What Happens when Legit Services are Seen as Spam?

AssFace asks: "I run a blog that is dedicated to just things relating to spam (for the most part, the discussion is of how to stop it). I received an e-mail from a reader of the blog today that described the situation he was in. His words: 'I have a small recruiting business, with about 600 paying clients who are looking for jobs in education. About twice a month, I send an update message to all of them via e-mail. I also send them personal messages as needed. Unfortunately, Hotmail (which a great many of my clients use) seems to think that I am a spammer. With Hotmail's spam blocker set on "Medium," my e-mails go to the recipient's Spam folder. AOL and Yahoo may be blocking my messages as well, though I'm not yet certain.' I wrote my own thoughts on it and then offered it up to comments from the users of the site. My responses to his e-mail apparently weren't anything that could help his particular situation. So, regardless of the validity of this particular person's plea, what is a small business service to do if they are blocked by the major ISPs?"

Whitelists

[brunson]

Do those services support whitelisting his address?

Re:Whitelists

[eugene+ts+wong]

Why does the sender have to get on HotMail's global white list? Why can't the receiver put the sender on his own private white list? The story submitter said that the mail goes to the spam box, which means that it gets through, but it gets through & causes inconvenience. Once the recepient adds the sender to the address book, the mail should end up in the inbox. I could be wrong, though.

If these people want jobs, then they have to start being competitive. Learning to use email is a good start. It's important to use problem solving skills here.

Contact the ISPs.

[GregChant]

We have that problem here from time to time, and the way we solve it is by actually calling up or e-mailing the ISP explaining the situation. Usually they're helpful and will give you directions on how to prevent further blacklisting.

bondedsender.com

[njchick]

Ironport, the owner of Spamcop, allows you to deposit a bond to certify that your e-mail is legitimate. More info at www.bondedsender.com.

Is he actually being blacklisted?

[michaelggreer]

Is Hotmail blacklisting (ie, he can't send even one email there), or is it just balking at the 600 addresses in the cc or bcc list? Many ISP's see such bulk mails as spam, and block them. The solution is simple: send them out in batches of twenty. There are many mail management applications that will do this for you. I ran into this problem myself, and turned Mailgust for batched sending. -Michael Greer

Re:Is he actually being blacklisted?

[Frizzle+Fry]

I don't think they're that stupid. If they see you sending identical emails to lots of people, they block it, even if they come in separate batches. Otherwise it would be too easy for spammers to do the same thing (I guess the first batch or two might get through). Even if this works for now, it seems likely that this could stop working at any time, so I would much perfer a real solution (like talking to hotmail and showing them what you're sending, or having users whitelist you if possible) to trying to hack around their spam filter in the same way that spammers do.

Find out why

[Finni]

This is probably pretty easy. He needs to get the mail headers from his clients that are affected by this. Each provider probably adds X-headers that add up to a score, a spam determinant. Some providers may choose to not put a detailed score listing in, oh well. I know that the system we use is based on SpamAssassin, and every rule has a weight. Things like entries in DNS-RBL add to the score, or no reverse-DNS, Bayesian scoring, keywords, etc.

Find out why, and fix each thing that comes up. Maybe his mailserver has no reverse DNS, fix that. Maybe his ISP or his IP is on a blacklist, get it fixed or take his business elsewhere. Maybe subscribe to a service that handles email marketing responsibly, like (gasp) Microsoft's bCentral, they will make sure that they don't get blacklisted.

Whitelisting and education

[squiggleslash]

I've found that Yahoo's spam filters routinely block friends of mine - they'll forward me a joke, and because that joke is doing the rounds, it'll be treated as spam by default.

So, basically, I have to do two things. First, I never just blanket-empty my Bulk folder. Second, when I find someone being put in Bulk, I add a "rule" that automatically moves email from them into my Inbox. Unfortunately Yahoo doesn't document that this is what you need to do, so less experienced users wouldn't use this as a solution, if they knew how to do it at all.

I say whitelisting and education in my Subject line, the second is important. I try to persuade people to send email to my home address (which has an effective, no false positives, system enabled, based upon allocating every entity who wants to do business with me a unique, deletable, email address. No, before anyone responds, this isn't like the service that provides you with throwaway email addresses, that's a dumb idea that's likely to just end up with your domain blocked, I want legitimate businesses to be able to do business with me, and do so often on a long-term basis, I'm not trying to scam anyone) if the email absolutely does not have to be read by me at work.

More importantly, people have to realise that most filter-based systems, be they dumb like SPEWS or "learning" like Bayesian systems, carry the risk of blocking legitimate emails - SPEWS type systems are especially bad because their definition of "guilty" includes "being a customer of an ISP that also has a spammer as a customer" and there are anti-spam blacklists that have entire countries listed. The blacklist technologies are a kind of lynch-mob justice, they feed people's lust for revenge, but they ultimately seem to cause more problems than most. The non-blacklist filters, such as Bayesian, are better and not endowed with such a legacy, but they still carry some risk.

The point ultimately is that people need to know that anti-spam systems do not just block spam. You should devote a day a week going through your "marked as spam" messages if your email is important to you - most of the time it's a five minute job anyway, if my experience with Yahoo's bulk mail folder is anything to go by. It's not like you have to read anything more than the names and subjects for the most part.

Report it...

[iamchris]

My company's emais were being dumped into the spam folder on Yahoo! Getting our email out of the Bulkmail folder was a lengthy process that took several attempts to start. I had to submit sample copies of our standard emails, and a copy of our privacy policy, and a rather lengthy survey. They reviewed the information, put us on probation, and reviewed the findings at the end of a month. My company is legit. I had no doubt that they would back our company off the blacklist. Incidently, the only way I found the proper channel to report the problem was to contact corporate HQ. Some deep digging was done and I finally ended up with an email address to report to: mail-abuse-bulk@yahoo-inc.com

Habeas

[wintahmoot]

Sounds like the Habeas Sender Warranted Email Solution would help here.

Basically you just have to include a special, copyrighted Haiku in your e-mail, and most spam filters will let your mail through. The Haiku warrants that your e-mail is not spam, because you have to license the usage of the Haiku, and the terms prevent from using it in spam mail.

I'm not sure if Hotmail respects the Habeas Haiku, but it might be worth a try.

Re:Blacklist the blacklisters

[cloak42]

Or, you can accept the addresses, but warn them (in big, red letters) that email sent to those addresses may not get through.

If you try sending any email with big, red letters in it, it's DEFINITELY going to be marked as spam.

Sad, but a vital piece of my anti-spam now

[ratboy666]

For about a year now, I have tried a new anti-spam approach. Previously, tried black listing, white listing, and etc.

Problem is that the spam keeps coming, and sucks *my* bandwidth.

So I thought about it... And here's what I do. I use a hotmail account. With spam protection. Set to DELETE spam. I use a script (gotmail) to read the hotmail and transfer to my "real" email. Hotmail does a pretty good job on anti-spam, *and* I don't have to bother about the bandwidth.

Once we have a relationship established, you get my "real" email.

And I'm sticking to it. Works for now -- I've only had 100ish pieces of spam in the past year. Note that Hotmail seems to have improved the anti-spam features in the last six months (there was a sharp drop in spam).

If I subscribe to a list, I *only* use the hotmail address. Bet your bippy. I don't *trust* you yet, and I don't know where that email address is going. If the list gets bounced -- I don't see it, and, frankly, I don't care that much. Better than getting hammered on my server using my bandwidth.

My sympathies though... good luck dealing with Yahoo, Hotmail, (__fill_in_the_blank___).

Ratboy.

Suffered this.

[Godeke]

Our system uses e-mail to notify customers of status changes. For a while, AOL decided that we were spammers, althought that has just as mysteriously subsided. We have had intermittent problems across the board... in part because our messages meet a lot of the standard patterns for spam: includes links, unique identifiers (account numbers), etc. We have tweaked them over time to be less likely to be mistaken for spam, but nothing we do seems to make it perfect.

To get around these problems, we have basically had to implement a private communication system in our product so people see notifications when the log in. For frequent users, this works well enough they can turn of the e-mail notifiers, but for very occasional users, having to log in to see notifications takes a lot away from the ease of use.

Frankly, I don't see a great fix anytime soon: the spammers have taken to copying legitimate e-mail messages into "hidden" text, while the actual spam is delivered via CSS and Image tricks...the battle rages, probably for at least the next ten years (at which point I'm hoping that public key cryptography will allow people to prove they are actually who they say they are) which is why we created a backup communication channel.

Re:Rule: No AOL or Hotmail.

[dyefade]

...you will not take anyone as a client unless they...
He's running a small business. For a massive company like Amazon or eBay, yes, this is an ideal solution, but he shouldn't be forced to alienate clients because of their choice of email provider/ISP.
This should be an extreme last resort!

Use Powweb: 650 free email accounts.

[Futurepower(R)]

I should have mentioned not to use Yahoo, also. Yahoo has shown itself to be very adversarial also, with its tricky practices opting users into receiving ads.

He could give free email accounts using Powweb as a web host. (650 email accounts allowed for $7.77 per month.) Powweb seems to be the best web hosting provider. Since all the mail would be coming from and going to his own domain, it can't be blocked. Isn't that a complete solution?

He could provide instructions to prospective customers about how to configure a new account in each of several email clients. He could tell them to use only their new account to communicate with him. Since the email activity would be only Powweb moving messages from one of their computers to another, there is unlikely to be any loss. (It's easy for a customer to know if he didn't successfully transmit a message to the Powweb ISP, because he will get an immediate error message.)

Re:Use Powweb: 650 free email accounts.

[RevDobbs]

First, that "solution" forces his clients to check another email account. Major PITA (?) .

Second, while PowWeb provides good web hosting for $7.77 a month, bear in mind that you get what you pay for, and that I have been less-than-happy with some randomly introduced email issues.

Do you have any experience with Powweb?

[Futurepower(R)]

Do you have any experience with Powweb?

About two years ago, I reviewed 550 web hosting providers and came to the conclusion that PowWeb was the best for low- and medium-traffic sites. I've had to explain to customers that, even though Powweb is inexpensive, it is better than all the $30/month web hosting providers I've seen.

Re:Blacklist the blacklisters

[punkki]

My employer (a university) routinely ends up on blacklists because of students/departments/whatever that don't patch their machines and end up being used as relays.

So, your staff makes a mistake, somebody notices and enters the IP in a blocklist. Suddenly _blocklist operators_ are a*holes? Hmm. What an interesting world you're living in.

Answer: You don't.

[Otto]

Look, if you could get your message into my inbox by actions that you could take, then the SPAM filter has *failed* and would need adjustment.

The idea is to filter out things that look like spam. And I'm sorry, but what you say you're sending sounds like a lot of the spam I get, so it rightly should get filed as Junk.

That's not to say that it is, indeed, spam, if it's a pay for it sort of list. But the thing is that no email service deletes spam by default. If your message are getting foldered off somewhere, then it's up to the users to whitelist you and let your emails appear in their inbox instead of getting junkfiled. All of these free mail services have such capabilities.

But I would certainly hope that there would be nothing the sender of the email could do that would move his mail from my junk folder to my inbox. If they can, then the spam detection needs to be fixed. See the idea here?