I just love challenge-response mail confirmation systems. “Hi, I get a lot of spam and someone sent me an e-mail pretending to be you. Would you mind filtering my spam for me? It only takes a minute, and if someone’s forging your address on spam, I’ll totally let it through if you simply respond to this message!”
My mail server publishes perfectly valid SPF records. I’ll give you a hint: if someone sends a message purporting to be from me but it fails the SPF checks, not only is the message not from me, but I don’t want to hear about it.
Perhaps I’d feel better if all challenge-response mail confirmation system users published their home phone numbers. It’s just a little bit of work to connect Asterisk, Festival, and procmail to dial their numbers and read my questionable mail to them. Clearly they have plenty of free time, if they’re getting so much spam that there’s no possible way they can filter it all without pushing the burden back to everyone else on the Internet.
It seems like a fair trade to me. If I do your mail filtering for you, I should get something of equal value in return - unless they believe that their time is far more valuable than mine. (Nah, can’t be. Otherwise they would have whitelisted me when they first sent me messages.)