Chris Adams

Hushmail appears to have added a spam filter which blocks email from new correspondents until they answer some sort of challenge. There's a certain school of thought which holds that any anti-spam technology which shifts the burden to legitimate senders is philosophically at odds with the entire concept of email - as anyone who has posted to a large mailing list knows these things can be an enormous nuisance. I tend to sympathize with this attitude and my boredom-inspired experience tonight with this one has only strengthened it.

Hushmail's system requires you to visit a web page (strike one) and click on a keyhole hidden in an image (strike two - I guess the visually-impaired just aren't supposed to use email...). Unfortunately the script which generates that image is broken and returns an empty text/html document rather than an image. Since they don't provide any alternatives (I guess visually-impaired users are just screwed by-design) there's no way to bypass this thing. This thing is the Holy Grail of modern software development: it fails in such a way that the user is prevented from learning of the failure.

The really sad thing is that I'm a legitimate correspondent. An increasing percentage of worm and spam traffic would pass through this check since they've started using forged senders whose address was found in close proximity to the target (in mailing list message, web pages or even the same address book on a worm-infected system) or in the same domain and are thus rather likely to already be approved. I wonder whether it will even be worth the time for the spammers to start using their massively distributed, highly-evolved neural-network image processing system to eliminate what little value remains in this system. Meanwhile, I'm sure that SpamAssassin will continue to deliver a 99.99% spam-free inbox without inconveniencing everyone who sends me email...