A challenge–response is another technique for filtering spam that automatically sends a reply to email from new senders with a “challenge” to the (alleged) sender of the e-mail. The reply contains a link allowing the sender to verify that they did in fact send the email. They may be asked to enter a captcha to prove that they are a human and not a robot.
The advantage of this system is that senders add themselves to a whitelist by verifying that they sent the email so email from the same sender is never challenged again. The technique can be used to block a lot of Exchange Server spam. The only disadvantage is that email such as newsletters and other mail-shot/group/list email may be challenged and a challenge sent to an automated script that cannot verify. In these cases a good challenge -response system ALSO quarantines the incoming email to allow the recipient to release (and whitelist) it.
Microsoft Exchange does not by default support Challenge Response. It can be added using options in Hexamail Guard, or Hexamail Nexus which can filter and challenge email before they get to Exchange. Both products also feature a quarantine allowing users to release email such as newsletters that may inadvertently be stopped using this technique