Are Spam Blockers Too Strict?

Myrte writes "Wired.com has a long piece on whether spam blockers are blocking wanted messages." From the article: "For years, e-mail users complained that torrents of unwanted messages clogged their inboxes and crimped their productivity. Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages. AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem."

I'd like it if my spam filter could "mod up"...

[VMaN]

I'd like it if my spam filter could "mod up" non english email.

most of my email correspondance isn't in english, while most of my spam is in english... I've instructed my dad to delete ANY mail with an english subject if he doesn't know the sender before opening it, and that seems to work out fine, english is his 3rd/4th language and only has 2 contacts using it. If something is important enough, he'll get at call about it :) (this probably wouldn't fly at work, but for his personal email it's fine)

Yes

[aftk2]

My experience, though, is that it isn't the spam catching software that works with typical desktop email applications like Apple's Mail, Entourage, Thunderbird or Outlook that's too strict (sometimes far from it, especially w/regards to Entourage); it's the spam catching software used by Webmail providers like Hotmail and Yahoo's Mail.

I know it's in their best interest to flag as much stuff as Bulk Mail as possible (which can then be filtered into a bulk mailbox, and removed automatically after 30 days), but until I recently switched hosts, everything I was sending to Yahoo or Hotmail was going into the Bulk Folder. Now, I think this may have been due to my hosting provider, but all the tests I ran seemed to indicate that they weren't on any blacklists, or anything like that.

I even took the time to implement SPF records for my domains. This had a noticeable effect in GMail, which actually adds a header to incoming mail stating whether an SPF record was found and followed; it had no effect in Hotmail, however, which is maddening, since it's Microsoft's stupid initiative!

I don't know what the answer is, but we're not there yet.

Re:Not a chance

[CastrTroy]

I use spam assassin, and I found it only blocked stuff that was actually spam. I set it to 4, and it still let things like marketing emails from Nintendo and Sony though (I like being on the mailing list), and other newsletters I subscribed to. It rarely if ever blocks anything that I want to see. It's very good at blocking stuff that I didn't want to see. I don't really see a problem with spam blockers. And I had mine set pretty low.

Re:I don't understand

[hackstraw]

I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.

I don't either that is why I use http://www.spamgourmet.com/ and create a new account for every online purchase.

From the FA, "False positives have been a problem with e-mail marketing for a very long time".

I run a small mail server, use SpamAssassin, and I check for false positives periodically, and the only thing close to false positives that I get are marketing mails, and I don't care (nor do my users).

When I look at these mails, they suck. They often use known spam mass mailers. They are very close to spam, and its not a loss in my eye to have them quarantined with the V1agra mails as well.

I also go through my snail mail beside a trashcan and put all of the mass mail marketing junk in the trashcan without opening it.

These guys already have a much lower than 1% success rate with mass snail mail and email. I don't care if their success rate is another 10% lower than it is already.

I am not required to buy stuff from anybody. Also, there is no requirement for a business to make money. Businesses fail every day. So be it.

I'd like to see stats

[secondbase]

They say, "List operators, marketers, and email users complain spam filters are too strict." I'll bet 99% of marketers, 90% of list operators (not the 10% that are legitimate), and 1% of users think it's too strict.

Block and tackle

[Billosaur]

Listen, when you go to your snail-mailbox and get the mail, you can pretty much tell which mail is good and which is junk, right? I mean, it's easy to tell letters and cards from family members and friends from bills and unsolicited junk. It's easy because there's a physical form of recognition taking place.

Email is tougher, because in most cases all you have to go by is a sender's email address/identifier and the subject line. Now I don't knwo if you've looked at those two things closely, but it's usually easy to tell when the email is spam (how many freinds do have named Lemon T. Viceroy?). Now, as reported, phishers are getting more sophisticated and they are making much more convincing emails that are tricking people into believing the email is from their bank. They's be able to save themselves some time and frustration by checking the email address vs. a legit email they've received from the bank.

I think blocking has to start at the user end. You have to put up a wall and say that only these addresses are legit and anything else is suspect. You dump suspect emails into a separate folder and peruse it for emails that are actually legitimate, and add a pass-through for them to your wall. It requires maintenance and vigilance, and cooperation from banks, credit card companies, etc., who have to make sure you know what legitimate addresses they will send emails to you with. Any left over emails you fire back to the senders and alert your ISP

Putting the responsibility for screening mail on the user is problematic, but it's certainly a lot more efficient than having to listen to complaints about legitimate mail getting blocked constantly. I do this very thing constantly with my personal account and by using my ISP's spam filter, I'm doing a pretty good job of screening out the crap. By alerting my ISP of definite frauds, I'm hopefully making things easier for others. Of course, you have to make this system easy to use, or users will get frustrated and it won't work properly.

Maybe snail mail isn't dead yet for a reason.

Spammers can use mail fiters as weapons

[WebCowboy]

The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.

Your argument makes sense but there is more to it than that. Spammers are starting to catch on that their techniques to thwart mail filters can be used to manipulate those filters to block other people's emails. THAT is still pretty inceniary. Let me explain what I mean:

Some time ago I signed onto the "bluesecurity" website as I was intereste in their counter-spam efforts. As we all know here on /. a top-tier spammer was aggravated by their efforts and managed to get a list of addresses for those who signed onto bluesecurity. I just checked the "junk box" on my email server and have found that in the past 12 hours there have been about 50 emails entitled "bluesecurity.com" with a body containing the WHOIS record for their domain. Apparently, the spammers are already striking back with a vengeance.

Besides annoying the heck out of those unfortunate enough to be on the target list, the thought came to me that this could be a crude attempt to train email filters to block out any (legitimate) correspondence affiliated with bluesecurity.com. I think we're going to see a lot more of this in the future: Spammers for whatever reason select a victim (anti-spam organisations, Microsoft, Symantec, etc) and start sending out massive spams that either repeatedly mention the victim's name, website address domain, etc, or are crafted to look like legitimate correspondence from the victim. The scummy vermin that send out the spam are the same types that go on phishing expeditions so they've had practice imitating others.

Since so many people run email filters, once these filters intercept and mark those messages as spam then legitimate email from their victims are more likely to be blocked as spam. That's all I need is for a spammer to send a few dozen emails that look like Microsoft correspondence, only to have the email filter get trained to filter out REAL email from Microsoft about my MSDN subscription for example.

Re:I don't understand

[pla]

Does it mean the likes of Amazon? If so they too may continue to cry. I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.

Although I agree with you in general (I get far too many advertisements from companies with whom I may once-upon-a-time have chosen to do business)... Believe it or not, I get no spam from Amazon. None. Not a bit.

They send me order confirmations and shipping notifications (which may include a few brief text blurbs that would count as an ad), but nothing else. I place an order, I get four or five assorted confirmations of the progress of the order, then I don't hear from them until next time I place an order.

Perhaps that explains why I've ordered from them more than once. ;-)

Re:Confirmation challenge

[ElderKorean]

...The only time it doesn't work is when the sender's spam blocker dumps the confirmation request or when the sender doesn't understand what to do.

There is another time when they fail.

I went away last weekend. The last thing that I did before I left on Friday was to send off to my church the files required for the Sunday services seeing as I wouldn't be there.

When I returned from on Tuesday there was the e-mail requesting confirmation before it would forward the messages...

I had sent the e-mail....and didn't know that there needed to be anything else done.