Yahoo sets up spam roadblock

The portal giant puts a controversial challenge-response technique to work to stop spammers from using its Web e-mail service to send out junk e-mail.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
2 min read
In an attempt to block spammers, Yahoo has put into action a controversial technique to help its e-mail service distinguish between human beings and junk-mail-sending software robots.

The Internet giant's introduction last month of challenge-response technology to its Web-based mail service is not the first time the company has used the technique, which sets the sender a task that computers can't easily perform, as a way to tell whether the sender is a person or a computer. For some time now, people registering for a Yahoo ID are required to type a series of camouflaged characters in order to thwart computerized registrations.

But in recent weeks, people using Yahoo Mail have found themselves asked to type in camouflaged letters before they can send an e-mail message, in an "image verification" method.

Yahoo's introduction of the system follows recent moves by Internet service providers AOL, Microsoft's MSN and EarthLink to elevate their efforts against spammers and to advertise their antispam campaigns as a competitive advantage.

The company said its spam-blocking method differed from those of its competitors because it targets the use of its service to send junk mail out, rather than targeting unsolicited mail on its way into members' in-boxes.

"Because we implement image-verification for people who send Yahoo Mail, we're very effective in preventing people from abusing our system to send spam to other systems," wrote a Yahoo representative in an instant-message interview. "I believe we may be the only ones to be doing this for outbound mail. It's different from how our industry friends are implementing the concept of image-verification, in that they use it for incoming spam messages."

In March, Yahoo upgraded its SpamGuard software for incoming junk mail.

Though the trend toward using challenge-response methods is growing, the technique has come under fire from two directions in recent months.

On one side, critics complain that the rise in use of the method threatens legitimate mass e-mailing, particularly e-mail lists for newsletters and conversations. They warn that poorly designed challenge-response utilities could end up mistakenly keeping messages from nonprofit groups, individuals and smaller companies.

On another, Los Altos, Calif.-based start-up Mailblocks is claiming it has a patent on challenge-response technology. In May, the company pushed its claim in a lawsuit against EarthLink.

A Yahoo representative dismissed the idea that the Mailblocks patent could threaten its new system.

"We believe that the antispam technology employed on our service is substantially different from the technologies apparently used by Mailblocks," said the representative.

Yahoo stressed that people sending mail through its system are not required to pass a challenge-response test for every message, or even for every mail-sending session.

Instead, in order to keep spammers guessing, Yahoo's system computes what the company calls a "user profile." This profile details the frequency with which the user normally sends messages and the length of time the user has held the account. The system issues a spam challenge when the user approaches an individually determined rate limit.