Slashdot Mirror
What Happens when Legit Services are Seen as Spam?
AssFace asks: "I run a blog that is dedicated to just things relating to spam (for the most part, the discussion is of how to stop it). I received an e-mail from a reader of the blog today that described the situation he was in.
His words: 'I have a small recruiting business, with about 600 paying clients who are looking for jobs in education. About twice a month, I send an update message to all of them via e-mail. I also send them personal messages as needed. Unfortunately, Hotmail (which a great many of my clients use) seems to think that I am a spammer. With Hotmail's spam blocker set on "Medium," my e-mails go to the recipient's Spam folder.
AOL and Yahoo may be blocking my messages as well, though I'm not yet certain.' I wrote my own thoughts on it and then offered it up to comments from the users of the site. My responses to his e-mail apparently weren't anything that could help his particular situation.
So, regardless of the validity of this particular person's plea, what is a small business service to do if they are blocked by the major ISPs?"
Do those services support whitelisting his address?
09F911029D74E35BD84156C5635688C0
Jesus loves you, I think you suck
We have that problem here from time to time, and the way we solve it is by actually calling up or e-mailing the ISP explaining the situation. Usually they're helpful and will give you directions on how to prevent further blacklisting.
Ironport, the owner of Spamcop, allows you to deposit a bond to certify that your e-mail is legitimate. More info at www.bondedsender.com.
Is Hotmail blacklisting (ie, he can't send even one email there), or is it just balking at the 600 addresses in the cc or bcc list? Many ISP's see such bulk mails as spam, and block them. The solution is simple: send them out in batches of twenty. There are many mail management applications that will do this for you. I ran into this problem myself, and turned Mailgust for batched sending. -Michael Greer
Make it a rule that you will not take anyone as a client unless they have an email address with someone other company than Hotmail or AOL. Recommend an email company, and suggest they have an email address just for your messages.
Find out why, and fix each thing that comes up. Maybe his mailserver has no reverse DNS, fix that. Maybe his ISP or his IP is on a blacklist, get it fixed or take his business elsewhere. Maybe subscribe to a service that handles email marketing responsibly, like (gasp) Microsoft's bCentral, they will make sure that they don't get blacklisted.
So, basically, I have to do two things. First, I never just blanket-empty my Bulk folder. Second, when I find someone being put in Bulk, I add a "rule" that automatically moves email from them into my Inbox. Unfortunately Yahoo doesn't document that this is what you need to do, so less experienced users wouldn't use this as a solution, if they knew how to do it at all.
I say whitelisting and education in my Subject line, the second is important. I try to persuade people to send email to my home address (which has an effective, no false positives, system enabled, based upon allocating every entity who wants to do business with me a unique, deletable, email address. No, before anyone responds, this isn't like the service that provides you with throwaway email addresses, that's a dumb idea that's likely to just end up with your domain blocked, I want legitimate businesses to be able to do business with me, and do so often on a long-term basis, I'm not trying to scam anyone) if the email absolutely does not have to be read by me at work.
More importantly, people have to realise that most filter-based systems, be they dumb like SPEWS or "learning" like Bayesian systems, carry the risk of blocking legitimate emails - SPEWS type systems are especially bad because their definition of "guilty" includes "being a customer of an ISP that also has a spammer as a customer" and there are anti-spam blacklists that have entire countries listed. The blacklist technologies are a kind of lynch-mob justice, they feed people's lust for revenge, but they ultimately seem to cause more problems than most. The non-blacklist filters, such as Bayesian, are better and not endowed with such a legacy, but they still carry some risk.
The point ultimately is that people need to know that anti-spam systems do not just block spam. You should devote a day a week going through your "marked as spam" messages if your email is important to you - most of the time it's a five minute job anyway, if my experience with Yahoo's bulk mail folder is anything to go by. It's not like you have to read anything more than the names and subjects for the most part.
You are not alone. This is not normal. None of this is normal.
Let me start with a rant:
I tell you, the radical anti-spammers really are becoming more of a problem than the actual spammers! Spammers are evil: they make email hard to use and take up Internet resources. Radical anti-spammers are worse: they actively try to make email not work. They are the primary reason I have to run my own mail server. I don't want to lose email because some idiot admin thinks some email I got is spam and deletes it. Or worse, just blacklists whole swaths of IP space. Unfortunately, since I chose to run my own mailsever, I've now earned the ire of the same anti-spammers, because I'm not using a corporate controlled mail server. Spam is a problem, but it's not worth destroying email over!
Now that that's out of the way, to the poster, the only thing I can say is to inform your clients that you cannot accept email addresses at these disreputable places (AOL, Yahoo, Hotmail) because they often drop or misdirect valid email. Or, you can accept the addresses, but warn them (in big, red letters) that email sent to those addresses may not get through. Presumably, if they are paying for this service, they do want the mail, so it's up to them to give you a working address. Maybe then, they will lean on their ISP to actually fix the problem.
"Save the whales, feed the hungry, free the mallocs" -- author unknown
My company's emais were being dumped into the spam folder on Yahoo! Getting our email out of the Bulkmail folder was a lengthy process that took several attempts to start. I had to submit sample copies of our standard emails, and a copy of our privacy policy, and a rather lengthy survey. They reviewed the information, put us on probation, and reviewed the findings at the end of a month. My company is legit. I had no doubt that they would back our company off the blacklist. Incidently, the only way I found the proper channel to report the problem was to contact corporate HQ. Some deep digging was done and I finally ended up with an email address to report to: mail-abuse-bulk@yahoo-inc.com
Postfix tells them to fuck off or Spamassassin routes the message to /dev/null
Sounds like the Habeas Sender Warranted Email Solution would help here.
Basically you just have to include a special, copyrighted Haiku in your e-mail, and most spam filters will let your mail through. The Haiku warrants that your e-mail is not spam, because you have to license the usage of the Haiku, and the terms prevent from using it in spam mail.
I'm not sure if Hotmail respects the Habeas Haiku, but it might be worth a try.
Martin May
no seriously, yahoo's bulk mailer is picking my evits up as spam, so people are not getting their evites... Can I sue?
Only 'flamers' flame!
Does slashdot hate my posts?
For about a year now, I have tried a new anti-spam approach. Previously, tried black listing, white listing, and etc.
Problem is that the spam keeps coming, and sucks *my* bandwidth.
So I thought about it... And here's what I do. I use a hotmail account. With spam protection. Set to DELETE spam. I use a script (gotmail) to read the hotmail and transfer to my "real" email. Hotmail does a pretty good job on anti-spam, *and* I don't have to bother about the bandwidth.
Once we have a relationship established, you get my "real" email.
And I'm sticking to it. Works for now -- I've only had 100ish pieces of spam in the past year. Note that Hotmail seems to have improved the anti-spam features in the last six months (there was a sharp drop in spam).
If I subscribe to a list, I *only* use the hotmail address. Bet your bippy. I don't *trust* you yet, and I don't know where that email address is going. If the list gets bounced -- I don't see it, and, frankly, I don't care that much. Better than getting hammered on my server using my bandwidth.
My sympathies though... good luck dealing with Yahoo, Hotmail, (__fill_in_the_blank___).
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
Our system uses e-mail to notify customers of status changes. For a while, AOL decided that we were spammers, althought that has just as mysteriously subsided. We have had intermittent problems across the board... in part because our messages meet a lot of the standard patterns for spam: includes links, unique identifiers (account numbers), etc. We have tweaked them over time to be less likely to be mistaken for spam, but nothing we do seems to make it perfect.
To get around these problems, we have basically had to implement a private communication system in our product so people see notifications when the log in. For frequent users, this works well enough they can turn of the e-mail notifiers, but for very occasional users, having to log in to see notifications takes a lot away from the ease of use.
Frankly, I don't see a great fix anytime soon: the spammers have taken to copying legitimate e-mail messages into "hidden" text, while the actual spam is delivered via CSS and Image tricks...the battle rages, probably for at least the next ten years (at which point I'm hoping that public key cryptography will allow people to prove they are actually who they say they are) which is why we created a backup communication channel.
Sig under construction since 1998.
buy a laptop & wardrive you way to an open access point et voilá, one clean spamming spot.
rinse, repeat until everyone is blacklisted, move town
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I don't understand the need for email at all. If you're telling 600 people the same thing, and this is information these 600 have paid to get, surely a better solution would be single web page these people could check occasionally. Even if 600 people gave you 50 cents a piece for the info (I'd guess a lot more), that $300 would pay for cheap web hosting and a domain name for years to come.
This question was worded in a fairly confusing manner, either hotmail is blocking him because he's mailing 600 people, or it's blocking him because his emails sound like spam.
If your emails sound like spam, fool around with them until they no longer sound like spam. Mail your own test hotmail address and see how it's received. Hotmails spam blocking may not be perfect, but I'm sure it's not out to get you specifially.
If you're emailing all 600 people in one batch, that's idiotic and email each person individually. I would write a script to do this, but I'm sure there are less geeky tools available as well. This seems very unlikely, but I'm including it just in case.
---
I support spreading santorum
Change the text of the message. Change the from address. Add random words. Use 1337-5p34k. Forge the headers.
Seriously, it depends on why you are getting filtered. If you are getting filtered by content, then the spammer's techniques may actually work. If you have been black-listed, then your best bet is to work with the ISPs to see what you can do to get taken off of their blacklists. If possible, have your users white-list you.
Software sucks. Open Source sucks less.
We don't talk to people on free mail services at all. We figure that if they can't do better than Hotmail (or even AOL), they're probably too clueless to deal with anyway.
There are ways to get around it. I've created a couple of legit mass email applications for clients (definitely not spam!), the most recent as a PHP app. It took quite a bit of tweaking, but I was able to get it to sneak the emails it generates past most spam filters.
Sending mass email using CC or BCC is just about a guaranteed way to trip the filters at AOL or Hotmail. I'm pretty sure they check the message id in the header, among other things.
For the most part, I tested by sending email thru spamassassin, and tweaking it to get the lowest score possible. There are other various techniques you can use too... for instance, spacing the timing out, or write your app in such a way that it doesn't blast the emails out to one ISP as fast as it can.
YMMV, but using these methods I've been able to send out 3k to 5k mass emails without many problems.
We have only the recruiter's word that he is not a spammer. Is his 600-client email the ONLY email he sends? I think we all know about the reputation that recuiters have. I've received spam from recruiters and I wouldn't be surprised at all if he was spamming to get new customers as well as sending his monthly updates to clients.
It's simple: I demand prosecution for torture.
I should have mentioned not to use Yahoo, also. Yahoo has shown itself to be very adversarial also, with its tricky practices opting users into receiving ads.
He could give free email accounts using Powweb as a web host. (650 email accounts allowed for $7.77 per month.) Powweb seems to be the best web hosting provider. Since all the mail would be coming from and going to his own domain, it can't be blocked. Isn't that a complete solution?
He could provide instructions to prospective customers about how to configure a new account in each of several email clients. He could tell them to use only their new account to communicate with him. Since the email activity would be only Powweb moving messages from one of their computers to another, there is unlikely to be any loss. (It's easy for a customer to know if he didn't successfully transmit a message to the Powweb ISP, because he will get an immediate error message.)
Do you have any experience with Powweb?
About two years ago, I reviewed 550 web hosting providers and came to the conclusion that PowWeb was the best for low- and medium-traffic sites. I've had to explain to customers that, even though Powweb is inexpensive, it is better than all the $30/month web hosting providers I've seen.
Once spam forces more to go down this track, I'm sure better tools, and better integration with desktops will open the flood gates.
These hopelessly ineffective anti-spam "services" fail to consider the impact of their business methods on the poor users. Every one is different. Every one wants you to do a Special Thing to prove your innocence. Every week someone else decides they have the ultimate solution to spam. They are a collective nuisance, both because of the meta-spam challenges their systems produce and because they needlessly delay mail delivery. And they never worry about what happens when dozens of others are trying to do the same thing in different ways.
If you want to harvest live email addresses, grabbing them from replies to an anti-spam "service" would be a great way to go. If you want to have people foolishly click a link exploiting the latest buffer-overflow vulnerability, an anti-spam "service" message should produce lots of hits.
Attention clueless anti-spam entrepeneurs: I don't know you. I don't trust you. I won't click your handy verify link. And I certainly won't pay you any protection money!
Yes, Powweb makes changes without warning their customers. Stupid. One Powweb tech support person told me that fundamental changes were made to the OS without logging them!
One influential tech support person at Powweb was very immature and very willing to lie. I see no evidence he is still at Powweb.
I think clients could be warned that there are often problem with Yahoo, AOL, and Hotmail email, and offered a free alternative if they want it. Properly introduced, I think a free, business-only email account would be well received.
My evaluation only took three whole days. That's because many hosting providers could be eliminated very quickly. Many provide a very narrow range of services, connected with selling web site design, for example.
Many hosting providers can be eliminated because their web pages indicate that they are badly managed.
Hotmail's filtering is notorious for dropping real email. They even drop transactional email (ie... you buy something from ABC, ABC sends you a confirmation of the order, Hotmail considers it spam).
Portable versions of Firefox, GIMP, LibreOffice, etc
Look, if you could get your message into my inbox by actions that you could take, then the SPAM filter has *failed* and would need adjustment.
The idea is to filter out things that look like spam. And I'm sorry, but what you say you're sending sounds like a lot of the spam I get, so it rightly should get filed as Junk.
That's not to say that it is, indeed, spam, if it's a pay for it sort of list. But the thing is that no email service deletes spam by default. If your message are getting foldered off somewhere, then it's up to the users to whitelist you and let your emails appear in their inbox instead of getting junkfiled. All of these free mail services have such capabilities.
But I would certainly hope that there would be nothing the sender of the email could do that would move his mail from my junk folder to my inbox. If they can, then the spam detection needs to be fixed. See the idea here?
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
And now he's got the gall to come whining to Slashdot???!
http://postmaster.aol.com/tools/whitelist_guides.h tml.
While the AOL users may have a reputation for being clueless, the postmasters at AOL.com do some cool things. As I recall, AOL was the first major ISP to start rejecting SMTP connections from hosts that did not have PTR records (reverse DNS).
I do not deploy Linux. Ever.
I know many individuals who run their own mail servers, and in fact many of them are themselves anti-spammers, they chose to run their own server because they wanted stricter spam controls than a commercial ISP would provide.
The only case I know of where you'd run into problems with anti-spammers by running your own (correctly configured) mail server would be if you are using a mail server hosted in dynamic-IP space assigned by your ISP.
In that case, outbound SMTP mail that is not sent via your ISP's mail server will likely be rejected by DUL (dynamic/dialup RBLs). But you are also almost certainly violating the ToS for your ISP by running a mail server on a dynamic home-user account.
I do not deploy Linux. Ever.
I do not see any information on whitelisting anywhere on the Hotmail web site.
I do not deploy Linux. Ever.
I believe they go through brightmail or another one of the big companies. You need to pay a big chunk to get onto their whitelists every year.
One of our anti-spam guys has been engaging in dialogue with a lot of the big mail providers like aol, hotmail and yahoo. You won't find it on their front pages, but if you dig around you'll be able to contact their post masters and work from there.
-- DrZaius - Minister of Sciences and Protector of the Faith
Confirmation emails for purchases are blocked.
Emailed newsletters that are paid for are blocked.
Emails from friends and family are blocked.
Forget it. Email is broken. It cannot be used in a reliable sense by any commercial entity. Partly this is due to the anti-spam activists that want all "commercial" email banned. Partly this is due to ISPs that implement filters and have decided that they do not need to whitelist anyone without performing their special procedure. You cannot win at this game - the anti-spam activists have won what they think is the game they are playing. Unfortunately, what they do not understand is the rest of the world is playing a different game with different rules.
I do not know what the final answer to this is, but email isn't any part of it. RSS might work, but this requires other software for clueless newbie users to install. I think the only answer is a web page where the user signs in to read messages, print receipts, and so on.