Handling Anti-Spam Systems When You Aren't Spamming?

nautical9 asks: "Spam is a huge, annoying, and costly problem, there's no question. But what about those of us who run a valuable service, such as a newsletter, that users willingly sign up for and actually DO want to receive in their inbox every day? It's really too bad a few bad apples (ok, thousands of bad apples) are ruining the email system for the rest of us. Not all bulk-mailers are spammers, and large service providers do have a legitimate need to communicate reliably with their customers. But with everyone focusing on blocking commercial and unsolicited mail, no one seems to remember that there are valid reasons for having large-scale mailing lists." Maybe ISPs could utilize a system that could scan outgoing email for mailing list joins and then add those addresses to the "white" list for a specific user. Actually, why haven't ISPs adopted some form of user-level filtering system for email yet? It would seem like this would be the next sensible step in the fight against SPAM.

"Many large ISPs are implementing anti-spam filters based on how many emails they receive from a single sender to many of their clients (thinking that if they get over five mails in a few seconds, they must be bulk-mail spammers, and therefore block the rest of them), but this is hurting the delivery of services like ours. Worse still is that there is typically no error message returned to us - the emails simply get dropped, much like a standard packet-filter firewall works. Then we have clients wondering why they didn't get their expected message.

Sometimes, ISPs will add us to their "white" lists (as opposed to "black" lists of known spammers), which fixes the problem, but only for that one ISP.

(I find it ironic that the email system was designed to be quite reliable, so that you could send a message and have reasonable confidence that it got to its intended recipient, and yet we're now moving away from this in the effort to fight spam.)

Now I know we don't want to tell spammers how they can get around the anti-spam filters, but I'm wondering how have others fought the anti-spam problem with their mailing lists?"

Play the game, but don't go too far.

[Circuit+Breaker]

Configure your mailer not to send more than 5 messages along the same connection, or whatever is needed to get through. If it's too much, notify your audience that due to unreasonable policy on behalf of their ISP, you can't deliver to their inbox.

I don't know how you are managing your newsletter, but eGroups doesn't seem to have too many problems with that; Either they know how to get through (more probable), or everyone makes an allowance for an egroups address (less probable). Either way, if all else fails consider using egroups or a professional service that works (Never tried myself and am not affiliated with, but I hear whatcounts is good.)

Sounds dumb

[Matts]

I'm one of the SpamAssassin developers and I find their technique odd.

Wouldn't this have a horrendously high false positive ratio for things like mailing lists?

Anyway, tell them to use SpamAssassin - it kicks ass. And I'm not biased, honest ;-)

Re: SpamAssassin!

[khym]

SpamAssassin doesn't use DCC (yet), but rather Vipul's Razor, which is very similar. Using Razor, various RBLs (like MAPS) and a large set of its own heuristics, it sets a score for each message before passing it along to the user. The user's MUA can then act on the score (which is added as a header), or on the "Yes/No this isn/isn't spam" header added.

The sysadmin running the mail server can have it do other things, like put likely spam into a different spam mail account that the user can check periodically.