Slashdot Mirror
AOL Treats Florida Emergency Alerts Mail As Spam
ScentCone writes "Florida's Indian River County has 4,200 subscribers to their e-mailed emergency alerts, which provide a heads-up on hurricanes, tornados, and other weather events. Subscribers like it, but if they're using AOL mailboxes, those alerts are being treated as spam. All of the subscribers get the mail blast as weather events unfold, and spam pattern detectors are being set off. The county emergency coordinator laments the resulting unreliability of the communication channel, and while few of us at this point think of cross-domain e-mail as reliably mission critical, the AOL-bound portion of a 4200-address blast doesn't seem like much in the spam scheme of things. My experience is that it doesn't take many receivers to mark mail as spam before the domain-wide filters lower some scoring threshold, and the pattern detectors kick in. How many of us run systems that include explicitly voluntary, opt-in e-mail subscription mechanisms which are then reported as spam by the subscribing recipients? This seems increasingly common, and even the whitelisting by smarter recipients doesn't fix it."
Our corporate spam filter (which is administered from Japan, BTW) will discard any email message that has the word 'test' somewhere in its title.
This produces considerable frustration amongst the engineers here, as our location happens to be a test facility....
^_^
____
~ |rip/\/\aster /\/\onkey
Spam filters not perfect, more to come...
I think this sums up the problem right here; are these people relying on email to keep them updated on potentially life-threatening situations? Don't get me wrong, these messages shouldn't be marked as spam, but depending solely on these email warnings is seriously asking for trouble, considering how many different things can delay these messages or even cause them to disappear completely. Email wasn't designed to be a bulletproof message delivery system.
I Am My Own Worst Enemy
I used to get filtered out by a few places -- mainly because I send from a Comcast owned IP address, and SPEWS although well intentioned, is monolithic and draconian, and flags ALL comcast IP addresses. I'm not complaining (too much) -- drastic times called for drastic measures. However, since I implemented Domain Keys (and probably more importantly since Yahoo! implemented it) I have not had a "your server is bad" email bounce.
Nothing great was ever achieved without enthusiasm
How can email be reliable for critical information? It can be lost easily, email address can be mispelled, the internet connnection can be down, computer that is checking the emails can be down, recipient can be playing games and didn't see the incoming emails.
Rock that crushes, Paper & Scissors that don't matter.
I dunno about you, but I'm going to look to a more universal broadcast media (radio, tv) for emergency info, not, "Hey, the sky's looking kinda dark & ominous, I better go check my email."
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Those mails are probably just "get-safe-quick" schemes anyway. Not surprising the spamfilter snagged 'em...
Paleotechnologist and connoisseur of pretty shiny things.
A freak hurricane has struck the AOL offices in Flordia. Officials are baffled as to why the AOL employees had no warning.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
I use Scan USA and a few other systems for alerts in California. The system itself connects to a couple of the region-wide emergency information networks such as the Amber Alert system, and can sent out information to a variety of sources such as SMS devices, etc. It's still in the early stages.
I do not see them being useful or reliable in a severe emergency like an earthquake, but they may be useful for Amber Alerts, a chemical leak from one of the oil refineries or weather alerts. I also worry if I'll see a message from Big Brother to keep an eye open for "Felon Guy Montag spotted at Spruce and Main streets", but that's another discussion.
Yahoo sometimes marks these messages as Spam, even if the sender is in my addressbook.
I have a couple theories why these messages are marked as Spam:
1. People may sign up with these alert systems and then forget they are on the mailinglists, and mark the email as spam. No surprise here, it happens all the time.
2. Many of these email alert systems don't contain useful content in the email. Instead, they ask you to click on a link to visit a website with more information. See this example from ScanUSA:
Subject: New Alert
SCAN, the Secure Cops Alert Network, has broadcast an alert:
Date Issued: 01.03.2005 12:01:21 PT
Alert Type: OTHER ALERT
Alert Priority: INFORMATIONAL
Click on this link to view the entire alert:
http://www.scanusa.com/viewalert.php?something
That's it. The "Alert" is pretty vague.
In a quick glance, many people may mistake this for Spam because they do not contain much of useful information, which makes it more likely that they will mark the alert as Spam. I get "Stock Alert" spam all the time.
It seems like the email itself should contain the actual Alert, with a hyperlink to the website with more information.
If the emergency email is sent to 50,000 people and everyone clicked at on the link at the same time, the site may die at the same moment when the Alert should be promote as heavily as possible.
When the site comes back up later on, the Alert may have been resolved.
"Can of worms? The can is open... the worms are everywhere."
In most spam-related studies I've seen, business users have consistently stated that losing 1 important email is far more costly than having 1,000 spam emails get through.
I get a lot of spam (usually around 2,000 per day), but I still think some of the measures taken to stop spam are actually worse than the spam itself. I'd rather wade through a few hundred emails that are spam than miss one important one from a client.
Why is the shotgun approach so attractive in fighting spam?
I'm beginning to see quite a few forums and other places that use e-mail addresses saying things like "Please don't use an AOL address here, enter another e-mail address" and so on. AOL is getting a bad reputation for its handling of mail.
AOL has no problem with blacklisting people willy-nilly, even if they're other ISPs. I only have experience with a few large companies and their mail systems, but all have been blocked by AOL at some time or another for some supposed transgression.
It's high-time that those of us who run web-apps, and the like, took a stand against AOL and banned the use of their e-mail addresses in our systems. They're more trouble than they're worth.
People bitch and moan about AOL blocking things, but they are easy to work with and willing to white list your mailings.
From a whois of aol.com
Technical Contact:
America Online, Inc.
22000 AOL Way
Dulles, VA 20166
US
Tel. 703 265 4670
Email: domains@aol.net
If you are doing mass mailings you need to setup a feedback loop with AOL in order to track the amount of complaints your mailings are generating. If you keep the complaint level below their set thresh hold you will not have problems with AOL, it's really as simple as that.
I am running a web site that gives out process assessments (long story). But after the assessments are set up, we churn out emails to each of the recipients saying "Hey! Your boss wants to to take this test. Click here to take it."
Needless to say, hotmail takes these emails and puts them in the junk mail folder. Lord knows what the other services are doing.
Now this isn't unsolicited email -- people are supposed to get this as part of their job. Are we supposed to give up on email if it involves sending to more than a couple people at a time. I even re-wrote the page to send out emails one-at-a-time: no luck. Still ends up in the spam box.
Seems to me like there's going to be a lot of businesses that have a real need for contacting people (besides sales) that are getting blocked. Anybody have a solution to this mess?
Just a thought.
(The NOAA alerts are all upper case for some reason. I bet the email they send out contains the raw NOAA alert, and that triggers the spam filter all by itself).
Raise your children as if you were teaching them to raise your grandchildren, because you are.
The real problem here is not the fact that spam filters aren't 100% perfect and will give false positives occasionally. FWIW, the real problem is not that people subscribe to (opt-in) mailing lists and then mark the messages they get as spam, either.
The REAL problem is that ISPs and Webmail providers use non-user specific spam filters that allow malicious users to perform what is essentially a denial of service attack. Of course, the users in this particular example who flagged the emails as spam are probably just stupid, not malicious, but I at least could just as well imagine spammers signing up for webmail services, sending each other spam and flagging it as valid email, for example, in an effort to "teach" the spam filter that it's not really spam after all.
The only real solution would be to move to a per-user filter configuration, but it's not clear to me how practical that would be. You could use a bayesian filter with automatic learning that also gets updated when the user reports false positives/negatives, and initially use another system (like SpamAssassin) until the filter is fully trained; but it's not clear what the computing costs of that really are (not to mention diskspace requirements for the token databases).
Considering the fact that signing up for these web-based services is usually free, I think that we will see more of this in the future.
quidquid latine dictum sit altum videtur.
This is a good demonstration of how spammers are messing things up for everyone. A handful of short-sighted and greedy individuals have turned email into a near-useless medium for many legitimate purposes.
But on the bright side, I hear a lot of the biggest spammers live in Florida? Great. Come the next hurricane season, I hope they all miss something important.
(Spudley Strikes Again!)
I'm surprised some enterprising sort hasn't created a blacklist for use by mailing list operators that tracks the likelihood of a domain's customers illegitimately reporting valid mail as spam. Then, newsletter admins could use that score as a guideline to how many hoops a would-be subscriber has to jump through before getting added to the list.
Coming in from a private domain that's never mis-reported ham as spam? Your reply to the confirmation email is enough to subscribe you. Signing up from moron.com with a mis-reporting likelihood of 35%? You can't subscribe until your mailserver admins have also acknowledged a confirmation message explaining what you're asking for and that you've already explicitly asked to do it.
Hmmm, I've been looking for a new project to start...
Dewey, what part of this looks like authorities should be involved?
The problem here is laziness. So many of us, me included, rather than just unsubscribing from opt-in lists, hit the junk button in our mail client. On my mac that's harmless. When an AOL user does it and the client reports home, it causes chaos. And it takes *forver* to get off these lists. I run a mail forwarding service for some local companies, Yahoo decided I was sending SPAM (I wasn't, but SPAM was being sent to the people I was forwarding mail for). I had to fill in the same form describing my "mailing list policy" three times, each time explaining I don't have a list and therefore don't need a policy..... Current anti spam systems are self defeating. We need something better. SPS is NOT it - http://www.spfsucks.com/ - Domain Keys is better, but really I think we need something better than SMTP. My suggested way forward would be that to be accepted by an e-mail system the mail *must* be signed with the identity of the sender, and their public key listed with a CA. Then before your server accepted the mail you could verify the sender, and SPAMmers could have their certs revoked quite quickly. Would probbaly need to be a government organisaiton though - don't want veriswine doing it.
SEO Firefox Extension
Why do people mark messages as spam that they willingly signed up for?
Several reasons. One is that the AOL user interface is pretty bad and it's easy to hit the button by accident.
Another is that people tend to select large swathes of messages in their inbox and mark them as spam in bulk, often mixing in the occasional legitimate email in the spam.
Another is that senders often don't make it clear enough who their email is from and the recipient clicks the This-Is-Spam button before they register that they really wanted it.
Another is that many people use the This-Is-Spam button as an Unsubscribe button, and click it when they don't want the email any more, rather than unsubscribing from the mailing list they signed up for. SpamCop gets used this way too.
(This all may or may not be related to the reason the mail was filed in the bulk folder, though. It was bulk email, the recipients hadn't whitelisted it... it's something of a crapshoot whether it'll get flagged as bulk in that case.)
Found this out in testing. We send messages to students enrolled in our program. I was initially bccing a large list. But places like Hotmail and Yahoo were marking them as spam.
My solution was to simply loop through the list of email addresses and send each student an individual message. A little more resource intensive, but since the messages are occassionally important for their their coursework(as opposed to the occassional "cookies in the lounge" type messages) we couldn't afford to have any messages marked as spam.
Having AOL subscribers not get tornado/hurricane warnings while they're surfing the Net instead of looking out their window or listening to the radio seems to me to just be Darwinian action.
... and icy extremities.
A way for the population to remove AOL subscribers from the gene pool, if you will.
Nature is a harsh mistress and hogs the bedcovers - plus she's got global warming
-- Tigger warning: This post may contain tiggers! --
Using AOL CAN in fact kill you.
They who would give up an essential liberty for temporary security, deserve neither liberty nor security
Oh come on! This is news? An organization is sending out a valid and useful message to a list of subscribers, and some of them have an ISP spam filter that misclassifies it as spam? So we jump on the company providing the filter as if this was intentional or policy?
Wake up, false positives for spam filters are not news, and it's disingenuous to have a headline that implies "ooh, look what the evil AOL is doing now..." Bah, FUD.
Trying to communicate legitimately with mass e-mail is sort of like trying to talk to someone at a rock concert. Your lucky if they receive even one word of it.
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
Problem was that the pager went off altogether too frequently, and my friend didn't care if there was a storm cell in -say- Flagler County, a hundred miles to the northeast. So he tried to unsubscribe, again and again and again... and those damned alerts just kept on comin'.
The list was really easy to get onto, but impossible to opt out of. My friend eventually had to change pagers to lose the things.
Moral: sometimes those broadcasts are solicited email that are no longer welcome, and there is no way to unsubscribe. I'd call that "spam": no-longer-solicited bulk email.
You must not value your time much. First off, I run a high volume mailing list/newsgroup/webforum that has been in operation since 1996. AOL is continually a problem, but nothing like recenetly
As of two weeks ago, all AOL and Compuserve subscribers were removed and the mailing list shut down to those domains.
1) They are not 'easy' to work with. My emails to 'postmaster' went unanswered despite their website saying it was a valid method.
2) Their 'feedback' loops, once you sign up, forwards to you the email that one of their users reported as SPAM. (never mind this is an opt-in w/ confirmation list). AOL strips the 'To' address so you do not know who to contact. It makes the feedback look useless for a mailing list. I have to spend a day or two configuring VERP to figure out who it was.
3) My entire domain got blocked because one AOL user hit 'Report this email as SPAM' a dozen times. It took 3 calls and 3 hours on the phone to resolve.
4) They do offer a 'whitelist'. However to sign up for the whitelist you must agree to their guidelines. http://postmaster.aol.com/tools/whitelist_guides.h tml
What BS is this? They want me to guarantee that my mailing list meets the AOL T&C?
'Any e-mail sent to AOL members must conform to AOL's Community Guidelines http://legal.web.aol.com/aol/aolpol/comguide.html'
5) The whitelist states that every email should have a physical address and contact phone number for unsubscribing. More BS.
'All subscription based e-mail must have valid, non-electronic, contact information for the sending organization in the text of each e-mail including phone number and a physical mailing address.'
They are currently content filtering emails too. Any member of my mailing list two posts a message containing a link to 'angelfire' or 'hotfire' domains are bounced. Entire digets are bounced because a users signature contains their angelfire homepage. I tried to modify the mailing list so that 'http://' was stripped, but AOL still rejected it. Some emails that only contained 'alturl.com' (kinda like tinyurl.com) are bounced.
i turned off the option 'block spam'. I have nice filters that *i* control. Not somebody else deciding for me what i will or won't see.
Here's a typical Florida alert email. We at AOL highlighted the words that tripped our email filter:
Dear Valued Florida Alert System Customer,
Please be advised that a cyclone developing over the Atlantic can MAKE A HUGE WAVE IN A VERY SHORT TIME!
This information is credited to Dr. Adewale Ngurubo, head of Nigeria's Natural Disaster Catastrophes department. We estimates potential damages to run up to 419 million dollars. THIS IS A SERIOUS WARNING!
[If you wish to be taken off the list, please click here]
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
The parent is the most complete and insightful comment so far on this topic.
To elabotrate (not attempt to half-sole), those of us who understand IT often grossly overestimate the average email/web user. I'd estimate that 90 percent of the people I know who use email are clueless about EVERYTHING. Click this, read email. Click this, delete email. Click this, send email. Click this, block email. That's the extent of their knowledge. Most probably think an IP address is the location of a public restroom, and believe Internet Explorer IS "the internet." And I'd bet that a huge chunk of them have at one time or another bought something through a spamvertized website.
Trying to educate them is hopeless--I know, I've tried. The best thing we can do is send as many as possible TO AOL, not try to lure them away from it. The protections AOL has in place makes knowledgeable users cringe, but they also protect the rest of us from clueless users, and those users from each other and themselves.
I say go AOL, go!
Ignorance is curable, stupid is forever.
Yes, that is what I did. However, this is very inefficient. Normally when you run a mailing list the same messages gets sent in one 'smtp' exchange with a mail server. Think of sending the same message to 50 recipients. Only one copy of the message is needed and you tell the AOL SMTP server the 50 recipients. Once you start having to 'personalize' each message, that one message needs to be sent 50 times to each recipients. A waste of time and bandwidth.
Trying to educate them is hopeless--I know, I've tried.
No, it's not hopeless. It's hard. Those are not the same things. It takes patience and time to learn something new, and it takes patience and time to teach something. Just because you give up doesn't mean the task is impossible.
Hopefully, technology will get to the point where most users can both not know the details of the computer, and also not manage to mess things up at the same time. I think we're getting there. Slowly.