the challenges of Challenge Response

We all know there are many different technologies to fight spam. the other day I came across a company who develops and uses Challenge Response in its most traditional way. I sent a fully legitimate email (I do not consider myself as a spammer) to one of the company’s employees, and in return got an email asking me to open a link to a website (the company website) where in order to prove myself as a non-spammer I needed to click on a specific part of an image/icon on the web page. I followed these instructions for two reasons, I wanted to make sure the recipient would get my mail,  and pure curiosity. 

2 things crossed my mind while going through their Challenge Response mechanism. First, this is time consuming from my point of view, I need to open a browser, and click here, there, and everywhere. Yes, the whole process does not take more than 1-3 minutes, but its time. Second, if didn’t know that this recipient is using a Challenge Response mechanism I am not sure how happy and cooperative I would be to click on link I got via email, and then follow another process. 

Would you?   

The folks at this company claim that this system works well, but I wonder how they handle fasle positives (FP), well I guess they don’t have FP because they just don’t get the mail unless the sender complains or the recipient complains on messages not arriving to his/her mailbox.  As for news letters and mailing lists they have a learning system that white lists these cases.