Slashdot Mirror
Yahoo Blocks Venerable Email List Over False Positives
RomulusNR writes "Yahoo has stopped delivering This Is True, Randy Cassingham's 14-year-old mailing list, because too many Yahoo readers have mistakenly or carelessly flagged it as spam. Yahoo readers make up over 10% of True's readership, slashing the ad revenue that keeps it going. And Yahoo doesn't negotiate with spammers. As Randy describes it: 'The yahoos... ask to be put on True's distribution, then confirm that request, and... then click the "This is Spam" button when they don't recognize the mailing or simply don't want it anymore. Yes, those yahoos have screwed thousands upon thousands of others who really do want my newsletter. Too bad: Yahoo is listening to the yahoos instead: they're blocking it. To them, we're "spammers" and no protestations from "spammers" count.' The irony is that This is True is one of the first profitable mailing lists, predating Yahoo! Mail by almost three years."
I'm all the time clicking "this is spam" on stuff that Yahoo sends to my yahoo account, but I still get it. What's up with that?
The person being hurt is the mailing list owner, who isn't a customer of Yahoo. The Yahoo subscribers, who marked it as spam will be quite happy, they're no longer receiving this email they forgot subscribing to. The remaining Yahoo subscribers may or may not notice they ceased receiving it. Many will assume that the mailing list has closed all together.
So I don't see any market pressure to force Yahoo's hand. Other than what little publicity the mailing list owner can generate.
the REAL story here is ... "How do I poison the yahoo spam list to ignore email from large, legitimate companies?" ... because it seems to be working well by accident. Maybe someone could monetize this? (Of course, that makes it a denial of service attack, and probably not legal... but...)
Umm... no.
I get a lot "to unsubscribe, mail to blah@blub..." spam. The reason is simple, when you do unsubscribe from the spam list, they know it's a valid and still active mail address.
You have no idea how much that increases your value as a spam target!
So when spamfilters automatically write to some unsub address instead of flagging something as spam, be prepared to be flooded with spam.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
When somebody subscribes to one of my mailing lists, and confirms, we need a token from the mailbox provider which, when included on an incoming email means that the email is NEVER spam. Spam reports get converted into unsubscribe requests.
But there's no standard for this.
Don't piss off The Angry Economist
Spam filtering is a problem for all mailing lists. Simple solution: use newsfeeds instead.
.
Why can gmail (my new free email provider) do such a better job than Yahoo did?
Huh? It's an OPT IN MAILING LIST, with a very deliberate signup process, you can't inadvertently or accidentally sign up. You have an interesting definition of what spam is, well not so much interesting as stupid.
most of them think it's a way of unsubscribing from a list.
Causes blacklisting for domains and hosting companies. I had a guy who forwarded his email address to an external address, then clicked on "This is spam" for every message. My IP was in the header so I got blacklisted. I had to scare the shit out of him to get him to stop "now that I've warned you, if you continue, I'll sue and take your house." Needless to say the customer did not renew, saved me the trouble of TOSsing him.
Isn't Yahoo in an ideal position to make this sort of probing useless? Just redirect all non-existent traffic with an unsubscribe header to a daemon that requests to be unsubscribed... then if you keep getting mail, you either ignore it or you use it, since you have the largest pool of honeypot email addresses on the planet.
Likewise they could in theory hit unsubscribe on behalf of their customers and then grab the resultant traffic. Of course, this is more open to attack, as the attacker can just switch email addresses. But if you're also unsubscribing all non-existent traffic, I'd say this will actually begin to get a lot more expensive for the would-be spammer than Yahoo, and the spammer would just stop trying to brute-force Yahoo.
I gave up on Yahoo several months ago after an unknown person hijacked my account and changed the password. I don't log in from other computers, I only log in from the Mac in my bedroom, so it's not like I was creating a risk. I was paying Yahoo for a personalized "business" email address, yet it took three hours of phone calls, several emails and over three days to get them to turn my account back over to me. At one point, they told me they could not verify my identity with my name, phone number, mailing address and the credit card number they were billing. They said they couldn't unlock the account without me telling them what my security question was (which I chose 10 years ago), and the answer to that question. I told them, "that's not how security questions work. You ask me the security question and unlock my account when I provide the correct answer." When I finally did get back into my account, I discovered the hijacker had been contacting women through Yahoo personals posing as me, and in some cases telling them to "reply to my other Yahoo address." There were a few different addresses he was pointing people to. I notified Yahoo about this and asked them to investigate the fraud, and they told me it wasn't a priority for them. I migrated everything important to Google, and called Yahoo to cancel my account and transfer my personalized domain, but after hours of waiting on the phone, again, and again, they tell me they don't have the ability to release my domain. It's like dealing with a car salesman. As the company fails, it resorts to shadier practices to hold onto what it has, like AOL before it.
An unsubscribe process takes more clicks then hitting 'mark as spam'. That's all the reason people need to use the spam button. Can you honestly say you've never done it?
Um, yes, actually. I'm kind of shocked that you even consider it a valid option. Does it not occur to you that this has the potential to impact other people, too? I mean, I can be as lazy as the next person sometimes, but how hard is a couple fucking clicks of a mouse?
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
I wish we had some widespread way of verifying a mailing list subscription, or cessation thereof.
Don't RSS feeds accomplish this because people can subscribe and unsubscribe at will? I'm on the mailing list of several missionaries from my church but would much prefer them to just open a blog and let me subscribe via RSS instead of sending me emails. Easier for me (fewer emails to check), easier for them (no need to maintain a large database of contacts & email addresses, many of which are probably out of date.) With RSS feeds, nothing is ever out of date and you can be sure everyone that is supposed to be getting your content actually is getting your content. I guess the only disadvantage of RSS feeds is that one has to be reasonably technologically savvy to even know what they are, let alone use them.
Its = possessive. It's = "it is"
As someone who's been on Randy's list for 10+ years, I can tell you it's easier to remove yourself from his list than anything else. It's literally just one click to unsubscribe.
In fact, it's easier to get off his list than it is to get on.
Some people do pay for the upgraded "Premium" This is True, and those people are not getting a paid-for-service.
What if yahoo decided that announcements from /. were spam? What if you were a subscriber?
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Bulk mail is still spam, even if it's "wanted"
Actually, no it isn't. Unsolicited mail is spam, a mailing list you consciously signed up for isn't. Just because you're too lazy to properly unsubscribe and thus reach for the 'This Is Spam' button to make it disappear doesn't make it spam.
Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
I want my spam filter to be accurate. I would not mark something "spam" if it were not actually spam - and certainly not if it were from a mailing list I deliberately subscribed to.
That's a terrible idea, and the fact that people do it irritates me. I'm sure it's the reason Google's spam filter is not as accurate as it used to be.
The irony is that This is True is one of the first profitable mailing lists, predating Yahoo! Mail by almost three years.
What's ironic about it?
[rhetorical question to highlight "irony" word abuse]
Sometimes it's best to just let stupid people be stupid.
I stopped using Yahoo about 4-5 years ago because of problems with inbox delivery. After many tests, their mail servers would respond that the message was Sent when in fact it was never delivered. I've tested it about 20-30 times since then and have the same issues. Even if you send mail from supposedly vanity domains like Gmail.com, the mail still never gets delivered. Yahoo has had problems before with the profiles.yahoo.com site getting infiltrated by spammers about 5-7 years ago, a problem they never solved. It seems like the problems don't go away -- they only get worse. This story is just one example.
I run a relatively small (2,000 subscribers) email discussion list for hardware store owners. I'm signed up as a mailing list provider with AOL's mail system, and I receive notifications when subscribers submit my list messages as spam. Apparently AOL's DELETE and REPORT AS SPAM buttons are relatively close together, though I can't verify this. I do know that I get notifications from AOL that a user has reported a message as spam, and when I contact the user they tell me it was a mistake and they didn't realize they had reported the message as spam.
My guess is that you have to reach a fairly high "critical mass" of spam reports before AOL will actually take action and block list messages. I've never had my list blocked by AOL (or Yahoo for that matter) so the occasional erroneous report doesn't seem to have much effect.
I wonder if Yahoo has a similar program for mailing list admins?
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
I agree that people shouldn't mark as spam things they voluntarily signed up for (unless attempts to remove oneself from the list fail).
However, I think this also points out a way in which email could be made better. There should really be a standardized way to unsubscribe from mailing lists, so that every mail client automatically shows an "unsubscribe" button inside any mailing list email. The problem with current unsubscribe methods is that they require too much effort (even clicking a few links is "too much effort" in comparison to the "spam" button... moreover many sites make you go through numerous confusing web-forms). Also, an integrated "unsubscribe" button in an email client would send the "please unsubscribe" signal, and simultaneously add the address to a personal blacklist (but not add it to the spam detection list).
If you make it easy for people to use, then they will. The present problem arises largely from people's laziness. But you can't prevent people from being lazy, so instead the tools should adapt to people's common usage.
If the site was so bad that you only visited it once, why did you give them your friggin' email address?
They didn't just grab it out of thin air, you know. You're the one that went through their registration process and agreed to their terms of service, in which case any email they sent to you WASN'T unsolicited and WASN'T spam.
In short, you're one of the idiots who're causing all of the problems. Just click the "unsubscribe" link at the bottom of the email next time.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
You gave them their e-mail addresss. They disclose how they will use your e-mail address if you provide it.
The messages are solicited.
Unsolicited is not a codename for anything I don't want.
Unsolicited means they found you and contacted you without you directly providing them with your contact information to 'subscribe' or as part of a business transaction.
Generally, solicited messages cannot be considered spam, except under extreme circumstances.
(Where the contact information is misused to send a massive volume of messages over a short period of time, without permission, for instance)
The reason people don't use the unsubscribe link is due to trust. Do you trust a spammer? Why would you when they've demonstrated they're untrustworthy. Even if they're not a spammer, you believe they are so the thought process is the same.
You click the Spam button instead. You trust your email provider more than a spammer. That's why.
Camping on quad since 1996.
If something has single click unsubscribe then i'll happily use that.
However too many sites expect that you figure out what username and password you used to sign up and then somehow manage your subscriptions via their website.
If i cant get off a list in under 30 seconds, then i'll spam filter it in google
An unsubscribe process takes more clicks then hitting 'mark as spam'. That's all the reason people need to use the spam button.
BULLSHIT
I get This is True, I have for over a decade now, and on my latest issue there's this tidbit available from one keypress (enter) at the bottom:
Message 4,496 has information associated with it that explains how to participate in an email list. An email list is represented by a single email address that users sharing a common interest can send messages to (known as posting) which are then redistributed to all members of the list (sometimes after review by a moderator).
List participation commands in this message include:
* A method to remove yourself from the list (Unsubscribe).
Select HERE to UNsubscribe.
One more keypress and I'd be unsubscribed. In fact it's easier than reporting it as spam is. People just don't CARE. Or they're just stupid, or perhaps both.
Can you honestly say you've never done it?
Yes I can, I'm not an idiot nor am a lazy asshole. If I can't get a list to unsubscribe me I'll report it, but at that point it IS spam. (And violating the toothless CAN-SPAM act to boot.)
Just because you're lazy and/or stupid doesn't mean most of us are.
From both Yahoo and AOL users: If they don't want something, they just mark it spam, even if they signed up for it.
In fact, we have customers that pay us money every month to send them leads on their inventory, and ever month, we have a few of them (AOL users) mark legitimate inquiries as spam. And they not only asked us to send them to them, they're PAYING US to send them to them!!!
Oh, you're not stuck, you're just unable to let go of the onion rings.
Yea... only if it's 1 guy.
120,000 subscribers probably means 5% paid, 95% unpaid: so a 1 year signup is $24, then 6000 * $24 = $144,000 per year, plus ad revenue, let's use a conservative 2.5% email click-thru and another 2.5% ad CPA (and averaging a 50 cent CPC), 1 email per user per week: 115,000*0.01 = 28,750 clicks * 7,187 * 0.50 ~= $3500 per month (approx), about $186k gross per year. There's probably additional banner click revenue, but his site is sure to be low-volume, negligible profit there.
So.. he's probably pulling about $175-200k a year (give or take, but I'd be surprised if it was more than $250k), but consider you need to subtract ISP costs of about $1k a month, lawyer & accountant fees, advertising costs, which usually runs very high, maybe 30% (conservative since I've seen ad costs up to 50-75%), he's probably clearing $100k to $150k per year. Not much left over to hire a secretary. Very small time operation.
Camping on quad since 1996.
This is fundamentally a Human-Computer Interaction problem. Namely, the button is built to mark mail that is unsolicited advertisement, but is being used to mark any mail that is unwanted.
And it's a truism that in HCI you never blame the user. Not because it's never the user's fault, but because blaming the user is pointless. You can't change the user. You can't make him behave differently. You usually can't even educate him (they never read manuals or help or tooltips or any other form of instructions).
So yeah, you can say that it's the user's fault for using "Mark as Spam" instead of unsubscribing. But the fact is that they're doing it, and they're going to keep on doing it no matter what you say. Blaming them isn't going to fix anything. Instead, Yahoo needs to adapt to this and fix their code so that users who use "Mark as Spam" as a general "unwanted mail" button don't screw up the system.
If you mod me Overrated, you are admitting that you have no penis.
There should really be a standardized way to unsubscribe from mailing lists, so that every mail client automatically shows an "unsubscribe" button inside any mailing list email.
There is, and This is True uses it, it's called the "List-Unsubscribe:" header.
Because you're an ass. I've used the mark spam bit, too, but only for emails for which the unsubscribe link is neither present in the email, nor apparent on the website. In my view, if they obscure or don't even have a way for me to stop receiving emails, they become spam the moment I no longer desire to receive them.
Because I'm also an ass. Although slightly less of one.
Can you be Even More Awesome?!
How the hell can this be considered insightful? When we start blocking legitimate e-mail, people will no longer read their e-mail, and the spammer loses.
The spammer doesn't win anything by you not getting a legitimate e-mail. She wins only if you read and act upon her e-mail.
Yeah, but blaming them makes me feel better.
Some years ago I subscribed to an IBM mailing list, just to see if anything interesting was on it. My subscribe e-mail had a link to the unsubscribe page on a server, all later e-mails didn't. That already isn't a very good way of doing it. Last month I wanted to get rid of it, searched for my first e-mail, followed the link, 404 error. By being so sloppy with their mailing list practices, there is no better way then using the "this is spam" link.
Other example: my Gmail address is apparently very equal to the ones of some philippinan users and I get many subscribe e-mails and invites to mailing list that are popular in that community. Of course I never confirm those things, but in the case of Multiply "Secure and family friendly social networking", I got not only signed up without having to confirm, I also had no way to unsubscribe, and got all of a sudden a lot of e-mail from that multiply user's friends. I had it forwarded to the spambox. Then after a while, I got the mail from the "forgot password" button, and out of curiosity found that I could indeed log in with this. These are pretty amazingly bad internet practices, I contacted the site owner and actually got a reply back, apparently they had deliberately chosen to have users be able to log in for the first few weeks without them having to confirm their e-mail address. Web 2.0: the same mistakes all over again, but with new paint.
molmod.com - computing tips from a molecular modeling