Forgot your password?
typodupeerror

Are Spam Blockers Too Strict? 226

Posted by Zonk
from the unequivocal-no dept.
Myrte writes "Wired.com has a long piece on whether spam blockers are blocking wanted messages." From the article: "For years, e-mail users complained that torrents of unwanted messages clogged their inboxes and crimped their productivity. Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages. AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem."
This discussion has been archived. No new comments can be posted.

Are Spam Blockers Too Strict?

Comments Filter:
  • by Rob T Firefly (844560) on Friday May 05, 2006 @03:25PM (#15272479) Homepage Journal
    Thanks to my damn spam blocker, I've missed out on hundreds of opportunities to accept millions of dollars from Nigerian royalty.
  • web site http://geocities.com/UxiQinsardWalli/ [geocities.com]

    comfortable-looking light, as it might be a fire or torches twinkling.
    When they had looked at it for some while, they fell to arguing. Some
    said no and some said yes. Some said they could but go and see, and
    anything was better than little supper, less breakfast, and wet clothes
    all the night. Others said: These parts are none too well known, and
    are too near the mountains. Travellers seldom come this way now. The old
    maps are no use: things have changed for the wors
  • Norton Antispam (Score:5, Informative)

    by devphaeton (695736) on Friday May 05, 2006 @03:26PM (#15272490)
    The absolute biggest piece of hilarity is Norton Antispam. People rush out and buy it, and install it on their computers. Usually they never do anything in the way of setting it up (just expect it to work magically), but that makes no difference because it continually reconfigures itself on its own whims.

    And then they call and abuse their ISP support personnel for days on end of "I'm not getting any of my damned email!!"

    And it's all right there in their 'Deleted Items' folder. :rolleyes:
  • by Daniel_Staal (609844) <DStaal@usa.net> on Friday May 05, 2006 @03:28PM (#15272514)
    Um, error exists in both directions. Limiting error in one without concern for the other usually increases the other. (Instead of limiting the error you usually shift the range.) This is known.

    What's news here?
  • I don't understand (Score:4, Insightful)

    by linvir (970218) on Friday May 05, 2006 @03:29PM (#15272525)
    it has long borne the brunt of complaints from mass e-mailers over the problem
    Does this mean mailing list owners or something? I associate "mass e-mailer" with "spammer", so my first instinct was "You may continue to cry". So are there other mass e-mailers? Does it mean the likes of Amazon? If so they too may continue to cry. I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.
    • Sure there are. Let's see, from my own inbox, I've got postgresql.org (Postgres mailing list), perl.org (Perl mailing lists), benzedrine.cx (PF mailing list)...

      Anyone who regularly sends email to multiple other people is a 'mass mailer'. I'm on at least a dozen different disscusion or announcement lists that I have signed up for.
    • by hackstraw (262471) *
      I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.

      I don't either that is why I use http://www.spamgourmet.com/ [spamgourmet.com] and create a new account for every online purchase.

      From the FA, "False positives have been a problem with e-mail marketing for a very long time".

      I run a small mail server, use SpamAssassin, and I check for false positives periodically, and the only thing close to false positives that I get are marketing mails, and I don't care (nor do my users).

      When I look
    • by Anonymous Coward
      >> I associate "mass e-mailer" with "spammer"

      That's an invalid assumption.

      People sign up for newsletters. There are 300,000+ who've subscribed to ServerSide, for example (mostly Java developers). That's mass e-mailing.
    • by pla (258480)
      Does it mean the likes of Amazon? If so they too may continue to cry. I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.

      Although I agree with you in general (I get far too many advertisements from companies with whom I may once-upon-a-time have chosen to do business)... Believe it or not, I get no spam from Amazon. None. Not a bit.

      They send me order confirmations and shipping notifications (which may include a few brief text blurbs that would count as an ad),
  • Eh... (Score:3, Informative)

    by vertinox (846076) on Friday May 05, 2006 @03:29PM (#15272531)
    I can't send email from my work place to my free register.com hosted account because I had emailed myself some links to look at while at home. Apparently the spam bot assumed messages with just a subject and links and flagged my work address as spam.

    I couldn't get them to undo the change... But it is a free service and I figured I won't get anywhere if I push it and these days I just send any emails with links to my hotmail account.
    • You never thought of whitelisting your work email address?

      Thats what everyone else does so we can mail links to look at later at home.

      • Unfortunatley free email host acounts with Register.com (the ones you get for just buying a domain from you) have spam protection that you can't turn or or even add a whitelist.

        Trust me. I asked, but they gave me a firm no and told me to have the offending ISP contact them. Gee... Thanks... But I am the... Oh never mind.
    • I just send any emails with links to my hotmail account.

      So, likely, does every other spammer as well.

  • AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem.

    Well, then. You can simply pay a fee if you want to continue that Lord of the Rings Mailing List! (http://www.out-law.com/page-6611)
  • by VMaN (164134) on Friday May 05, 2006 @03:30PM (#15272543) Homepage
    I'd like it if my spam filter could "mod up" non english email.

    most of my email correspondance isn't in english, while most of my spam is in english... I've instructed my dad to delete ANY mail with an english subject if he doesn't know the sender before opening it, and that seems to work out fine, english is his 3rd/4th language and only has 2 contacts using it. If something is important enough, he'll get at call about it :) (this probably wouldn't fly at work, but for his personal email it's fine)

    • You can do it in spamassassin. For example, just add ok_languages ja zh to its local.cf
    • I'd like it to work in reverse, since almost all of my wanted email is in English, and almost all of the non-English --and certainly 100% of the Chinese, Arabic, and, if I recognize the characters right, Thai -- email I receive is unwanted.
    • I would like the exact opposite solution, with the spam filter deleting anything that ISN'T in english. English is my primary and, outside of two years of high-school German, only language. Yet most of the spam messages I recieve are in some strange baltic language.
    • Forbidden
      You don't have permission to access /~wman/ on this server.

      Apache/1.3.33 Server at heima.olivant.fo Port 80
    • I'd like it if my spam filter could "mod up" non english email.

      Get a better spam filter. I highly recommend SpamAssassin. With all the bells and whistles, it can be a little difficult to run on a large site, but people do use it, and most commercial spam filters are based on SpamAssassin.

      SA is point based. There are positive points for spam, and negative points for "ham". SA has bayesian filters, allows custom rules (great for ham rules that are NOT published and available for spammers :), points for UR
  • Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email. It's kind of a stupid question with a "WELL DUH!" answer.

    Not trying to put out a flame but really guys...
    • Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.

      But the spammers are caught in a bit of a catch-22 situation, especially when it comes to distributed spam-blocking tools like Razor [sourceforge.net], DCC [rhyolite.com], etc. If a spam is obviously forged then it's easy to flag as a spam. But alternatively if a spam has non-munged contact information, whether an e-mail
    • by WebCowboy (196209) on Friday May 05, 2006 @05:06PM (#15273412)
      The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.

      Your argument makes sense but there is more to it than that. Spammers are starting to catch on that their techniques to thwart mail filters can be used to manipulate those filters to block other people's emails. THAT is still pretty inceniary. Let me explain what I mean:

      Some time ago I signed onto the "bluesecurity" website as I was intereste in their counter-spam efforts. As we all know here on /. a top-tier spammer was aggravated by their efforts and managed to get a list of addresses for those who signed onto bluesecurity. I just checked the "junk box" on my email server and have found that in the past 12 hours there have been about 50 emails entitled "bluesecurity.com" with a body containing the WHOIS record for their domain. Apparently, the spammers are already striking back with a vengeance.

      Besides annoying the heck out of those unfortunate enough to be on the target list, the thought came to me that this could be a crude attempt to train email filters to block out any (legitimate) correspondence affiliated with bluesecurity.com. I think we're going to see a lot more of this in the future: Spammers for whatever reason select a victim (anti-spam organisations, Microsoft, Symantec, etc) and start sending out massive spams that either repeatedly mention the victim's name, website address domain, etc, or are crafted to look like legitimate correspondence from the victim. The scummy vermin that send out the spam are the same types that go on phishing expeditions so they've had practice imitating others.

      Since so many people run email filters, once these filters intercept and mark those messages as spam then legitimate email from their victims are more likely to be blocked as spam. That's all I need is for a spammer to send a few dozen emails that look like Microsoft correspondence, only to have the email filter get trained to filter out REAL email from Microsoft about my MSDN subscription for example.
  • by Nijika (525558) on Friday May 05, 2006 @03:33PM (#15272569) Homepage Journal
    It's more that SMTP is too broken. The model we use to communicate with each other is sadly too open, given the potential of the technology for automation. The real solution is to extend or replace SMTP completely.
    • by hackstraw (262471) * on Friday May 05, 2006 @03:58PM (#15272855)
      The real solution is to extend or replace SMTP completely.

      People say this from time to time, but they conclude that its still best the way it is. I value mailing lists, and making people pay or whatever proposed mechanism there is simply does not cut it.

      I get spam sent via email. I get spam in my snail mailbox. I get spam on my fax machine. I get spammed by cold calls from sales drones/marketers. I've never had this happen (yet), but I've seen someone's phone get spammed with hundreds of porn text messages over a 10 or 15 minute time period. The user was initially billed for the porn spams and had to call the phone company to get them taken off of there bill.

      It just seems as though open communication is just going to be subject to spam. Don't want it? Use your own private network to communicate.

      • Seems to me its easier just to use domainkeys and senderID. The problem is standardizing. I can't require either one of them because not enough people are compliant. When that changes the spam world will get simpler until a flaw in the mechanism is found which I believe will lead to an encryption war.
        • by Medievalist (16032) on Friday May 05, 2006 @05:51PM (#15273705)
          You meant to say SPF and DKIM [wikipedia.org].

          "senderID" was an unsuccessful non-standard created by Microsoft hijacking SPFv2 with submarine patents [wikipedia.org] and other deceits [iab.org]. Read up on MARID [groklaw.net] and see what I mean. senderID is dead, do not try to implement it, do SPFv1 or domainkeys if you want the current gold standard.

          DKIM is the successor to domainkeys, and it's looking pretty good.

          There is no "easy" involved in crypto, however. If you want "easy" do SPFv1... spoofing prevention with 5 minutes of work by any competent DNS administrator.
      • Pay-to-send schemes do not necessarily create a problem for free mailing lists. I've written about [ath0.com] ways to implement pay-to-send without destroying useful things like mailing lists and without forcing your mother to pay to e-mail you.
      • I get spam sent via email. I get spam in my snail mailbox. I get spam on my fax machine. I get spammed by cold calls from sales drones/marketers.

        Shakespeare got it wrong - The first thing we must do is kill all the marketing department.

    • Email became a reliable tool when everybody pretty much accepted the policy that you either deliver the message or hand a rejection to the sender, or at the very worst case, if you've accepted the mail for delivery and can't deliver it, you send a reject message. That was especially critical for UUCP mail before we had the commerial Internet, but it's still critical today.

      AOL is rumored to do most of its spam-blocking without notification to the sender or recipient, and that's a big problem and they're h

  • Not even if they let you reach through the internet and castrate the spammer. With a spoon. Full of lemon juice. And margarita salt.

  • by TubeSteak (669689) on Friday May 05, 2006 @03:33PM (#15272576) Journal
    A particularly troublesome gray area, Schneider said, involves affiliate marketers. These marketers often send e-mails to people who signed up on a website with whom the affiliate has a marketing agreement. The recipient of the e-mail, however, probably isn't aware of the arrangement and has no idea why they're receiving the message.
    Translation: people are getting e-mails they neither want, nor expected.

    It's like inviting someone to a party & you agree that they can bring their "affiliates" along. Your invitee shows up with 20 strangers & whoever you have working the door says "I don't know all these people, they aren't allowed in."

    The solution isn't to cry about the "gray" area, it's to explicitly tell people who the fark these affiliates are & what they'll be sending.
    • It's like inviting someone to a party & you agree that they can bring their "affiliates" along. Your invitee shows up with 20 strangers & whoever you have working the door says "I don't know all these people, they aren't allowed in."

      This is why I don't invite Linux companies to parties. A significant portion of my spam is coming form "affiliates" of Linux companies. On some days they even outnumber the scammers. I fear the day some Linux company opens shop in Nigeria...
    • they will be treated like responsible businesses.

      Make it easy for me to see that you are you and that you are a responsible citizen.

      1. Only use names that have been signed up with you personally. With double opt in.

      2. Use your own email servers or domain.
      Do not make me wonder if an email is from you if it isn't in an address block that I normally see from you.

      3. Easy and complete removals. By anyone, from anywhere. I'll click a link. I'll even reply to an email. Once. If you haven't removed the address by t
  • by Spazmania (174582) on Friday May 05, 2006 @03:34PM (#15272577) Homepage
    When I get a message with a moderate probability of being spam, my spam blocker sends a message back requesting that the sender confirm the message. Works great. Those few legitimate senders stuck on a problematic server can still get their messages to me and so far no spammer has attempted to bypass it.

    The only time it doesn't work is when the sender's spam blocker dumps the confirmation request or when the sender doesn't understand what to do.
    • Or when you spam all the people spammers use as their forged From addresses.
    • ...The only time it doesn't work is when the sender's spam blocker dumps the confirmation request or when the sender doesn't understand what to do.

      There is another time when they fail.

      I went away last weekend. The last thing that I did before I left on Friday was to send off to my church the files required for the Sunday services seeing as I wouldn't be there.

      When I returned from on Tuesday there was the e-mail requesting confirmation before it would forward the messages...

      I had sent the e-mail....and didn'
    • by alexo (9335) on Friday May 05, 2006 @08:25PM (#15274517) Journal

      > When I get a message with a moderate probability of being spam, my
      > spam blocker sends a message back requesting that the sender confirm the
      > message. Works great. Those few legitimate senders stuck on a
      > problematic server can still get their messages to me and so far no
      > spammer has attempted to bypass it.


      Well thank you so much!

      Since the lowlifes started forging "from" addresses using my domain, I am getting several such "confirmation" messages every day. And while my spam filter is doing its job pretty well, I have not found a way to filter out your smug verifications without getting rid of the legitimate ones.

      So, thanks to people like you, I get 5 times more verification requests than actual spam.

      You better hope that there is no higher power because if there is, and it decides to grant my wishes just when I get yet another verification, you'll have a bit of a problem removing that sequoia from your rear orifice.
  • by iamacat (583406) on Friday May 05, 2006 @03:34PM (#15272578)
    Just like door to door salesmen and tele-marketers, mass e-mailers have ruined their reputation as a group and are no longer effective at what they are trying to do. If you want to keep your customers updated, offer an RSS feed, personalized with their user id if necessary. Times change, deal with it.
    • Your point is actually true in a more general sense.

      In general, if people want something, they will seek it out for themselves.

      People don't want or need to be advertised at in any way via any means. This applies to companies trying to sell products or services, religions trying to amass followers, or political activists trying to rally voters. It's all BS.

      If I want something, I'll go seek it out for myself. Leave me the hell alone. It's not your place to constantly bother me.
      • When you're driving down the road and you get hungry, how do you know there's a BurgerBell on the corner if not for the sign (which is clearly advertising)? What about things you don't know exist, or things that are new? How do you know to "go out and seek" a cool gadget if you've never heard of it before? Or never knew that it was possible to do what that tool does?

        I'm NOT arguing that spam or junk mail is Ok. I'm just trying to point out that not all advertising is bad. Intrusive advertising like telemark
      • Oh please (Score:3, Insightful)

        by dereference (875531)
        Ok, this...

        If I want something, I'll go seek it out for myself. Leave me the hell alone. It's not your place to constantly bother me.

        ...does not imply this...

        In general, if people want something, they will seek it out for themselves.

        ...unless you happen to be the sole embodiment of every consumer in the world. See Hasty Generalization [wikipedia.org] for more details.

        Look, I'm with you. I hate this stuff as much as you. It's usually even a nice safe rant for a few insightful mods, but yours is practically a tr

  • by zlogic (892404)
    Occasionally, Gmail's spam filter places valid mail into Spam - once it was some user's request for an invite, once it was my cellular phone invoice, and once a Dilbert daily strip. So I have to wipe out the spam folder with caution - at least I have to read every subject.
    • Re:Gmail (Score:3, Funny)

      by Carrot007 (37198)
      Sounds like it was working fine to me ;-)

    • The thing about gmails spam filter is that if you have smtp set up, gmail will NOT forward on spam messages. So occaisionally you have to log on to the web interface and double check to see you didn't miss anything important.
  • Yes and no (Score:5, Insightful)

    by Bogtha (906264) on Friday May 05, 2006 @03:38PM (#15272627)

    If a user has signed up for a mailing list, and doesn't get what they asked for, then that's a false positive, no matter how commercial the mailing list. And this does happen. So in that respect, spam blockers are too strict.

    But on the other hand, I fish out a few false positives from my spam dump every month and look to see why they were blocked. In most of the cases, it's because the mailing list operator is doing something dumb. For instance, the last false positive I received - for a legitimate, informative mailing list I deliberately signed up for - triggered my spam filter because of forged headers, two counts of malformed headers, and every other line was in all caps.

    The reason why they were caught out was because they used what appears to be a mass mailer designed for sleazy purposes, and they didn't bother with any QA.

    Anybody who is running a mailing list should follow a few simple rules:

    1. If you outsource, outsource to a reputable company.
    2. If you run the mailing list yourself, use reputable software.
    3. Set up an email account for every popular spam blocker, and include those addresses in your mailing lists. Check those accounts every time you send out an email, to see if you are blocked by any of them.
    4. Never buy email addresses. Ever.

    That's what I consider to be common sense, but apparently common sense is hard to come by these days.

  • Yes (Score:3, Interesting)

    by aftk2 (556992) on Friday May 05, 2006 @03:40PM (#15272650) Homepage Journal
    My experience, though, is that it isn't the spam catching software that works with typical desktop email applications like Apple's Mail, Entourage, Thunderbird or Outlook that's too strict (sometimes far from it, especially w/regards to Entourage); it's the spam catching software used by Webmail providers like Hotmail and Yahoo's Mail.

    I know it's in their best interest to flag as much stuff as Bulk Mail as possible (which can then be filtered into a bulk mailbox, and removed automatically after 30 days), but until I recently switched hosts, everything I was sending to Yahoo or Hotmail was going into the Bulk Folder. Now, I think this may have been due to my hosting provider, but all the tests I ran seemed to indicate that they weren't on any blacklists, or anything like that.

    I even took the time to implement SPF records for my domains. This had a noticeable effect in GMail, which actually adds a header to incoming mail stating whether an SPF record was found and followed; it had no effect in Hotmail, however, which is maddening, since it's Microsoft's stupid initiative!

    I don't know what the answer is, but we're not there yet.
  • accidentally deleting your airline reservations while wilding trying to remove spam from your inbox so you don't MISS the airline reservation mail..

    *sigh*

    what you get for not paying attn to the little box in lower left of the thunderbird window..

  • They're absolutely too strict. I've added myself to Hormel's email notification list countless times, but their messages never get through to me.
  • by postbigbang (761081) on Friday May 05, 2006 @03:43PM (#15272682)
    This is what happens when you don't think forward on protocols. The cure, in the form of hundreds of attempts at everything from Baysien filters to source-IP blockers, seem to always fail. Why? Because SMTP, our mail protocol, is based on telnet, 7-bit ASCII, and easily fudged authentication. Worse, 'thinking' filtration systems use a rules basis that appears to work, but can never work because the rules can change, as any successful spammer knows.

    Then, we get a bunch of techno-idiots like the US Congress to legislate email relationships, miserably, contributing further to the problem.

    The real solution? Simple blockage. Route the bastards to 127.0.0.1. Force authentication of the address and its owner before it can go out of the blocked ACLs. And if it happens again, shunt the address to a different CIDR block. Or re-write SMTP. That's all that's going to work. Nothing is foolproof because fools are so ingenious. Never underestimate the power of a hacker, and locks keep your friends out, your enemies have pick tools.
  • I really have had no issue with any spam blocking stopping legitimate mail in year. When that happened, it was Yahoo! Mail which was blocking legitimate e-mails from friends with overseas e-mail addresses, in particular one ending in .nz, I believe. Otherwise, I really have had no problems, though I do not use commercial/3rd party blockers.

    When I was actually using Outlook '03, I really had no problems except that junk still got through. The problem of junk still getting through happens on Yahoo! occas
  • I used to work for a company that sent emails to medical professionals regarding ongoing clinical drug studies.

    These emails absolutely took "opt-in" to the next level.

    Not only did the doctors opt-in to receive these emails, they had to go through a fairly rigorous screening process to be eligible to receive them. On top of that, it actually would have been highly illegal for us to send these emails to others!

    So, needless to say, the emails weren't spam and were going to modestly-sized email lists of 100-1,000 total recipients, approx 25% of which were AOL users.

    And still, we had countless problems with AOL blocking them. AOL never listened nor responded.
  • and mailing list owners) only one should have any say in whether spam filters are too strict or not. I'll give you two guesses, and to make it easier I'll tell you up front: it ain't marketers or mailing lists.
  • by secondbase (870665)
    They say, "List operators, marketers, and email users complain spam filters are too strict." I'll bet 99% of marketers, 90% of list operators (not the 10% that are legitimate), and 1% of users think it's too strict.
  • Block and tackle (Score:4, Interesting)

    by Billosaur (927319) * <wgrother AT optonline DOT net> on Friday May 05, 2006 @03:56PM (#15272833) Journal

    Listen, when you go to your snail-mailbox and get the mail, you can pretty much tell which mail is good and which is junk, right? I mean, it's easy to tell letters and cards from family members and friends from bills and unsolicited junk. It's easy because there's a physical form of recognition taking place.

    Email is tougher, because in most cases all you have to go by is a sender's email address/identifier and the subject line. Now I don't knwo if you've looked at those two things closely, but it's usually easy to tell when the email is spam (how many freinds do have named Lemon T. Viceroy?). Now, as reported, phishers are getting more sophisticated and they are making much more convincing emails that are tricking people into believing the email is from their bank. They's be able to save themselves some time and frustration by checking the email address vs. a legit email they've received from the bank.

    I think blocking has to start at the user end. You have to put up a wall and say that only these addresses are legit and anything else is suspect. You dump suspect emails into a separate folder and peruse it for emails that are actually legitimate, and add a pass-through for them to your wall. It requires maintenance and vigilance, and cooperation from banks, credit card companies, etc., who have to make sure you know what legitimate addresses they will send emails to you with. Any left over emails you fire back to the senders and alert your ISP

    Putting the responsibility for screening mail on the user is problematic, but it's certainly a lot more efficient than having to listen to complaints about legitimate mail getting blocked constantly. I do this very thing constantly with my personal account and by using my ISP's spam filter, I'm doing a pretty good job of screening out the crap. By alerting my ISP of definite frauds, I'm hopefully making things easier for others. Of course, you have to make this system easy to use, or users will get frustrated and it won't work properly.

    Maybe snail mail isn't dead yet for a reason.

  • Should be a given (Score:2, Insightful)

    by SPaReK (320677)
    This should be a given. If you try to block spam, you are going to block some legitimate messages. Hopefully, your ratio of blocking spam messages against legitimate messages is good, but it will never be perfect. This is due partly because spam itself is subjective. A lot of spam messages can be picked out and determined to be a spam message by 10 out of every 10 people. But for some messages, its not that simple. It's just real subjective. Then you're asking an algorithm to use subjective logic to
  • by Twillerror (536681) on Friday May 05, 2006 @03:56PM (#15272838) Homepage Journal
    OPENSPF.ORG [openspf.org]

    I know this isn't the final answer, but to me it is by far the most responsible and far reaching.

    • No cost. You already have DNS servers for your MX record if you are a valid server.
    • Using DNS means that we already have a great infrastructure.
    • Doesn't stop emails from people like amazon.com if you want them, but adding @amazon.com to your block list is now valid.
    • Faster and more reliable then content filtering.
    • Makes phising a bit harder, as you can no longer send support@citigroup.com.

    Will spammers register real domains, yes. Will they send emails with a fake from address that has at least a valid domain, yes. It makes it just that much harder, and makes it harder to use farms. If the SPF record has a huge subnet then the spam blockers can ignore it, and then put it on a watch list. At least we are adding some level of authentication to the process.

    The cost of SPF is so little, I don't understand why their is not more push for it, and why we can't just give it a shot. I'd rather do that then go thru some authentication process with a company and then pay for some type of certicificate. Lastly, as a programmer I hate when all of the suden we have to do quadruple opt-outs, when the real problem is people sending gobs of rolex adds from their dorm room with or without their knowledge.

    • I am using 3 different domain registration services that include DNS service, All of them offer a method to remotely edit the zone contents.
      None of them offer the possibility to insert TXT records using the remote editor.

      This severly limits the usefullness of SPF.

      I have no idea why TXT records are not supported. Queries about it to the people offering the service either result in no reply or some "we'll put it on the wishlist but it is low priority" (and it still is on the list after two years).
      On one of
      • Have you tried switching to GraniteCanyon to serve your DNS records? Doesn't matter who your registrar is -- just change your nameservers to a proper DNS provider like GraniteCanyon and you can add any valid RR, including a TXT record. See http://soa.granitecanyon.com/ [granitecanyon.com].

        SPF is useful _now_ - I've not been 'joe jobbed' (i.e. someone "borrowing" my domain in forged From: headers since adding SPF). It also makes it much easier to get your mail delivered to AOL users (I have one domain which does have a mailing
  • I've been quite happy with the spam-blocking service that my ISP contracts with (POSTINI), as their filtering service is quite customizable. Whitelisting the few false positives I've seen is very easy to do, even mailing lists.
  • [this message has been filtered by your ISP's anti-spam software]
  • Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages.

    Like I care that these people are upset. Every one of their messages that gets through to me that I've never asked for upsets me, so what goes around, comes around. That fact that they're squawking in pain now is music to my ears.

  • Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages.

    Marketers? Marketers don't have a say in it. They are spammers. If I want their information, I'll assume responsibility for making sure I can receive it. Thank you for your "concern" that I might be missing many valuable opportunities.

  • I use Gmail to check all my accounts. Never had a problem (that I know of...)
  • The whole concept of subscribing to a mailing list is so 1980s. If you wanted the info, you'd subscribe to the RSS feed.

    Of course, marketeers hate this, because it puts control entirely in the hands of the receiver. But it's the way things are going.

  • I think it's the only area of the internet that would greatly benefit from heavy regulation and cooperation between email providers. This whole attitude of allowing anybody to make an email server and fire off whatever the fuck they want has to go, either forever or until we get more international focus on catching and jailing spammers. Imagine if /. or any other similar site or online forum ran the same way, and just let anyone comment anytime in any amount from anywhere.

    I know it'd be tricky to ke
  • One word (Score:2, Insightful)

    by Anonymous Coward
    WHITELIST. If you want it, whitelist it. If you don't have it whitelisted, then the SPAM filter can classify it... If it does it improperly, then tell the filter that it is/isn't spam (as the case may be).

    Teach the users how to do this, and let the whiners kill themselves with angst.
  • Yes, they indeed DO filter many of the legitimate emails - including ones that carry new business proposals, emails from colleagues, or ones coming as a part of an ongoing correspondence thread.

    And you will never know if you have lost the deal or not - youll simply think the party you have contacted were not even interested enough to reply you, or the person you were in contact have simply chose to ignore you.

    And this all comes courtesy of isps, and hosting providers. You pay them to lose your own mon
  • Cohn said ISPs would better serve users by quarantining suspect spam messages in special mailboxes. That way, recipients would have the option of checking for false positives. If an ISP does block an e-mail, she says the sender and recipient should be notified and told why.

    That doesn't do much good in practice. If someone finds they are not getting some email they want, they have to end up checking the spam box, which is often huge. And ISPs end up having to incur the costs (which they pass on to custo

  • Just thought I'd put this out there, since some Qwest cutsomers may not be aware of this.

    About a year ago, my fiancee and I noticed that we were no longer getting e-mail from some of our mailing lists. (For instance, I stopped receiving VersionTracker daily e-mails. She stopped receiving e-mails from various political interest groups and animal welfare groups.) We both have e-mail accounts through Qwest Choice, which provides us with bundled digital cable TV and Internet service all through a single VDSL
  • by hacker (14635) <hacker@gnu-designs.com> on Friday May 05, 2006 @04:35PM (#15273180)

    The solution to all of this, is dspam [nuclearelephant.com], of course.

    We were previously running SpamAssassin for about 4 years with 13 RBLs and blackholes.us, and we were at 90% accuracy or so, and still seeing 10-20 spams slip through per-day.

    I gave dspam a test, and after 3 days, we were already up to 95% accuracy, with ZERO spams slipping through.

    Today, about 3 years later, we're now at 99.726% overall accuracy, again, with ZERO spams slipping through to any user's mailbox. For false-positives, the users can go to the web interface, check the "legit" emails getting incorrectly marked as spam, and have those sent to their mailbox, retrained as HAM. After a user receives 'n' number of messages from a specific address, they're auto-whitelisted.

    dspam blows away anything I've ever used, ever. We're not seeing a single spam in any user's mailbox in 3 years, and we're at about 85% incoming spam per-day with 1 RBL.

  • by kwerle (39371) <kurt@CircleW.org> on Friday May 05, 2006 @04:50PM (#15273295) Homepage Journal
    This is one of the things SPF (http://www.openspf.org/) is meant to end - false positives. One of the problems with SMTP is that you can't build up a reputation by domain because anyone can claim to be you.

    If a verified sender is sending [lots of] unwanted email, they are a spammer and should be blacklisted. Otherwise, verified senders should probably be trusted.

If a thing's worth having, it's worth cheating for. -- W.C. Fields

Working...