C/R systems are more or less the smtp equivalent of what a network admin would describe as a smurf amp. As others posting here have pointed out, while they may reduce your spam levels to some extent, one thing they serve to do is to generate double the unwanted traffic when someone's being forged into spam.

That, plus lots of mailing list admins just dont like being at the receiving end of C/R systems .. Dave Farber was saying he'd unsub anybody who sent a C/R challenge back in response to IP email, for example.

Even with all the steps that are being suggested (first running spam through a bunch of filters before you run a CR bot on it as a last resort) it is not a good idea. And there's even more fun when it conflicts with another technique that I dont like too much - graylisting. Watch a c/r bot end up sending challenges back to a mailserver that uses graylisting, its a highly entertaining (!) experience, I assure you.

On a tangent from your original post, responding to Daryin. I'm too much of a fan of SPF either. Two interesting posts on circleid -

http://www.circleid.com/posts/spf_loses_mindshare/ (by John Levine)
http://www.circleid.com/posts/port_25_blocking_or_fix_smtp_and_leave_por... (which I wrote sometime before John wrote his article)

We were the first email provider to publicly stop publishing spf records, even conservative ones. This was back in February 2005. Earthlink followed suit a few months after we did - in July or August 2005.

-srs