Are Spam Blockers Too Strict? 226
Myrte writes "Wired.com has a long piece on whether spam blockers are blocking wanted messages." From the article: "For years, e-mail users complained that torrents of unwanted messages clogged their inboxes and crimped their productivity. Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages. AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem."
I don't understand (Score:4, Insightful)
Not trying to put out famebait but... (Score:2, Insightful)
Not trying to put out a flame but really guys...
It's not that they're too strict (Score:5, Insightful)
How is this a "gray area" (Score:5, Insightful)
It's like inviting someone to a party & you agree that they can bring their "affiliates" along. Your invitee shows up with 20 strangers & whoever you have working the door says "I don't know all these people, they aren't allowed in."
The solution isn't to cry about the "gray" area, it's to explicitly tell people who the fark these affiliates are & what they'll be sending.
Confirmation challenge (Score:5, Insightful)
The only time it doesn't work is when the sender's spam blocker dumps the confirmation request or when the sender doesn't understand what to do.
Don't send mass e-mails (Score:5, Insightful)
Yes and no (Score:5, Insightful)
If a user has signed up for a mailing list, and doesn't get what they asked for, then that's a false positive, no matter how commercial the mailing list. And this does happen. So in that respect, spam blockers are too strict.
But on the other hand, I fish out a few false positives from my spam dump every month and look to see why they were blocked. In most of the cases, it's because the mailing list operator is doing something dumb. For instance, the last false positive I received - for a legitimate, informative mailing list I deliberately signed up for - triggered my spam filter because of forged headers, two counts of malformed headers, and every other line was in all caps.
The reason why they were caught out was because they used what appears to be a mass mailer designed for sleazy purposes, and they didn't bother with any QA.
Anybody who is running a mailing list should follow a few simple rules:
That's what I consider to be common sense, but apparently common sense is hard to come by these days.
Re:Don't send mass e-mails (Score:3, Insightful)
In general, if people want something, they will seek it out for themselves.
People don't want or need to be advertised at in any way via any means. This applies to companies trying to sell products or services, religions trying to amass followers, or political activists trying to rally voters. It's all BS.
If I want something, I'll go seek it out for myself. Leave me the hell alone. It's not your place to constantly bother me.
SMTP is brain dead and should have never been used (Score:3, Insightful)
Then, we get a bunch of techno-idiots like the US Congress to legislate email relationships, miserably, contributing further to the problem.
The real solution? Simple blockage. Route the bastards to 127.0.0.1. Force authentication of the address and its owner before it can go out of the blocked ACLs. And if it happens again, shunt the address to a different CIDR block. Or re-write SMTP. That's all that's going to work. Nothing is foolproof because fools are so ingenious. Never underestimate the power of a hacker, and locks keep your friends out, your enemies have pick tools.
Re:Not a chance (Score:3, Insightful)
--jeffk++
Should be a given (Score:2, Insightful)
I am not opposed to some degree of flagging an alleged spam message, but to discard it without the end user knowing about it is where issues begin to arise. By flagging a message, the end user is able to use their own discretion to determine whether a message is a spam message and they can do whatever they want with those messages.
This isn't to say that RBLs and spamlists are a bad idea, just if you implement one of these, then be prepared for some type of backlash. Perhaps in some cases an RBL is necessary, but to think that using an RBL you are going to stop all spam and all of your clients are going to be happy, that's just wrong.
Re:It's not that they're too strict (Score:5, Insightful)
People say this from time to time, but they conclude that its still best the way it is. I value mailing lists, and making people pay or whatever proposed mechanism there is simply does not cut it.
I get spam sent via email. I get spam in my snail mailbox. I get spam on my fax machine. I get spammed by cold calls from sales drones/marketers. I've never had this happen (yet), but I've seen someone's phone get spammed with hundreds of porn text messages over a 10 or 15 minute time period. The user was initially billed for the porn spams and had to call the phone company to get them taken off of there bill.
It just seems as though open communication is just going to be subject to spam. Don't want it? Use your own private network to communicate.
Re:SMTP is brain dead and should have never been u (Score:3, Insightful)
This would be so trivial to bust thru and automate it isn't funny. What happens to zombie machines? They can authenticate fine, so slip right by this problem. Instead of sending thousands of messages as fast as possible, use thousands of zombies and send just and handful messages each. You'll never trip the thresholds for volume and the spam will be buried in among the legitimate e-mail sent by that user.
Authentication is not a solution.
Re:I don't understand (Score:3, Insightful)
That's an invalid assumption.
People sign up for newsletters. There are 300,000+ who've subscribed to ServerSide, for example (mostly Java developers). That's mass e-mailing.
Re:It's not that they're too strict (Score:3, Insightful)
One word (Score:2, Insightful)
Teach the users how to do this, and let the whiners kill themselves with angst.
Oh please (Score:3, Insightful)
If I want something, I'll go seek it out for myself. Leave me the hell alone. It's not your place to constantly bother me.
In general, if people want something, they will seek it out for themselves.
Look, I'm with you. I hate this stuff as much as you. It's usually even a nice safe rant for a few insightful mods, but yours is practically a troll.
I can assure you that there are quite a few hundred thousand consumers out there who do not share our outlook on this subject, who become very hostile when you fail to keep them informed of important information, and who couldn't set up an RSS reader if their lives depended on it.
Sorry, I'd love to live in that fantasy world, but you have to face that it's just not reflective of reality.
Re:Confirmation challenge (Score:3, Insightful)
SILENT spam-blocking is the worst kind (Score:3, Insightful)
AOL is rumored to do most of its spam-blocking without notification to the sender or recipient, and that's a big problem and they're hardly alone in this behaviour.
If there's anything broken about SMTP's handling of spam, it's that you sometimes don't decide that a message is spam until after you've accepted it, so it's hard to provide synchronous notification in case it wasn't spam. (SMTP milters let you look at the message body and run it through spam filters before accepting the message if you want to do that, but a message might already be sitting in the recipient's mailbox before you figure out that 1000 of your users have received identical mail and 99 of the first 100 users that read it marked it as spam.)
Re:Confirmation challenge -- Thank you so much! (Score:4, Insightful)
> When I get a message with a moderate probability of being spam, my
> spam blocker sends a message back requesting that the sender confirm the
> message. Works great. Those few legitimate senders stuck on a
> problematic server can still get their messages to me and so far no
> spammer has attempted to bypass it.
Well thank you so much!
Since the lowlifes started forging "from" addresses using my domain, I am getting several such "confirmation" messages every day. And while my spam filter is doing its job pretty well, I have not found a way to filter out your smug verifications without getting rid of the legitimate ones.
So, thanks to people like you, I get 5 times more verification requests than actual spam.
You better hope that there is no higher power because if there is, and it decides to grant my wishes just when I get yet another verification, you'll have a bit of a problem removing that sequoia from your rear orifice.
Re:Spam blockers ruined my life. (Score:2, Insightful)