steps Emailers Should Take to Handle Challenge-Response

If you ignore challenges, nothing you send to that address will get through. Period.

However there's a cost associated with hiring a human being to pick the challenges out of your email system's reply box and respond to each one individually. So, first do the math -- how valuable is an email name to you? Is it worth more than the cost to handle challenge response?

Take into consideration that these are good, live, addresses, ones that somebody cares enough about to protect. Challenge-response users usually are sophisticated Web users who love getting non-spam email, and respond well to it. They could even be some of your best customers.

You might be thinking, "How can I automate this?" The bad news: You can't. Here are four tactics to make it easier:

Tactic #1. Filter replies for standard challenge-responses

There are more than two dozen different types of reasons why bounces come to your reply address - so sorting through the vast sea of bounces just to find the challenge-response notes is your first goal. Luckily this can be automated.

Ask your broadcast vendor to set up a series of filters and corresponding folders for the email sent to your mailings reply address. Folders might include vacation messages, email address not found bounce messages, unsubscribe messages, etc., and of course challenge-response messages.

Kirill Popov, ISP Relations & Delivery Head for EmailLabs, recommends your challenge-response filters look for typical service names such as MailBlocks, and common words and phrases, such as "verify" or "authorize." For example, you can have your reply account filter for the language in this typical MailBlocks' automated challenge:

"You just sent an email to my Mailblocks spam-free email service. Because this is the first time you have sent to this email account, please confirm yourself so you'll be recognized when you send to me in the future.

"It's simple. To prove your message comes from a human and not a computer, go to: (URL)."

Tactic #2. Remind new sign-ups to whitelist you

Change the "thank you" page that people see when they opt-in online to include a note requesting that they whitelist your "from" address or domain with whatever service they use. You might list the service names to spur their memory.

Unfortunately this won't catch everyone though, because an individual can add a challenge-response filter to an existing email address at any time in the lifetime of the address. So even your older list names are at risk of switching over - and you never know if or when they'll do it.

Tactic #3. Use one stable "from" email address

As we've discussed repeatedly in the past, many whitelisting systems including challenge-response, rely on the from email address (by which we mean the actual @ address, not just whatever name you chose to have show up in the "from" field.)

Unfortunately several email broadcast firms we know of routinely change the from address for each mailer with each mailing -- thus effectively throwing away the whitelisting the old from received.
Check with your email service to see if this is the case with your mailings. Now, more than ever, you need a static from address.

Tactic #4. Make sure all your replies are working emails

Many automated email systems, including autoresponders, don't include working reply email addresses. (Ever gotten a message that included a note saying, 'Don't reply to this address'?)

While your main marketing email system may have a working reply account (especially now that CAN-SPAM requires it), are you sure that other company emails have working replies? What about automated Welcome messages, customer service messages, tech support replies, replies generated by forms on your Web site, etc.? Perhaps it's time for you to do a company-wide automated email audit and check all your replies.
See Also:

Post a Comment

Note: Comments are lightly moderated. We post all comments without editing as long as they
(a) relate to the topic at hand,
(b) do not contain offensive content, and
(c) are not overt sales pitches for your company's own products/services.

To help us prevent spam, please type the numbers
(including dashes) you see in the image below.*

Invalid entry - please re-enter

*Please Note: Your comment will not appear immediately --
article comments are approved by a moderator.

Improve Your Marketing

Join our thousands of weekly Case Study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions

Best of the Week:
Marketing case studies and research

Chart Of The Week

B2B Marketing

Consumer Marketing

Email marketing

Inbound Marketing

SherpaStore Alerts


We value your privacy and will not rent or sell your email address. Visit our About Us page for contact details.