Slashdot Mirror
Are Spam Blockers Too Strict?
Myrte writes "Wired.com has a long piece on whether spam blockers are blocking wanted messages." From the article: "For years, e-mail users complained that torrents of unwanted messages clogged their inboxes and crimped their productivity. Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages. AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem."
No.
Thanks to my damn spam blocker, I've missed out on hundreds of opportunities to accept millions of dollars from Nigerian royalty.
Slashdot Burying Stories About Slashdot Media Owned
I'd gladly lose wanted messages in order to never see unwanted messages.
web site http://geocities.com/UxiQinsardWalli/
comfortable-looking light, as it might be a fire or torches twinkling.
When they had looked at it for some while, they fell to arguing. Some
said no and some said yes. Some said they could but go and see, and
anything was better than little supper, less breakfast, and wet clothes
all the night. Others said: These parts are none too well known, and
are too near the mountains. Travellers seldom come this way now. The old
maps are no use: things have changed for the worse and the road is
unguarded. They have seldom even heard of the king round here, and the
less inquisitive you are as you go along, the less trouble you are
likely to find. Some said:
After all there are fourteen of us. Others said: Where has Gandalf
got to? This remark was repeated by everybody. Then the rain began to
pour down worse than ever, and Oin and Gloin began to fight. That
settled it. After all we have got a burglar with us, they said; and so
they made off, leading their ponies (with all due and proper caution) in
the direction of the light. They came to the hill and were soon in the
In short, no!
This guy's the limit!
The absolute biggest piece of hilarity is Norton Antispam. People rush out and buy it, and install it on their computers. Usually they never do anything in the way of setting it up (just expect it to work magically), but that makes no difference because it continually reconfigures itself on its own whims.
:rolleyes:
And then they call and abuse their ISP support personnel for days on end of "I'm not getting any of my damned email!!"
And it's all right there in their 'Deleted Items' folder.
do() || do_not();
Honesty may be the best policy, but by process of elimination, dishonesty is the second best policy.
Um, error exists in both directions. Limiting error in one without concern for the other usually increases the other. (Instead of limiting the error you usually shift the range.) This is known.
What's news here?
'Sensible' is a curse word.
I can't send email from my work place to my free register.com hosted account because I had emailed myself some links to look at while at home. Apparently the spam bot assumed messages with just a subject and links and flagged my work address as spam.
I couldn't get them to undo the change... But it is a free service and I figured I won't get anywhere if I push it and these days I just send any emails with links to my hotmail account.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem.
Well, then. You can simply pay a fee if you want to continue that Lord of the Rings Mailing List! (http://www.out-law.com/page-6611)
I'd like it if my spam filter could "mod up" non english email.
:) (this probably wouldn't fly at work, but for his personal email it's fine)
most of my email correspondance isn't in english, while most of my spam is in english... I've instructed my dad to delete ANY mail with an english subject if he doesn't know the sender before opening it, and that seems to work out fine, english is his 3rd/4th language and only has 2 contacts using it. If something is important enough, he'll get at call about it
Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email. It's kind of a stupid question with a "WELL DUH!" answer.
Not trying to put out a flame but really guys...
The race isn't always to the swift... but that's the way to bet!
It's more that SMTP is too broken. The model we use to communicate with each other is sadly too open, given the potential of the technology for automation. The real solution is to extend or replace SMTP completely.
Luck favors the prepared, darling.
Not even if they let you reach through the internet and castrate the spammer. With a spoon. Full of lemon juice. And margarita salt.
Weaselmancer
rediculous.
I get so much spam a day even with blocking software. Sadly some of the titles make me giggle. I do like that one that states it's topic is "cure all diseases" then when read further it is for viagra. Glad i don't have that disease.
It's like inviting someone to a party & you agree that they can bring their "affiliates" along. Your invitee shows up with 20 strangers & whoever you have working the door says "I don't know all these people, they aren't allowed in."
The solution isn't to cry about the "gray" area, it's to explicitly tell people who the fark these affiliates are & what they'll be sending.
[Fuck Beta]
o0t!
When I get a message with a moderate probability of being spam, my spam blocker sends a message back requesting that the sender confirm the message. Works great. Those few legitimate senders stuck on a problematic server can still get their messages to me and so far no spammer has attempted to bypass it.
The only time it doesn't work is when the sender's spam blocker dumps the confirmation request or when the sender doesn't understand what to do.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Just like door to door salesmen and tele-marketers, mass e-mailers have ruined their reputation as a group and are no longer effective at what they are trying to do. If you want to keep your customers updated, offer an RSS feed, personalized with their user id if necessary. Times change, deal with it.
Occasionally, Gmail's spam filter places valid mail into Spam - once it was some user's request for an invite, once it was my cellular phone invoice, and once a Dilbert daily strip. So I have to wipe out the spam folder with caution - at least I have to read every subject.
Pretty easily. You can tell it which languages are good, and which ones aren't ones you'd be expecting. I get a lot of German spam because of my last name, so it's pretty easy to pick out.
If a user has signed up for a mailing list, and doesn't get what they asked for, then that's a false positive, no matter how commercial the mailing list. And this does happen. So in that respect, spam blockers are too strict.
But on the other hand, I fish out a few false positives from my spam dump every month and look to see why they were blocked. In most of the cases, it's because the mailing list operator is doing something dumb. For instance, the last false positive I received - for a legitimate, informative mailing list I deliberately signed up for - triggered my spam filter because of forged headers, two counts of malformed headers, and every other line was in all caps.
The reason why they were caught out was because they used what appears to be a mass mailer designed for sleazy purposes, and they didn't bother with any QA.
Anybody who is running a mailing list should follow a few simple rules:
That's what I consider to be common sense, but apparently common sense is hard to come by these days.
Bogtha Bogtha Bogtha
My experience, though, is that it isn't the spam catching software that works with typical desktop email applications like Apple's Mail, Entourage, Thunderbird or Outlook that's too strict (sometimes far from it, especially w/regards to Entourage); it's the spam catching software used by Webmail providers like Hotmail and Yahoo's Mail.
I know it's in their best interest to flag as much stuff as Bulk Mail as possible (which can then be filtered into a bulk mailbox, and removed automatically after 30 days), but until I recently switched hosts, everything I was sending to Yahoo or Hotmail was going into the Bulk Folder. Now, I think this may have been due to my hosting provider, but all the tests I ran seemed to indicate that they weren't on any blacklists, or anything like that.
I even took the time to implement SPF records for my domains. This had a noticeable effect in GMail, which actually adds a header to incoming mail stating whether an SPF record was found and followed; it had no effect in Hotmail, however, which is maddening, since it's Microsoft's stupid initiative!
I don't know what the answer is, but we're not there yet.
concrete5: a cms made for marketing, but strong enough for geeks.
Our corporate email is outsourced so I have little control over it. At first glance, it seems that users should be able to individually control their SPAM settings since each user has the option to configure SpamSheild Pro to match their tolerance for spam and tell the system how to process suspected spam. But there's a "secret" filtering process that happens before mail ever gets to SpamShield. It'll generate a soft-bounce back to the sender and the recipient is never informed that a message was blocked.
SpamShield is set, by default, to dump spam into a spam folder than the user can monitor. If something gets in there by mistake, the user can whitelist the sender or lower the threshold for spam detection. But if it never gets that far, they have no idea they're missing anything and the user has no way to adjust the settings for this "secret" pre-filter.
To me, this just seems stupid. Back in the olden days, my ISP was one of the first to implement user-configurable spam filtering. I didn't turn it on because I wanted every bit of mail to be stored on a system that I could control. I didn't want anything being set aside in a temporary folder where it would be delted in a week or two. Now I've got an email system that doesn't even tell me when it rejects mail.
accidentally deleting your airline reservations while wilding trying to remove spam from your inbox so you don't MISS the airline reservation mail..
*sigh*
what you get for not paying attn to the little box in lower left of the thunderbird window..
anime+manga together at last.. in real time.
They're absolutely too strict. I've added myself to Hormel's email notification list countless times, but their messages never get through to me.
This guy's the limit!
Yes, it's gone too far.
I can't email my own father. I can't email bug submissions into gnome.org using bug-buddy. I use my ISPs mail server. What's the huge problem?
If you run a mail server, please respect abuse@ and postmaster@ accounts, and please don't ever reject mail being sent to those accounts! Ever!
This is what happens when you don't think forward on protocols. The cure, in the form of hundreds of attempts at everything from Baysien filters to source-IP blockers, seem to always fail. Why? Because SMTP, our mail protocol, is based on telnet, 7-bit ASCII, and easily fudged authentication. Worse, 'thinking' filtration systems use a rules basis that appears to work, but can never work because the rules can change, as any successful spammer knows.
Then, we get a bunch of techno-idiots like the US Congress to legislate email relationships, miserably, contributing further to the problem.
The real solution? Simple blockage. Route the bastards to 127.0.0.1. Force authentication of the address and its owner before it can go out of the blocked ACLs. And if it happens again, shunt the address to a different CIDR block. Or re-write SMTP. That's all that's going to work. Nothing is foolproof because fools are so ingenious. Never underestimate the power of a hacker, and locks keep your friends out, your enemies have pick tools.
---- Teach Peace. It's Cheaper Than War.
I have yet to find a single "wanted" e-mail end up in my Spam folder in Gmail. I get maybe 1-2 "unwanted" e-mails in my Inbox, that I quickly mark as spam and never see again. Most of those tend to be in languages I can't read. I wish I could just block all e-mails that aren't in English, but that doesn't seem to be an option yet.
What?
I really have had no issue with any spam blocking stopping legitimate mail in year. When that happened, it was Yahoo! Mail which was blocking legitimate e-mails from friends with overseas e-mail addresses, in particular one ending in .nz, I believe. Otherwise, I really have had no problems, though I do not use commercial/3rd party blockers.
When I was actually using Outlook '03, I really had no problems except that junk still got through. The problem of junk still getting through happens on Yahoo! occassionally, but I attribute a lot of this to spammers just getting craftier and finding ways around the filters that they use. Gmail isn't too bad either, though my junk mail there is much, much lower then any of my other accounts and most the junk mail I do get is from my forwarded college e-mail address, which apparently started picking up a lot of spam sometime while I was still in college.
"Some days you just can't get rid of a bomb."
Well, spam blockers aren't humans reading the e-mails, and who but the recipient will always know if something is wanted? I mean, I may not want Viagra (no need without boy bits), but you might. If users want to complain, they ought to take a look on what it's like to create the anti-spam and anti-phishing programs. There is quite a lot to it, and not so many of us who do it for as many users as there are. Here, at my company, the spam department has just a few people who evaluate potential spam mail (or phishing, depending on which section the person is assigned to). If it's spam, our software is programmed to identify it based on certain criteria. If something is filtered out, it goes to the junk box. The user has the option to go through that box nand white-list anything marked as spam that they may actually want when they have the time to do so. It's much more efficient than going through your inbox and having to manually soft out the spam yourself. Spam filters are meant to assist, not to 100% take care of the problem. It's a piece of software that follows instructions literally. If I send you a legitimate e-mail about medical findings on Viagra and your filter identifies e-mail with the word "Viagra" as potential spam, assuming you're using a basic filter versus something like a Bayesian, it's going to get thrown in the junk box. How is it supposed to be able to identify it as legitimate? Even with Bayesians, words identified as spam words may have a legit use, but enough use of those words will give it a rating neccessary for it to be marked as spam. The simple solution, if someone is worried about legit mail going to their spam boxes, is to not use a spam filter at all. Then it will all go to their inbox. And who knows. You just might find yourself the lucky one standing to gain several hundred million dollars. (Something I find humorous - I had to edit this post to get it through SlashDot's filters!)
It's a girl!
I used to work for a company that sent emails to medical professionals regarding ongoing clinical drug studies.
These emails absolutely took "opt-in" to the next level.
Not only did the doctors opt-in to receive these emails, they had to go through a fairly rigorous screening process to be eligible to receive them. On top of that, it actually would have been highly illegal for us to send these emails to others!
So, needless to say, the emails weren't spam and were going to modestly-sized email lists of 100-1,000 total recipients, approx 25% of which were AOL users.
And still, we had countless problems with AOL blocking them. AOL never listened nor responded.
OtakuBooty.com: Smart, funny, sexy nerds.
and mailing list owners) only one should have any say in whether spam filters are too strict or not. I'll give you two guesses, and to make it easier I'll tell you up front: it ain't marketers or mailing lists.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
Oh, and this is one of my favorite spam mails, copied and pasted exactly. Try making a filter that knocks this out. My company's software did, intentional spelling errors and all.
Everybody knows the great sexual scandal known as "Klinton-Levinsky". After the relations like this Klintons popularity raised a lot! It is a natural phenomenon, because Bill as a real man in order not to shame himself when he was with Monica regularly used Voagra. What happened you see. His political figure became more bright and more attr= active.
It is very important for a man to be respected as a man!
See our Voagra shop to enter upon the new phase of your life.
It's a girl!
Your whackamole solution doesn't work either. Too many zombies at otherwise legitimate organizations. Would you victimize them even more?
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
OK Here is the part of the article that I like... Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking Does anyone see the hilarity in this? Marketers and mailing list operators are worried that their spam isn't getting to people because of spam blocking. Umm, yes...that's the idea. What makes some marketer think that I want their email? Pretty good chance that I do not.
Mean what you say...say what you mean.
AOL allows its users to click "This is Spam" on whatever message in the inbox that the user perceives as spam. It doesn't matter if the user opted into the list, if they decide one day that they don't want to be on that list anymore, they click "this is spam." and if the complaints for that list go over a threshold, ALL connections from that email server are blocked. The threshold? 0.1%. It gives control of their blocklist to the whims of their users.
It's basically an admission on AOL's part that they don't have the capacity to deal reasonably with senders, that they have no ability or desire to distinguish between V!@gr@ spam and legitimate opt-in bulk email, and they've decided to err on the side of blocking third-party ACCREDITED email that their users have affirmatively signed up for. Do you want the OPTION to decide for yourself if emails addressed to you are spam? Then get a real ISP.
If everyone used Surgemail, spam is in full control of the Receiver and partial control by the sender.
.exe,etc)
http://www.surgemail.com/
And is one of the least expensive and MOST functional, Multiplatform system in a whole. Since we installed it. We ended up ensuring other client's mail servers have become into RFC Check, ensured blocking 99% of the spam to clients, and never ever send an executable virus to our clients (since it renames all executables to _exe,etc instead of
They say, "List operators, marketers, and email users complain spam filters are too strict." I'll bet 99% of marketers, 90% of list operators (not the 10% that are legitimate), and 1% of users think it's too strict.
Listen, when you go to your snail-mailbox and get the mail, you can pretty much tell which mail is good and which is junk, right? I mean, it's easy to tell letters and cards from family members and friends from bills and unsolicited junk. It's easy because there's a physical form of recognition taking place.
Email is tougher, because in most cases all you have to go by is a sender's email address/identifier and the subject line. Now I don't knwo if you've looked at those two things closely, but it's usually easy to tell when the email is spam (how many freinds do have named Lemon T. Viceroy?). Now, as reported, phishers are getting more sophisticated and they are making much more convincing emails that are tricking people into believing the email is from their bank. They's be able to save themselves some time and frustration by checking the email address vs. a legit email they've received from the bank.
I think blocking has to start at the user end. You have to put up a wall and say that only these addresses are legit and anything else is suspect. You dump suspect emails into a separate folder and peruse it for emails that are actually legitimate, and add a pass-through for them to your wall. It requires maintenance and vigilance, and cooperation from banks, credit card companies, etc., who have to make sure you know what legitimate addresses they will send emails to you with. Any left over emails you fire back to the senders and alert your ISP
Putting the responsibility for screening mail on the user is problematic, but it's certainly a lot more efficient than having to listen to complaints about legitimate mail getting blocked constantly. I do this very thing constantly with my personal account and by using my ISP's spam filter, I'm doing a pretty good job of screening out the crap. By alerting my ISP of definite frauds, I'm hopefully making things easier for others. Of course, you have to make this system easy to use, or users will get frustrated and it won't work properly.
Maybe snail mail isn't dead yet for a reason.
GetOuttaMySpace - The Anti-Social Network
This should be a given. If you try to block spam, you are going to block some legitimate messages. Hopefully, your ratio of blocking spam messages against legitimate messages is good, but it will never be perfect. This is due partly because spam itself is subjective. A lot of spam messages can be picked out and determined to be a spam message by 10 out of every 10 people. But for some messages, its not that simple. It's just real subjective. Then you're asking an algorithm to use subjective logic to determine whether a message is spam or not and problems just occur. Like I said, for the most part these filters work pretty good, but its not going to be perfect and anyone that thinks so, is just not thinking straight.
I am not opposed to some degree of flagging an alleged spam message, but to discard it without the end user knowing about it is where issues begin to arise. By flagging a message, the end user is able to use their own discretion to determine whether a message is a spam message and they can do whatever they want with those messages.
This isn't to say that RBLs and spamlists are a bad idea, just if you implement one of these, then be prepared for some type of backlash. Perhaps in some cases an RBL is necessary, but to think that using an RBL you are going to stop all spam and all of your clients are going to be happy, that's just wrong.
I know this isn't the final answer, but to me it is by far the most responsible and far reaching.
Will spammers register real domains, yes. Will they send emails with a fake from address that has at least a valid domain, yes. It makes it just that much harder, and makes it harder to use farms. If the SPF record has a huge subnet then the spam blockers can ignore it, and then put it on a watch list. At least we are adding some level of authentication to the process.
The cost of SPF is so little, I don't understand why their is not more push for it, and why we can't just give it a shot. I'd rather do that then go thru some authentication process with a company and then pay for some type of certicificate. Lastly, as a programmer I hate when all of the suden we have to do quadruple opt-outs, when the real problem is people sending gobs of rolex adds from their dorm room with or without their knowledge.
I've been quite happy with the spam-blocking service that my ISP contracts with (POSTINI), as their filtering service is quite customizable. Whitelisting the few false positives I've seen is very easy to do, even mailing lists.
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
Force authentication of the address and its owner before it can go out of the blocked ACLs.
This would be so trivial to bust thru and automate it isn't funny. What happens to zombie machines? They can authenticate fine, so slip right by this problem. Instead of sending thousands of messages as fast as possible, use thousands of zombies and send just and handful messages each. You'll never trip the thresholds for volume and the spam will be buried in among the legitimate e-mail sent by that user.
Authentication is not a solution.
Learning HOW to think is more important than learning WHAT to think.
When you're driving down the road and you get hungry, how do you know there's a BurgerBell on the corner if not for the sign (which is clearly advertising)? What about things you don't know exist, or things that are new? How do you know to "go out and seek" a cool gadget if you've never heard of it before? Or never knew that it was possible to do what that tool does?
I'm NOT arguing that spam or junk mail is Ok. I'm just trying to point out that not all advertising is bad. Intrusive advertising like telemarketing, spam, and junk mail is annoying (and I work hard not to purchase items advertised in one of these ways) but I'm not bothered by advertising in general.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
If the average marketing email didn't so closely resemble SPAM this wouldn't be a problem. I don't want email for life because I bought one product from a company 5 years ago. I have a folder set up at work to filter out the emails our marketing and sales people send INTERNALLY. I don't need an email every time they sell something, just like I don't think they want an email from me everytime I do MY job. If companies only sent mail to people who really wanted it there would be no such thing as SPAM. Your "Exciting Announcement" is my trash if I didn't ask you to keep me updated. That goes double for all the sites that insist I register with an email address to read their content. Do you hate it when people cypherpunk your site? Stop spamming them!
Insert pithy comment here.
[this message has been filtered by your ISP's anti-spam software]
hotmail's spam filter sucks so bad that it lets all the spam through and blocks most of the legitimate mail. i am not joking here at all... it's so bad that I just go straight to the spam folder to check my mail.
Like I care that these people are upset. Every one of their messages that gets through to me that I've never asked for upsets me, so what goes around, comes around. That fact that they're squawking in pain now is music to my ears.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Verizon.
I applied for their whitelist once. After about 2 or 3 months (no, I am not making this up) I got a cheerful response that I had been added, or approved, or something. I had long since forgotten about the issue and had contacted the person another way.
I don't understand why their customers put up with that crap.
Block them. Let their owners deal with their infections. Until they're known to have been cleansed
ROUTE THEM TO NULL.
---- Teach Peace. It's Cheaper Than War.
It works great. I have never had a legtitimate email blocked fom them in almost two years and on the flip side, very few pieces of spam (1 a month at most) get through [1]. Our user population does get some good email blocked from time to time but Postini provides a web interface to manage the white and black lists. Considering we do not get many calls from users (which seem to call about everything), I would say the Postini web interface works fine and they are capable of using it themselves to forward on accenditially blocked email, or Postini is doing a decent job of not blocking what it should not block.
[1] I have not been stupid with my email address and Postini only has to block roughly 50 pieces a week.
I don't know how. Len('Sensible') > 4.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
So, likely, does every other spammer as well.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Faroese is a North Germanic language with around 47,000 speakers in the Faroe Islands (Føroyar). Faroese is closely related to Icelandic and the dialects of western Norway, though as a result of the isolation, the Faroese language has a distinctive character of its own.
We use the Barracuda 300 'spam firewall' appliance. I have yet to get a legitimate email blocked entirely. But sometimes they are 'tagged' and quarentined until the user verifies they are (or are not) spam.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages.
Marketers? Marketers don't have a say in it. They are spammers. If I want their information, I'll assume responsibility for making sure I can receive it. Thank you for your "concern" that I might be missing many valuable opportunities.
Secession is the right of all sentient beings.
How long until they outlaw spam blockers which don't give "legitimate marketers" a backdoor?
So 25% of doctors are AOL users. Now I'm really afraid to go in for my next checkup.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
There was a discussion about this perhaps two years ago in the usenet newsgroup favored by the anti-spam crowd. Because of the expense involved for network administrators, they tend to have rigid attitudes about blocking ranges of IP addresses -- along the lines of "Kill them all and let God sort them out".
Prevailing attitudes included blocking e-mail all IP addresses in China and Korea, plus all domains with free e-mail (e.g., yahoo.com). Those guidelines were being used in creating some blacklists.
Some of the same people rejected the use of techniques such as Bayesian filtering.
Forbidden /~wman/ on this server.
You don't have permission to access
Apache/1.3.33 Server at heima.olivant.fo Port 80
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
You know what? Its my friggin inbox. If I didnt ask, and its not a personal email, then I dont want to hear it. Keep'em the f**K out.
I use Gmail to check all my accounts. Never had a problem (that I know of...)
useless sig advice - Read Nabokov.
Of course, marketeers hate this, because it puts control entirely in the hands of the receiver. But it's the way things are going.
now obviously, a lot of spam does come from things like sales@domain.com, but I wish there was something that could simply cipher an email message for extremely improper written english! "Du U WUnT SUM EPHEDRA?? HOW ABooT SUm VIaGrxcA??
i mean, once they figure out that, it would probably block out 80% of all that damn Romulan spam... regardless, I've had some very important customer emails that were blocked thanks to Earthlink and AOL, and thanks to my sales@ address..
*plays the Apogee theme song music*
I think it's the only area of the internet that would greatly benefit from heavy regulation and cooperation between email providers. This whole attitude of allowing anybody to make an email server and fire off whatever the fuck they want has to go, either forever or until we get more international focus on catching and jailing spammers. Imagine if /. or any other similar site or online forum ran the same way, and just let anyone comment anytime in any amount from anywhere.
I know it'd be tricky to keep someone from getting to much power over the whole situation and gravely misusing it, but something needs to be done in this area.
Ex nihilo nihil fit.
.. free mail services EMBED adverts to pay for their service into YOUR emails. This is sometimes treated as SPAM.
People are always telling each other to be sensible, to go along with the flow, to not rock the boat to much...
'Sensible' is a curse word.
WHITELIST. If you want it, whitelist it. If you don't have it whitelisted, then the SPAM filter can classify it... If it does it improperly, then tell the filter that it is/isn't spam (as the case may be).
Teach the users how to do this, and let the whiners kill themselves with angst.
Yes, they indeed DO filter many of the legitimate emails - including ones that carry new business proposals, emails from colleagues, or ones coming as a part of an ongoing correspondence thread.
And you will never know if you have lost the deal or not - youll simply think the party you have contacted were not even interested enough to reply you, or the person you were in contact have simply chose to ignore you.
And this all comes courtesy of isps, and hosting providers. You pay them to lose your own money by using their services.
WORST is hotmail. Hotmail urges users to raise their junk filter to normal, a setting in which MANY legitimate emails, including the emails arriving to inform you of your domain renewal or registration goes to bust, without ever seeing junk mail folder. Then you have the infinite struggle to snatch your domain back from hit farmers at exorbitant costs in your hands. and this is one of the mildest monetary losses that can happen.
I dont even want to talk about what happens in hotmail's high junk filter setting.
Read radical news here
That doesn't do much good in practice. If someone finds they are not getting some email they want, they have to end up checking the spam box, which is often huge. And ISPs end up having to incur the costs (which they pass on to customers and/or advertisers) of receiving, accepting, processing, and storing all that spam (which spamware does not need to do).
People who are actually paying for email services should have the option to elect a service which does not accept any email whatsoever from any known spammer, or from any network known to continue to allow spammers to operate ... with a reduction in price equivalent to the reduction in costs involved. How many people do you think would elect to pay a couple dollars more a month to have a box where all the spam goes into? Some will. I suspect most won't.
now we need to go OSS in diesel cars
If I want something, I'll go seek it out for myself. Leave me the hell alone. It's not your place to constantly bother me.
In general, if people want something, they will seek it out for themselves.
Look, I'm with you. I hate this stuff as much as you. It's usually even a nice safe rant for a few insightful mods, but yours is practically a troll.
I can assure you that there are quite a few hundred thousand consumers out there who do not share our outlook on this subject, who become very hostile when you fail to keep them informed of important information, and who couldn't set up an RSS reader if their lives depended on it.
Sorry, I'd love to live in that fantasy world, but you have to face that it's just not reflective of reality.
Just thought I'd put this out there, since some Qwest cutsomers may not be aware of this.
About a year ago, my fiancee and I noticed that we were no longer getting e-mail from some of our mailing lists. (For instance, I stopped receiving VersionTracker daily e-mails. She stopped receiving e-mails from various political interest groups and animal welfare groups.) We both have e-mail accounts through Qwest Choice, which provides us with bundled digital cable TV and Internet service all through a single VDSL link. (Yeah, it's pretty weird to tell people I get "cable TV" delivered through my phone lines...)
I spent a good deal of time with the VersionTracker folks to track this issue down. Finally, we figured out that it was Qwest who was bouncing the messages. I then contacted Qwest to find out why, and to see if we could fix this.
The tier-one tech support folks at Qwest are usually the last people to find out when Qwest changes a network policy. For instance, when Qwest started blocking certain ports to prevent their broadband users from hosting websites and reselling bandwidth, the tier-1 folks continued to insist that Qwest didn't block any port numbers -- even months after the policy had been instituted. (Point in fact, I had to get Qwest to unblock outbound NTP requests so my Mac could set its system clock correctly -- some network admin at Qwest got overzealous and blocked NTP in both directions. At the time, Mac OS 8 didn't let you change the port over which you made NTP requests. It took several days before I was put in touch with a real network engineer.) So when I contacted Qwest about this problem, they naturally didn't believe me and quoted from one of their talking scripts...
Only after I explained carefully the steps I had taken, and identified myself as an IT professional who knows a thing or two about networking, did they finally listen and forward my requests to higher tiers within their support organization. That's when I finally got confirmation from Qwest management that yes, indeed, Qwest had quietly instituted a spam filtering policy without notifying their customers.
Furthermore, the way Qwest instituted this policy provided zero transparency. There is no e-mail quarantine system to allow users to provisionally unblock mail or whitelist a particular sender. I was also told flatly that there was no opt-out policy for this "service," even though I complained loudly that I hadn't been getting perfectly legitimate e-mails that I had signed up to receive. So if Qwest's servers receive a message that they think might be spam, it gets bounced back to the sender and I hear nothing of it. Therefore, the system won't tune itself.
I thought perhaps Qwest had loosened its filters, but when I recently E-filed my taxes, I didn't get confirmation e-mails back from either the IRS or my state taxing authority. Fortunately, TurboTax was able to check with the appropriate E-file servers directly and report back on the status of my returns, so the confirmation e-mails were not strictly necessary; they just would have been nice from a peace-of-mind standpoint.
The Wired article rightly hits the nail on the head: Only the end-user knows what they consider to be "desirable" and "undesirable" e-mail. That's why I rely on the junk mail filters in my e-mail client software (the OS X built-in mail client).
In the meantime, I'm still getting spam through my Qwest e-mail account, as is my fiancee. She claims the spam problem with Qwest is worse now than it ever was before they instituted this crude filter.
they will be treated like responsible businesses.
Make it easy for me to see that you are you and that you are a responsible citizen.
1. Only use names that have been signed up with you personally. With double opt in.
2. Use your own email servers or domain.
Do not make me wonder if an email is from you if it isn't in an address block that I normally see from you.
3. Easy and complete removals. By anyone, from anywhere. I'll click a link. I'll even reply to an email. Once. If you haven't removed the address by then, it's your fault.
4. Every month / quarter / year (more often is better), let me know that I'm on your list and how to get off of it.
I'm in charge of the email system for a small company. I want the legitimate ads to get through to my users. And I want to cut the spam down. If your behaviour is more like that of a spammer than a legitimate business, guess what's going to happen to your messages.
Just because it is easy and cheap to send a few hundred million ads via email does NOT mean that you should. When you behave like a responsible business, you'll be treated like a responsible business.
The solution to all of this, is dspam, of course.
We were previously running SpamAssassin for about 4 years with 13 RBLs and blackholes.us, and we were at 90% accuracy or so, and still seeing 10-20 spams slip through per-day.
I gave dspam a test, and after 3 days, we were already up to 95% accuracy, with ZERO spams slipping through.
Today, about 3 years later, we're now at 99.726% overall accuracy, again, with ZERO spams slipping through to any user's mailbox. For false-positives, the users can go to the web interface, check the "legit" emails getting incorrectly marked as spam, and have those sent to their mailbox, retrained as HAM. After a user receives 'n' number of messages from a specific address, they're auto-whitelisted.
dspam blows away anything I've ever used, ever. We're not seeing a single spam in any user's mailbox in 3 years, and we're at about 85% incoming spam per-day with 1 RBL.
So 25% of doctors are AOL users. Now I'm really afraid to go in for my next checkup.
:)
Hahaha. That was definitely my first reaction, too. But these people were prominent doctors in their field, so their average age was even higher than the average doctor's. I'd say the average age of these doctors was 50+ as far as I know.
OtakuBooty.com: Smart, funny, sexy nerds.
Lol! Well... I was able to add my work email address into my address book and I don't have a problem receiving.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Really now. The problem with unwanted, unsolicited emails is that they exist in the first place. If you aren't being sent a hundred ads for Viagra, mortgage refinancing, and the latest greatest boomer stock, then you don't have to have a spam blocker or filter installed, and you will miss exactly NONE of your important emails. Best way to do this? Unsubscribe from every spam you get. A daunting task, to be sure, but not if you use BlueFrog. It does it for you, and with almost half a million users, it is a force the spammers can't ignore. www.bluesecurity.com to get signed up and download the client, or if you're just looking for more information. I highly recommend reading up on it, as the last few days have seen a small war between one irate spammer and the half-million people who are saying 'enough is enough'.
This is one of the things SPF (http://www.openspf.org/) is meant to end - false positives. One of the problems with SMTP is that you can't build up a reputation by domain because anyone can claim to be you.
If a verified sender is sending [lots of] unwanted email, they are a spammer and should be blacklisted. Otherwise, verified senders should probably be trusted.
I work for an anti-spam company in their tech support dept. I can tell you we get many calls on how to catch more spam, as well as calls asking why this particular email got blocked and how to not block it in the future.
The problem is that spam wants to get through an employes every possible trick that it can, so we know there is no way to block every spam message and the occasional spammy good email gets through.
It's called MailLaunder.http://www.maillaunder.com/, check it out.
Whether something is spam or not is a subjective judgement. Computers, so far as I know, are incapable of making subjective judgements, and only filter spam based on complex content and sender algorithms.
When you apply an objective assessment of something that needs subjective assessment, you will invariably make mistakes on one side, the other, or both. You can set the filters strict enough to ensure that all spam is caught, and some wanted email will also be caught. You can set the filters so that all wanted email is delivered, and some spam will also be delivered.
This is not a failure of spam filtering technology. This is reflective of the current incapability of computers to have opinions.
Web 2.0 == Giant Blogspam Circle Jerk
The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.
/. a top-tier spammer was aggravated by their efforts and managed to get a list of addresses for those who signed onto bluesecurity. I just checked the "junk box" on my email server and have found that in the past 12 hours there have been about 50 emails entitled "bluesecurity.com" with a body containing the WHOIS record for their domain. Apparently, the spammers are already striking back with a vengeance.
Your argument makes sense but there is more to it than that. Spammers are starting to catch on that their techniques to thwart mail filters can be used to manipulate those filters to block other people's emails. THAT is still pretty inceniary. Let me explain what I mean:
Some time ago I signed onto the "bluesecurity" website as I was intereste in their counter-spam efforts. As we all know here on
Besides annoying the heck out of those unfortunate enough to be on the target list, the thought came to me that this could be a crude attempt to train email filters to block out any (legitimate) correspondence affiliated with bluesecurity.com. I think we're going to see a lot more of this in the future: Spammers for whatever reason select a victim (anti-spam organisations, Microsoft, Symantec, etc) and start sending out massive spams that either repeatedly mention the victim's name, website address domain, etc, or are crafted to look like legitimate correspondence from the victim. The scummy vermin that send out the spam are the same types that go on phishing expeditions so they've had practice imitating others.
Since so many people run email filters, once these filters intercept and mark those messages as spam then legitimate email from their victims are more likely to be blocked as spam. That's all I need is for a spammer to send a few dozen emails that look like Microsoft correspondence, only to have the email filter get trained to filter out REAL email from Microsoft about my MSDN subscription for example.
I am the net admin for a medium size dental office. My users haven't seen spam in their inbox in so long, they don't even know what it looks like.
The thing that makes this incredible is that my users consist of 50-60 young women with "CLICK ON THAT" disease, along with a few power users who subscribe to 2 or 3 mailing lists a piece.
And I'm using nothing more than sendmail+mimedefang+clamav+spamassassin. Haven't had a spam make it through to an inbox in 6 months, and no false positives in the years this system has been on line.
So no, they aren't too restrictive. They are just right.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
AOL is rumored to do most of its spam-blocking without notification to the sender or recipient, and that's a big problem and they're hardly alone in this behaviour.
If there's anything broken about SMTP's handling of spam, it's that you sometimes don't decide that a message is spam until after you've accepted it, so it's hard to provide synchronous notification in case it wasn't spam. (SMTP milters let you look at the message body and run it through spam filters before accepting the message if you want to do that, but a message might already be sitting in the recipient's mailbox before you figure out that 1000 of your users have received identical mail and 99 of the first 100 users that read it marked it as spam.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
4. Every month / quarter / year (more often is better), let me know that I'm on your list and how to get off of it.
Every mailing list I subscribe to has an unsubscribe link at the bottom. I think every mass-mail should do this. Simple and effective. If you're sending bulk e-mail you need to have somewhere in that a way to get off the list.
The big problem with this is that spammers can and do use this to confirm an address being legitimate.
And I'm absolutely *not* going to keep repeatedly checking the web sites of the dozens of technology vendors I deal with just to see if they've got anything new. I often want an asynchronous notification that I can look at now if I want or later if I want.
Some people like Dave Farber and Declan McCullagh have mailing lists with tens of thousands of users, and that's just fine. When I got my iPod connected to Apple's store, they asked if I'd like occasional notifications about stuff and I told them *yes* because that's what I wanted. And when Cisco has a major security bug on their routers, I want to know right now (on the other hand, when Microsoft has a major security bug, that just means it's Tuesday, so I don't need notification of that.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
g! (Stupid /. limited subject line)....
That's a function that's too important to leave to the connection provider. And ironic as well, as providers have been working hard to make sure they aren't held responsible for your ability to access questionable sites through them (pr0n, hate, etc.)., yet they seem to want to take on the responsibility to spam block for you. They're either responsible for the content or they're not, they can't have it both ways.
WRT spam blocking, if I don't have complete control over it it's time to find a new ISP.
Hotmail on the other hand, I use as a throw away email address, and have been marking stuff spam there for years and it still doesn't get blocked (repeat junk ads from U. of Phoenix, among others). Obviously *their* tech is useless for that anyway...
Fortunately I found out about it early and was able to work around it, but I can imagine that thousands of Tour de Cure riders who are emailing their friennds for support are experiencing the frustration of having their correspondence marked as SPAM simply because keywords are setting a red flag (give me money) or the source of the email (diabetes.org) is getting them blocked.
Shameless self promotion and diabetes research fundraising: If you want to sponsor me, an overweight nerd with a sense of humor and a soon-to-be-sore taint, on the Tour de Cure... Visit my Tour de Cure website
The following is a prime example of too restrictive filtering, along with my correspondance with GoDaddy support who refuses to help the customer. I didn't realize email forwarding traversed through their spam filtering in the first place.
And I mean that in the nicest possible way, I don't know how you could make such a statement after contemplating the issue for more than 30 seconds. People need to be informed of new products. That is a fact of life. If one day people stopped advertising (or you could enforce a complete ban) we'd be stuck with all existing providers of services, and they would "rest on their laurels" and not have to do much to keep our business, never having to fear new upstarts. Competition, and with it the "search costs" of advertising, always seems wasteful to those ignorant of the discovery process that makes up a market economy. In theory, it would be better to have just one factory for each product, rather than the "wasteful duplication", but realistically, such a monopoly would never discover newer and better ways of doing things.
Search engines and phone books are great. I don't dispute that at all. But they only help when you've already done a lot of legwork in identifying your need.
Nor do I dispute that certain kinds are disruptive. However, the ones that are, are typically already in violation of rights of yours that have nothing to do with advertising, and you're trying to use them to ridicule all advertising.
But perhaps the best argument for advertising is you. Rather than humbly sticking to a "just the facts" approach to conveying information to people who want it, you chose to identify yourself with the clever label "c0d3h4x0r", to fool people into thinking your posts are more with reading than they really are. Just like I dress nicely at work and use a creative resume to rook people into thinking I'm more competent than I really am. Just like women put on make up and do "other things" to rook men into thinking they are better looking than they really are. Are things things evil? Of course not. Yet that is advertising!
Apology to Ubuntu forum.
People at my company regularly received 80 spam emails per day when I started (Exchange 2000). I promptly installed a Linux mail gateway with Postfix as the MTA, Postgrey and Spamassasin. The very next day I had people coming to ME, asking me if I had changed soemthing on the mail server, because they only had a few messages in thier mailbox, rather than thier usaual dozens.
I'm telling you, you cannot count on AOL, gMail or whoever to control spam, and in my opinion, filters at the client level are stupid. You STILL recieve the spam, no matter what folder it goes to!! Host-based filtering is the ONLY way to go these days.
Works like a CHAMP too! Dns checks, RBL checks, destination controls, greylisting - and the last line of defense, Spamassasin for the heuristics scanning. After all that, there is no need to have client level filtering!
Btw, if you have never heard of Postgrey, it works AWESOMELY!
http://isg.ee.ethz.ch/tools/postgrey/
Contact me if you want some config examples, I'd be happy to help!
-Ponga
Simply put, spam blockers are not too strict.
It is unfortunate that people freak out because even the most efficient spam blocking system will occasionally have a false positive. A lot of this is also the result of spammers themselves, who forge legitimate from addresses on spam sent to other sites, some of which bounces back to the original mailbox from legitimate mail relays who are trying to inform users of an invalid recipient. For this reason, services like Spamcop's SCBL are problemmatic. Manual RBLs are more effective.
However, the real source of the spam problem right now are ISPs who refuse to monitor the illegal activity of their customers. Whether knowingly or unknowningly (and 99.9% of the time it's unknowingly) DUL/Broadband IP space is the source of the vast majority of spam/worm/trojan/phishing e-mails going out.
Every ISP knows this.
Every ISP also can stop it. Every ISP can easily and almost immediately identify zombie PCs.
Why aren't they doing anything about this? This is the $64M question.
My guess is because there are some legitimate companies also engaging in spamming and the ISPs want to protect them; probably the ISPs themselves are involved. For whatever reason, wholesale RBL blacklisting has proven to be the **ONLY** way to force ISPs to start policing and stopping the zombie activity of their customers. When their IP space becomes tainted and unusable for port 25 traffic, they can't resell the space for commercial purposes. I strongly urge all ISPs to adopt a hard line on this issue until all the major broadband providers (Verizon, AT&T, Earthlink, Comcast, etc.) start SHUTTING DOWN THEIR CUSTOMERS' SPAM ZOMBIES!
The next time you're watching TV and you see that boneheaded Earthlink commercial where they talk abot how they stop spam, pick up your phone and call their 800 number and ask them why they don't stop their spam from polluting the rest of the Internet?
All Broadband DUL space should now have port 25 filtered. AOL and Bellsouth and Cox Cable are starting to do this and it not only reduces spam for everyone else, but protects their own customers from being further exploited and compromised.
You meant to say SPF and DKIM.
"senderID" was an unsuccessful non-standard created by Microsoft hijacking SPFv2 with submarine patents and other deceits. Read up on MARID and see what I mean. senderID is dead, do not try to implement it, do SPFv1 or domainkeys if you want the current gold standard.
DKIM is the successor to domainkeys, and it's looking pretty good.
There is no "easy" involved in crypto, however. If you want "easy" do SPFv1... spoofing prevention with 5 minutes of work by any competent DNS administrator.
Spam filters that use Dynamic User Lists or Dialup User Lists as a major factor in classifying Spam are too strict. I am unable to reasonably obtain a static IP address. It would cost me over $100 per month extra to do so. As a result I run my server on a dynamic IP. I still want to send my email directly for many reasons. I find it very annoying when a Spam filter drops my email just because I am on a dynamic IP.
This is more. This is a regularly scheduled email that does nothing other than tell me that I'm still on their list and how to get off of it.And I have no problem with that.
I am happily "unsubscribing" old accounts all the time.
I would be overjoyed if the spammers would add them to their "legitimate" account list.
It makes it easier to tell the "good" companies from the spammers. A "good" company will NOT be sending email to those addresses. Particularly more than one of those addresses. So, one of the spammer checks is whether that IP address has attempted to send email to 3 or more of the spam trap addresses. If it has, blacklist it.
He only sends messages to stuff that appears just a little spammy, not to everything. A couple messages a week, never more than one to the same address, isn't spam.
Nerd rage is the funniest rage.
Sure, doctors should be running their own BSD servers with sendmail. Really, I would hope they spend more time working on medicine than on Internet services.
That said, there is a problem with AOL blocking mail. Their users have to live with it. Kind of like building a moat around your home to keep out salesmen & Mormons. It'll also keep out UPS & Fedex with your latest Amazon order.
I'm using gmail. Every now and then I check in just in case, but, I have seen one, maybe two items which were ever mislabled, and that was a long time ago. I haven't seen anything like that since. It used to let a few spam mails slip through into my normal e-mail (namely those e-mails titled things like "You left your jacket at the meeting last night" which might work better if I had attended a meeting or worn a jacket the day before...) I haven't seen any of those in my inbox in a long time either. The fact is, until they decide to change something, the gmail service seems to actually be doing a pretty decent job for me.
I use Sendmail and Spamassassin on my server, but my big spam killer is spamassassin - I have been able to configure the spamassasin files to where I get Zero spam!
I'm going to check out Postgrey though, never heard of it tell now.
those penny stock spams are about the hardest to catch because they don't have any call to action link. Every other spam you get has some call to action -- click here to _____________. Ultimately, after you decode the crap out of it, that link has to work. Follow the links and you find out what's spam. Crawlers are good for that. The penny stock scams though, have no link. The call to action is for you to call your broker. Try picking stock ticker symbols out of email some time. gack.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
> When I get a message with a moderate probability of being spam, my
> spam blocker sends a message back requesting that the sender confirm the
> message. Works great. Those few legitimate senders stuck on a
> problematic server can still get their messages to me and so far no
> spammer has attempted to bypass it.
Well thank you so much!
Since the lowlifes started forging "from" addresses using my domain, I am getting several such "confirmation" messages every day. And while my spam filter is doing its job pretty well, I have not found a way to filter out your smug verifications without getting rid of the legitimate ones.
So, thanks to people like you, I get 5 times more verification requests than actual spam.
You better hope that there is no higher power because if there is, and it decides to grant my wishes just when I get yet another verification, you'll have a bit of a problem removing that sequoia from your rear orifice.
Well, I can't speak for "people like me" but I can tell you that I only challenge borderline messages. Anything that's clearly legit or clearly spam gets delivered or routed to the bit bucket respectively.
I would also suggest that someone who wished you grief could just as easily send forged messages to any of the many thousands of autoresponders out there.
Perhaps you should reserve your ire for the folks who forged your address in the first place... After all that's actually illegal now. You can pursue them in court.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Our work email suffers from a persistant deluge of spam. Probably about 100 spam messages per legitimate message. There's only one address for the office, and my boss has unfortunately used it periodically for online shopping, posted it publicly on the website, etc. He's not very internet-smart. The upshot of this is that the spam is terrible, and the employee who handles the incoming email isn't skilled enough to handle a client-side antispam system.
We have Spam Assassin on the email server. Or I should say, our ISP does. Unfortunately, all we can do as far as configuration is changing the threshhold level. We have no access to the actual rules. Even though Spam Assassin would be capable of working better in our situation--for example, no email containing sexual terms is *ever* going to be a legitimate email to this account, but the rule still doesn't give enough points by itself to mark as spam without a ridiculously low threshhold. And the 'training' option we're given seems to have no effect. In the end, it's better than nothing, but still results in an employee having to spend valuable time checking and deleting spam.
If ISPs gave more control over this to the users, the users could define what's spam for *them*, instead of it being one definition of spam for everyone. A loan officer at a bank might legitiately get emails about loans, but the same key words in my email mean spam. Signals of spam for a business account might mark normal, everyday personal email. My ISP can't know my email as well as I do, so I should be the one to do the configuration.
I admit this is shemelessly offtopic, but the thread might contain some Informative, so off we go.
I'm in a seminar on unsure knowledge (or however the title would be translated best). One example of a way of evalutaing such knowledge would be Bayes' theorem, on the practical application of which I am to give a presentation. I immediately thought of spam filters, which employ exactly that theorem and ow I'm looking for information on how any particular spam filter works.
Because I'm lazy and the story kinda fits and I figure it might be informative for someone else as well if someone in the know posts an explanation of a spam filter's inner workings I ask Slashdot first: How does Thunderbird/SpamAssassin/a similar program employ Bayes to handle spam?
And no, contrary to the cliché the answers don't have to be here by monday. I'm actually smart enough to ask random strangers well in advance of the deadline.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Uh, why are you calling it "double opt-in" if you aren't a spammer? Everyone else calls it confirmed opt-in, because only a spammer would think "someone gave me your address == you opted in".
Cohn said ISPs would better serve users by quarantining suspect spam messages in special mailboxes. That way, recipients would have the option of checking for false positives. If an ISP does block an e-mail, she says the sender and recipient should be notified and told why.
This is bullshit on so many levels
a) If you return it to the sender, what your'e gonna do is flood some poor schmuck who's email address was picked as random as the "sender" of the email, and really, REALLY piss off the mail server admin for that particular domain.
b) How is it better that instead of me just hitting the del key for spam email that DOES get through, I - as the user - would now have to click on the link in the notice, hit delete to delete the spam email I'm being notified about, and then click delete on the notice itself?
Now, let's assume that 2/3 of all email IS spam (an estimate used in the article) a) You just tripled the amount of disk space the ISP needs on it's mail servers.
b) You just greatly increased the amount of bandwidth the ISP has to dedicate for email. If they don't block, they accept - more bandwidth. Then they send you the notice that it's there in quarrentine - more bandwidth. Then you have to download and read the email - More bandwidth. THen you have to go to that inbox, and delete the email. More bandwidth.
Methinks the fumes that guy's smelling from having his head stuck so far up his arse is affecting is brain function.
w00t
It's not pretty reasonable.
You could choose to read each moderate-probability message yourself to
decide whether it's spam. Instead, you choose to shift the cost to
other persons by auto-replying to the sender address (which we all
know is probably forged).
1 of 30 replies reaches a human. This is unsolicited junk mail from
you, and essentially never has any benefit to the recipient. The other
29 consume some server resources at the domain of the forged sender,
which adds up to a substantial problem when the domain is forged
thousands or millions of times.
There are three reasonable choices for your moderate-probability
messages: read them, ignore them, or automatically delete them.
At least that is my experience. The false positives I get are all English language ham, while the false negatives I get are all Danish language spam.
Basically, it seems like I have taught bogofilter my contact list, plus how to distinguish English from Danish.
I haven't noticed any false positives or negatives in other languages.
Whenever I see such a statement I have to surpress an urge to insert a procmail rule to forward all my spam to them.
At the time when I finally gave up and added Baysian filtering, I spend over half an hour every morning "deleting unwanted mail", and didn't read mail during the day. My manual deletion had more false positives than the Baysian filter, it is hard to keep focus when you have to delete 100's of spams for every ham.
An ISP will obviously try optimize the three factors for maximal profit:
1) The amount of money they lose due to customers who flee because of too many false negatives in the spam filter.
2) The amount of money they lose due to customers who flee because of too many false positives in the spam filter.
3) The amount of money they put into developing spam filters.
The marketplace will determine who does the best job.
It really doesn't seem to a task for a supposedly freedom oriented organization such as the EFF, but they always had a strange standpoint when spam is involved. Early on, they questioned peoples right to decide for themselves whether or not they wanted to accept mail from open mail relays on their own servers.
This is a major problem for a lot of businesses. My own company's emails (a fortune 100 company) are blocked by many ISPs. We send these emails to notify business partners and customers of their order statuses for instance. These are completely legit. However, Microsoft for instance blocks all email from our company's domains. If we send an email to Microsoft for tech support, they won't get it! We'll be using this little fact in our next contract negotiations. There are so many ISP's that there is no way to keep up with all of them to get our domains unblocked. It is a losing battle.
Therefore, we're going to have to start using other technologies than email for business notifications, such as secured RSS feeds and Portals.
Anyone have other ideas of technologies that can serve the purpose?
I confirm this. My current antispam pipeline is: - reverse lookup/HELO checks - spamcop.net blacklist - autowhitelists (p2pwl) - greylisting (postgrey) - spamassassin I see NO spam at my inbox; once a day I get spamassassin-marked spam mail to my Junk folder (i.e. spamassassin deals with 1 spam message a day; everything else is rejected even before content analysis). Shortcomings are minor. I am aware of no lost e-mails; greylisting delays occur relatively rare.