To Beat Spam Filters, Look Like A Spammer? 143
Lest you think that spam filters only rarely make mistakes any more, recall the instance in which after I mailed out a group of 10 proxy websites to my own mailing list, the British "anti-spam" outfit Spamhaus blacklisted two of the domains, which caused the registrar (Afilias) to disable all 10 of the domains en masse, so that the sites simply disappeared from the Web. (This happened even though our mailing list is 100% closed-loop confirmed-opt-in; users have to reply to a confirmation message in order to join the list, so the actual emails were not "spam.") It took several days to find out what happened and restore the domains, during which Spamhaus and Afilias refused to answer any of my inquiries, and have to this day not reached out or explained what they're doing to avoid similar screw-ups in the future. And this was just the latest in a long line of headaches caused by spam filters including filters at Hotmail, AOL, Yahoo, and Gmail, which had regularly categorized our emails as "spam" and caused users to miss them.
So when the email deliverability company WhatCounts announced their October 16th webinar on how to avoid having your mails blocked as spam, I watched in real time with some interest. The webinar (which you can view here), was presented by Brad Gurley, the "Director of Deliverability" for WhatCounts, who has worked in the email "deliverability" industry for 10 years. While email deliverability services is one of the products that WhatCounts charges for, the presentation didn't contain any blatant plugs for their own services, so I'm taking the contents at face value. Even if any statements in the webinar happened to be incorrect, it's still safe to assume that the presentation represents mainstream thinking in the email deliverability industry, which will determine what recommendations are made to email senders.
I hasten to add that WhatCounts should not be blamed for any of the recommendations that they made that I'm counting as "eroding privacy"; their job was to answer the question, "What is the best way to make sure my emails don't get blocked as spam?", and they answered it. The fault, if any, should lie with the spam filters which encourage these practices. Furthermore, I'm only saying that the practices encouraged in the webinar are eroding user privacy, not violating it. (If you ask every new subscriber for their name and geographic location, I would call that an "erosion" of privacy if it normalizes the practice of collecting more user data than you need, but it's not a privacy violation as long as the user willingly gives it to you.)
The webinar begins with some recommendations that are actually good netiquette, such as cleaning subscriber lists regularly (removing bouncing addresses), and displaying a prominent "unsubscribe" link for users who want to leave. If you run a newsletter, and good netiquette isn't a compelling enough reason to put an "unsubscribe" link near the top, here is a direct quote from the webinar:
"The Unsubscribe link should be prominently placed within the message body. Unsubscribe links that are hidden or hard-to-find will generate spam complaints from unhappy users who want to unsubscribe. Placing the link in the preheader has been shown to reduce spam complaints in many cases."
That's one reason that every message that I send to my own newsletter, contains this text at the top:
[You are receiving this because you subscribed to the Circumventor distribution list. To unsubscribe from this list, click here: http://www.peacefire.org/circumventor/cv-unsub.html or reply with the word "unsubscribe" in the subject.]
(I give people the option of replying with the word "unsubscribe", even though that creates some hassle for me to process those requests manually, because many of our users are on censored networks and cannot access the unsubscribe link on the peacefire.org website.)
But, on to the less-stellar news: the presentation also says that the key to getting users to keep opening your emails -- and hence to signal to the email providers like Hotmail and Yahoo that your mails are not "spam" — is "engagement." Gurley suggests that senders "tailor mailings to segments of subscribers based on demographic data," including segmenting users based on city or zip code. Nothing sounds wrong with that, except that to "tailor" the mailings based on demographic data, you have to have that demographic data -- i.e. ask users for their age, sex, location, income bracket, or other information at the time that they join the list.
As I said, I don't consider this a violation of privacy if the user gives their information voluntarily, it's just an erosion of privacy, because it normalizes the process of asking users for extra data when there's no clear reason why it's necessary. In the late 1990s, you could join most companies' email lists without providing any more information than an email address; if you were asked for more information, it was for an obvious reason (such as filling out a profile on match.com, or ordering a product to be shipped). The less information about users was stored all in one place, the less opportunity there would be for the company to abuse it, or to be bought out by some other company that would abuse it, or for someone to hack into their servers and steal the information outright.
Our mailing list in particular serves a segment of the population who are particularly privacy-conscious -- they're using our proxy sites to circumvent Internet blocking software, so in almost all cases, just the simple act of being our mailing list could get them in some amount of trouble with somebody (although the severity would vary). So by design, we collect the minimum amount of information -- the email address -- necessary to send new proxy sites to the users. The more information that we asked for, the less likely the user might be to sign up in the first place.
Again, companies are within their right to ask for this information, but I don't think the rest of us newsletter publishers should be penalized for not asking for it.
The presentation goes on to say that email providers such as Hotmail and Yahoo judge whether an email is "spam" based on what proportion of the time users open an email from that sender. As Gurley says, "Give people a reason to open your email and keep opening it." The trouble is that this penalizes email notifications where you can fit all of the relevant content into the subject line -- many of my emails say something like "new Circumventor: badbadger.info", and for most users, that's all they need to see. Some subscribers have specifically said that they always want to see the new proxy site name in the subject line, because they're on a network where they are blocked from accessing their full email inbox, but they can use other webpages to see the subject lines of recently received emails. (For example, Yahoo Mail users might be on network where Yahoo Mail is blocked, but if you're signed in to yahoo.com you can see the subject lines of your last few emails on the www.yahoo.com front page.) If I'm being penalized by spam filters because user's don't open my emails, then obviously that's incentivizing me to do the users a disservice, by putting the proxy site name only in the message body.
(This might be an issue that is highly specific to my particular mailing list, because most people don't run email newsletters where they can fit all of the relevant content into the subject lines. However it's easy to think of other web applications that have a need for subject-only notifications -- Google Calendar sends me an email whenever one of my calendar events is coming up -- and those shouldn't be penalized just because the user never opens them.)
Finally, the presentation suggests that senders unsubscribe any user who hasn't opened the last 50 emails you sent them. This might set off mild alarm bells with tech-savvy readers, who know that the only way to tell if a reader has opened your message, is to embed images into the messages -- and if your newsletter content doesn't lend itself to images, you have to plant a surreptitious "web bug" image into the email, a tiny image that serves no purpose except that if you open the message and the image loads, it tells the sender that the message has been read. (For this reason, if you open an email message that does contain images, most email clients will not display them unless you click "Show images" or something similar -- because otherwise, if images always loaded automatically, spammers could use web bugs to tell who was opening their emails. So in fact, if a user opens your message and doesn't click "Show images", you generally can't tell that they opened your email.)
Again, I would consider web bugs to be an erosion of privacy more than a violation of it, on the order of asking for the user's zip code at the time they join their newsletter -- in both cases, the reason being that you are collecting more information than is strictly necessary for the operation of your mailing list. (In the case of web bugs, the "information" you're collecting is whether the user opened your message or not.)
Some people feel more strongly about it. A recent message posted on MIT's "liberationtech" mailing list had this to say about "web bugs", to a person who was asking about why his newsletter was being blocked:
You do not appear to use web bugs in your mailing list messages. A wise choice: web bugs are malware, they're invasive and abusive, and they actively degrade the security of recipients...which is a pretty crappy way to treat one's audience.
I think this is over the top -- all that a web bug does, is tell the sender whether you opened their message -- but, whether this opinion is valid or not, some people out there feel that way, and using web bugs in your email might piss them off.
Although before you cut loose the users who haven't opened your last 50 emails, Gurley's presentation also suggests trying to win them back with one last message with a "teaser" subject line like "We're saying goodbye...", or "Are we not going to talk to you any more?", or "Are we breaking up?". I hate subject lines like that, whether from spammers or from people I've signed up to get mail from. (Although now that I think about it, I doubt I'm really that mad about the 1 second of my time that they wasted; I think I just resent the fact that even just for that 1 second, they actually had me fooled, and I thought it really was a message from a friend.)
But again, we can't kill the messenger: Brad Gurley's job was to do a presentation on how to get your emails past the spam filters at the major email providers, and if using "come-on" subject lines works, because it gets more users to open your messages, then that's part of the answer. (Remember, this presentation was aimed at opt-in email senders, not spammers.)
So, I don't know that I can do anything differently with my list as a result of the presentation. I think it would be too off-putting to users to ask for their age and zip code, and in any case it wouldn't do any good for all the users who have already signed up. I probably couldn't use web bugs even if I wanted to, because the web bugs would have to load the image from a website, and if the user opened the email from a network where Web access was censored, the network's filter might block the website that the web bug loaded the image from. And for a list with many members who are still in high school, and whose parents might read their email over their shoulder, I don't feel like trying to get their attention by sending them an email with the subject "Are we breaking up?"
The more important takeaway here, though, is that there's no reason to expect the free market to deliver spam filters that are optimal from the user's point of view. In a world where users had perfect information, if Hotmail told their users, "We're going to start flagging the newsletters in your inbox as 'junk mail' unless the sender asks for your zip code when you sign up, and uses teasing subject lines to get you to open the message, and uses web bugs to verify whether you've opened it," their users would likely say, "Screw you, I'm going to Gmail!" (Which many of their users have apparently said anyway.) If this doesn't happen, it's because the vast majority of users don't have enough information for the market in spam filters to function effectively. And thus there's nothing to stop Hotmail and Yahoo from imposing arbitrary conditions on senders through their spam filters, which will lead to more legitimate senders resorting to "come-on" subject lines and web bugs -- ironically, looking more like the spammers they're trying to differentiate themselves from.
What would Bennie do without /.? (Score:5, Insightful)
Get yer own blog, Bennie!
Re: (Score:2, Insightful)
I don't know, but it would probably be less damaging. The world does not benefit from this guy getting a ton of high-visibility options for advertising his militant refusal to even consider trying to comprehend anything about email or spam.
Re: (Score:2)
I think this is over the top -- all that a web bug does, is tell the sender whether you opened their message -- but, whether this opinion is valid or not, some people out there feel that way, and using web bugs in your email might piss them off.
This one, for starters. If the user is sensible and has their client set not to show remote images automatically (most clients don't, by default, anymore), it doesn't do that, and so only increases your spamminess for little return.
And if they DO function, web bugs also:
Re: (Score:2)
This is from the guy that thinks the Fifth Amendment is a bad idea. So I am not terribly surprised that he did not think things through.
Re: (Score:1)
I don't think we should dilute the definition of "spammer" -- it should be reserved for people sending unsolicited email.
Re: (Score:2)
Do you consider all images in email (that are loaded from a remote server, as opposed to being embedded) to be "web bugs"?
Pretty much, because they all leak information to the sender. If said embedding includes any sort of metadata (hash or identifier of the recipient), then absolutely.
By that definition more than half of the newsletters I willingly subscribe to, have "web bugs".
And? That's why just about every mail/webmail client released in the past decade defaults to not showing them.
Images are Web Bugs if senders use them that way (Score:2)
If the sender uses an image in the email to bug the recipient, then it's a web bug. If the sender doesn't keep track of who opens the image, then it's not a web bug.
If the image is 1x1 in the same color as the background, it's pretty much guaranteed that the sender is using it as a web bug, because about the only other thing you can do with images like that is try to tweak kerning or fill in a table entry that gets misaligned if you don't, or something like that.
Twitter's web page constantly tells me it th
Re: (Score:1)
Especially when this is like the third whiny rant about his mailing list being blocked by spam filters.
Everybody who runs mailing lists gets spamblocked (Score:2)
I maintain a small announcement list for about 200 mostly highly tech-savvy people. We've been around for 25+ years on a range of different platforms, and are currently using a hosting platform with Linux and mailman (as opposed to the previous home Linux box and majordomo), but we still occasionally get spamblocked. It's text-format mail, no automated verification, and it's possible that some mailbox services are blocking us silently instead of bouncing, but most of the bouncegrams I get these days claim
Bennett Haselton is a spammer (Score:1)
This is just the latest in a series of Slashdot posts in which he explains why spam is that which he does not do.
He's a spammer. Hence he's recommending that spammers do the kinds of things spammers do.
Re: (Score:3)
But it's different, because he advocates one singular bit of good netiquette. He's like a serial killer whose kind enough to sterilize the knife between each stabbing.
Re: (Score:1)
Not having read any of his earlier posts, (and yes,being new to slashdot), I don't understand why everyone is hating on him. If his newsletter is opt in, he's not a spammer. And... In terms of end user ethics, it sounds equivalent to me to some Tor or Silk Road users. Why are some authoritarian circumventions ok but not others? Or is it because his post was rather long?
Re:What would Bennie do without /.? (Score:4, Funny)
I was going to respond that I frequently read far better posts in slashdot comment threads than Bennie's tedious whinges.
Then I realised that this was seriously underestimating how bad he is.
I have read better posts in the reader comment threads at the bottom of stories on the Daily Mail website.
Re: (Score:3)
Let's be honest here: YouTube comments would be a step up from Bennie's tripe.
It ain't spam filters blocking your email lists, bud, it's the fact no one cares for anything you have to say.
Re: (Score:2)
Give the editors a break, they miss JonKatz.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Web-bugs are also only effective for HTML based clients. I routinely setup my client to only deal in plain text. And no, I don't use webmail in any form. It boils down to using the right tool for the right job. A web browser is NOT an email client any more than an email client is a web browser. They have differing security concerns not least of which are things like web-bugs.
Re: (Score:2)
For instance, if I want to help a user over email and tell them how to set some obscure setting in a program's GUI, I can either type out 100-200 words explaining how to get to the item and what to set it to. Or I can trim that do
Text-only mail is your friend (Score:2)
Yes, it's nice to be able to receive images from people who are actually your friends, not spammers, and who don't overdo sending annoyingly cutesy images (e.g. that cousin who forwards stuff to everybody.)
But being an old guy doesn't just mean that I want you to send text email and stay off my lawn, it also means I want to set the font I use to read email with so it's easy for me to read, instead of having you pick a font that you think looks great to you on your screen, because I need a font that's big en
Spam filtering is not a solution. (Score:2, Insightful)
Spam filtering not a solution. E-mail has a monopoly on a lot of functions today. Getting accounts on most websites, getting receipts and confirmations from online purchases, recovering passwords, and countless other functions of the Internet. One thing they all have in common is that not only are they E-mail, but they are also unencrypted and can be spoofed with minimal effort.
A free market solution would be to offer more options. Automatic, universal encryption or digital signatures applied to everyth
Re:Spam filtering is not a solution. (Score:4, Insightful)
Spam filtering not a solution. E-mail has a monopoly on a lot of functions today. Getting accounts on most websites, getting receipts and confirmations from online purchases, recovering passwords, and countless other functions of the Internet. One thing they all have in common is that not only are they E-mail, but they are also unencrypted and can be spoofed with minimal effort.
A free market solution would be to offer more options. Automatic, universal encryption or digital signatures applied to everything genuine would be a legitimate solution to spam, and everything else gets dropped by your server. There are some minor obstacles, but if every mail server also serves the keys for the accounts it holds, it would be a simple matter to verify what current keys to accept at the recieving end.
Your post advocates a
( x ) technical ( ) legislative ( x ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( x ) Requires immediate total cooperation from everybody at once
( x ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( x ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( x ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( x ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( x ) Outlook
and the following philosophical objections may also apply:
( x ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( x ) Blacklists suck
( x ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( x ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( x ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Re:Spam filtering is not a solution. (Score:5, Funny)
Your post is ( ) full of myths, common errors, and logical mistakes
( x ) a form flame
( ) a bunch of nonsense
( ) a pile of dog shit
( ) a commission of philosophical thoughtcrime
( ) Full of rambling and fallacious arguments
Your criticism is not genuine. Here is why it is not genuine:
( x ) TL; DR
( ) It was too wordy
( x ) You checked boxes in your form flame that don't apply to the current situation.
( x ) You failed to check boxes in your form flame that apply to the current situation.
( ) There is no apparent logical structure of your post
( ) Your post is clearly talking about an imaginary world
Specifically, in your rush to post, you failed to account for:
( x ) The premature criticism of proposed ideas or concepts supplied by your post
( ) Posts like yours are only written by infidels.
( ) Ego cogito sum.
( ) English is the language that we speak.
( x ) A proper post or comment, does not contain checkboxes or other oddities.
( x ) The power of Obama's booming voice
( x ) The US government's role as a world power
( ) The power of idiots in large numbers
( x ) The power of free markets (aka the rich elite)
( x ) Vendors promising it will work, anyways
( ) The extreme reach of NSA authority
( ) Solutions that seem at first to be unacceptable, may be the only option
Your post also commits the following offenses:
( x ) Discouragement of rational discourse
( x ) Nonsensical objections against "good enough" pragmatic solutions, or solution that might work, on idealogical basis
( ) Lack of a cogent argument
( ) The conclusion of your argument does not follow from the premise.
( x ) If it is simple, it must be wrong
( x ) Backwards compatibility is always required
( ) You are begging the question. ( ) You have committed unspeakable abortions of logic and rational thinking.
Furthermore, this is where I think you should stick it:
This page intentionally left blank
Re: (Score:2)
That's awesome.
Would you find it insulting or flattering if I copied that and used the form reply to other trolls I see?
Re: (Score:1)
Admittedly, that was actually pretty funny.
Re: (Score:3)
A free market solution would be to offer more options. Automatic, universal encryption or digital signatures applied to everything genuine would be a legitimate solution to spam, and everything else gets dropped by your server.
And how exactly would encryption and signatures make sure the content is not spam? As long as email costs nothing but the electrons they'll continue to carpet bomb us with spam.
The solution must be some form of whitelisting, not blacklisting system. Mailing lists and outgoing mail addresses are trivial, the question is incoming mail from previously unknown sources. Personally I'd suggest doing a hash collision to burn CPU time, implemented like this:
1) Server auto-replies with a mail that says you aren't wh
Re: (Score:1)
One of the fundamental problems with spam is that email is amazingly easy to fake. I can send you an email from president@whitehouse.gov through any valid SMTP server and it will arrive as such. What my proposal does is verifies the claimed key or signature is the correct key for the claimed source account.
The advantages of this are twofold. First, virus-originated would no longer be able to spoof every address in your contacts list while sending e-mail, and any that did would be dropped by the servers.
Re: (Score:2)
Go look at DKIM and SPF (and not SenderID). The problems have been discussed ad nauseam and those are the best solutions to date. And even they have a lot of fun and unworkable corner cases.
Frankly
Re: (Score:2)
Re: (Score:1)
OK, you're incorrectly nitpicking my terminology when you address my description of encryption-based systems as a "legitimate solution". If you took the time to actually look at what I am describing here, I am talking about whether it is legitimately a solution rather than a mitigation. My brief description here is not intended as a fully fleshed out proposal, but a general concept that, if adopted, would render spamming botnets basically useless.
As I've mentioned in other posts, one of the easiest soluti
Re: (Score:2)
And it fails at that, since the botnet will simply send the spam from the accounts of pwned users.
Re: (Score:1)
I can certainly agree with you that the people running the filters are a significant problem, but email remains an inherently broken system by nature of it accepting at face value some key things which need to be properly verified.
"Free Market" == "Demo your working code for us!" (Score:2)
Dude, it is a free market, for most people in the world; if you're a draftee into some army that only uses X.400 email, or your country only allows unencrypted SMTP to pass through their Great Firewall, then I'm sorry, and I can recommend some good anti-censorship tools for you, which you can get from a guy named Bennett Hasleton.
But otherwise, you're free to use tools other than SMTP/POP/IMAP/Webmail, and we'll be happy to see your running code and give you opinions about whether you'll get rough consensu
not really a problem (Score:2)
If your clients really want to get your spam, simply instruct them to whitelist you during the registration process.
Having said that, I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.
Boarding schools (Score:2)
I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.
People who live at school are often subject to filtering even in the dorms. So what is "their own time" to you?
Re: (Score:2)
They can complain to their parents for sending them there. They're kids. Sorry if I don't shed a tear over it.
Re: (Score:2)
I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.
People who live at school are often subject to filtering even in the dorms. So what is "their own time" to you?
Those students should be taking the issue up with the school to which they are paying fees for the privilege of being censored.
Re: (Score:1)
Then get an ISP and stop leeching off bandwidth provided by the school at a reduced rate so you can ... LEARN.
Oh, tepples ... didn't realize I was replying to someone as equally retarded as bennett.
School bandwidth isn't for your porn or socializing, its for education. If you want to browse porn, pay for a normal ISP and shut the fuck up. My tax dollars aren't there to subsidize your partying. Grow up.
Re: (Score:2)
I work in state government and can tell you that the arbitrary and capricious manner employed in this state's filtering boggles the imagination. A site that was accessible for weeks suddenly gets blocked today. They have even blocked federal sites from time to time and those truly are work related. And given that most agencies have a social network presence blocking them really doesn't make sense anymore. Instead of counseling or disciplining those that abuse the rules, they are punishing everyone and doing
Re: (Score:2)
Or post your spam on /. as an "article". FTspammyA:
Just from that sentence, there is no way I would ever do business with them.
Re: (Score:2)
> (I give people the option of replying with the word "unsubscribe", even though that creates some hassle for me to process those requests manually, because many of our users are on censored networks and cannot access the unsubscribe link on the peacefire.org website.)
Setup your system to they are processed automatically. It is 2013. This is /. Please submit an "ask Slashdot" if you require assistance with that.
That's not even worthy of an "ask slashdot" question. We've had that particular piece of technology for about 15 years (Mailman was released in 1999).
Re: (Score:2)
yeah..
many spammers don't think they're sending out spam. yet if they're getting filtered and recipients don't even want to see the messages then what else is it than spam? "important information about important oppurtunities"?? what the hell is it if not spam?
you're running a mailing list, it's up to you to make it worthwhile so that people don't mark it up as spam and instead mark it up as important.
Re: (Score:2)
Actually at my last job I'd regularly have to "circumvent network policy" to just do my goddamn job. That policy was quite literally set by Congress, by the way, so good luck getting it fixed.
Maybe we shouldn't apply technical solutions to these sort of non-technical problems. Maybe we should just discipline/fire
Invisible Hands Don't Get Carpal Tunnel Syndrome (Score:2, Insightful)
Where'd that come from? Last I checked, "free-market forces" weren't capable of programming anything. Programmers do. Nothing's preventing anyone from making a better filter.
The "free-market forces" non-sequitur bespeaks an author with an ax to grind.
Re: (Score:2)
The free market doesn't really apply when there is near-zero cost to sending an email other than actually typing the message.
I got greatly annoyed by a colleague who attended a seminar from a training company that had been spamming our company. Buying anything from a spam message promotes spamming, but it's clearly effective for spammers.
Re: (Score:2)
I don't think Bennie's quite ready to be trusted with an ax of his own.
I'm not even sure he's allowed metal spoons, since The Unfortunate Incident At Dinner.
What is this? (Score:5, Insightful)
Article can be summed up as, "Sending mail people actually want is soooooo hard, I have to do all kinds of privacy-invasive things and that makes me a spammer!"
I've not seen such rambling nonsense for a long time. The guys domains appeared in spamhaus because - reality check - they are open proxies. Every single open URL redirector on the internet gets ruthlessly pillaged by spammers who are trying to avoid domain name blocks, so a URL like "http://my-proxy.com/render?url=http://buy-cheap-meds.info" inevitably lands my-proxy.com on spam-filter blacklists, because they learn that 99% of the time my-proxy.com appears in an email, that email is unwanted. URL shorteners are especially vulnerable to this.
As to the other ideas - hey, here's a great one. How about instead of using image bugs to try and figure out if your last 50 (!!) mails were ignored, why not ask users to re-opt in every so often if they want to continue receiving your mails? Was that really so hard? Keeping a good reputation with spam filters really isn't magic, so it blows me away that people host webinars on the topic - send mail people want. That's pretty much 95% of it. The other 5%? Avoid sharing resources that get abused by spammers - like URL shorteners.
I think Bennet may just have to give up on what he's trying to do here. If his proxies get abused by spammers to work around spam-filter URL domain reputation, then communicating lists of open proxies via email is inevitably going to break.
Re: (Score:2)
I think your opt-back-in-every-N-messages is a good idea.
Re-opting in could be done via replying to the email. This would establish a "communication" between the recipient and the sender. It should help against mis-qualifying other messages from the same sender as "spam" if there is a thread.
For example, Thunderbird's junk filtering allows you to whitelist your addressbook. Thus, these users should be encouraged to add his sender(s) to their addressbook. Replying to a few messages might do this (depending o
Re: (Score:1)
I was hoping this would mean that the user's mail client would see that they're already "communicating with"
Re: (Score:2)
That's a bummer that the bi-directional communication does not help with your filtering.
However, asking the user to add your address to their address book may help.
You may also consider dividing your list up with multiple sender/receiver pairs. Subscriber A would get the email from your Sender A, and reply to her. Subscriber B would get the email from your Sender B, and reply to him. At least total counts from Sender A would be lower than a single Sender.
I'm assuming you are also using SPF (v1 and v2) and D
Re: (Score:2)
In addition to SPF and DKIM, you should also publish DMARC [dmarc.org] records for your sending domain(s). This way, you can receive failure reports from the major providers that support DMARC.
(DMARC is a DNS TXT record just like SPF, but you list a 'mailto' URI to receive failure and aggregate reports of problem messages.)
Re: (Score:2)
The largest cry that spam filter providers hear is, "I am in your filter by mistake!". Spamhaus in particular is also known for blocking spam resource providers. Have you checked that your upstream provider isn't housing spammers or other spam resources? The idea behind that is to curtail providers that do nothing about their spam problems. It forces the users of those domains to complain to the provider raising the noise level to get them off their ass and fix their spam problems. And it works too. Hit the
Re: (Score:1)
1) the domains that got deleted were hosted at multiple different providers, and it's unlikely that all of those different providers would have had all of the subsections of their network randomly blacklisted at the moment I happened to register my domains 2) no other domains hosted at those netw
Re: (Score:2)
It sounds to me then that your beef is with the provider who removed the sites for relying solely on a single source. Yes, confusion could have been avoided but your real target should be the provider who removed the sites based on the RBL.
Re: (Score:1)
http://slashdot.org/story/12/10/16/175248/zero-errors-spamhaus-flubs-causing-domain-deletions [slashdot.org]
Of course I had a "beef" with them too, but Spamhaus was recklessly making false statements about us, in a manner that they knew would do very direct damage to the targets of those statements, so I think that "matters".
Is it just me or.... (Score:3)
is this a non-problem?
Re: (Score:3)
is this a non-problem?
Not a problem for me, but then I'm neither sending newsletters that look like spam nor wanting to read newsletters that arrive by email that look like spam. In fact if my mail gateway would automatically filter all the newsletters I manage to accidentally subscribe to I would be happier.
Sounds to me like an outdated means of communication whose time has come and gone (a decade ago?), these days if people want to read your content they can "go get it" with the click of a mouse on a bookmark, you don't have t
Re: (Score:2)
So why are you sending it in the clear?
PGP
Re: (Score:1)
Someone can still join the list, using their PGP key, decrypt the messages that I send out, and take the domain and blacklist it as a "spam" site. Whether Spamhaus joined our list themselves, or whether a third party joined our list and reported one of our domains to Spamhaus, in either case PGP wouldn't have helped.
Next time, no one reply (Score:2)
No one here gives a shit. My advice is go talk to people who have the most to gain from allowing opt-in content. Namely, the major mail providers.
Bennet went to some marketing demo, got his panties in a bunch, and then as usual complains to Slashtards. We can't help him.
So yeah, non-problem.
I tried not to reply, but asshattery is hard to not reply to.
His post should have been deleted (Score:2)
I liked the article despite its lack of answers (Score:2)
Whenever I send or receive a URL in the first email exchanged, I wind up checking the spam folder in webmail (Yahoo, Gmail) because that's where it winds up half the time. After having it transferred to the Inbox, there's rarely another issue of getting any mail from them. Meantime, we've all had outright spams get through the filters, server-side or client-side, because the author tried hard to make it seem more like a human sent something you wanted to see. But I do wonder how a spam reply from Craigsl
Re: (Score:1)
This has long been a problem with Yahoo! (and AOL when they mattered)... people would hit the "spam" button like it's "delete" -- and the buttons were too damned close together. And Yahoo! has never given a single shit about it.
Gmail also has the very nasty habit of classifying anything you delete without opening immediately as spam. As if I cannot determine I don't want to read *a single email* from the subject alone, or that, maybe, I've read of from one of the many other places my gmail goes (and comes f
Re: (Score:2)
Gmail also has the very nasty habit of classifying anything you delete without opening immediately as spam.
No it doesn't. For example, I have Facebook send all comments to me via gmail. This is so I don't miss things. Often times I just go to the "Facebook" folder and just delete emails from Facebook because I've already seen the comments in whole batches. I have done this hundreds of times.
And guess what? None have been classified as spam.
Sounds like you're fat-fingering the spam label there.
--
BMO
Re: (Score:1)
That's deleting them from a pre-filtered folder, not the inbox. I have a few filters like that myself, and there's a checkbox along the lines of "this shit is NEVER spam".
Don't rely on just email (Score:2)
You have a newsletter and problem being misfiled as spam? Put each new issue online (you probably do already) and offer an RSS feed with it. Some people greatly prefer RSS to a periodic email, and you can point people to it if they tell you the emails are getting blocked.
Re: (Score:2)
The point is most people who receive the proxy list by email cannot simply view the website or RSS feed showing proxies.
Re: (Score:2)
It's a real stretch to call a one-line proxy announcement that fits in the subject a "newsletter", though. It's quite the special case. The presentation he refers to was about a much more general situation with traditional, actual newsletters.
In his specific case he could put the information in the body of the email, thus forcing people to open it; or he could offer alternative delivery mechanisms through SMS or other channels alongside email for those that get caught out by spam filters.
Re: (Score:2)
Don't go offering practical solutions; you might get in the way of a perfectly good uninformed moan.
Re: (Score:2)
It is becoming quite clear to me that you are sending folks stuff on their work email that allows them to circumvent connection restrictions at work. Obviously as people come and go from various jobs like this, your emails stop going to the people that subscribed and instead start going to the guy responsible for maintaining those restrictions that you were
Re: (Score:2)
I believe you nailed this entire thing down to its actual causes and why he is clueless and whining.
Also, as his stuff is recognized by various employers, filter rules are implemented to make sure that future ... mailings... don't go to other employees.
--
BMO
Re: (Score:1)
or... (Score:3)
You know, if you get frequent run-ins with anti-spam tools, then maybe they are all stupid and broken and need to be re-examined - or, maybe, you need to re-examine the way you work, including the tough question of maybe you ARE a spammer?
The #1 red flag for any conspiracy theory, crackpot or pseudo-science is always the attribution of blame exclusively to outside forces. If nobody listens to you, it must be because of a conspiracy to cover things up, or the establishment trying to put you down, or whatever.
As other posters have outlined: You had open proxies, thus you rightfully belonged on the blocklists. If you re-examine your other problems, you might also find that everything works as it should in the anti-spam world, except for the spammers.
Re: (Score:1)
Saying "open proxies properly belong on blocklists", you might be confusing open SMTP relays (where most mail originating from them is spam, which is why they're blacklisted) with open web proxies (where most emails containing the name of the proxy site, are not spam).
You realize that the guy who said our mails were blacklisted because some spammer ha
Re: (Score:2)
If you're sending mail only to people who have signed up to receive your mails and replied to the confirmation message, then you're not a spammer, are you?
That depends on if they have the unconditional authority to make those decisions about that email address. Clearly in every case that you are bitching about actual frequent ("systematic") spam filter problems, the user themselves never had any pretense of unrestricted email access. Work email accounts, university email accounts, free email accounts, and so on.
An alternative to your theory that you are the victim of anti-spam technology is that you and the service owners are both victim of the people that
Re: (Score:1)
If you're sending mail only to people who have signed up to receive your mails and replied to the confirmation message, then you're not a spammer, are you?
That depends on if they have the unconditional authority to make those decisions about that email address.
Not under any commonly accepted definition of "spam".
Under virtually every commonly accepted definition, you're not a spammer if you receive the email owner's consent to send them mail (as verified by them replying to a confirmation message that was sent only to them). It's not your responsibility to determine whether the email address owner had the "right" to make decisions about that email address.
Otherwise, every email sender in the world could be branded a "spammer", if someone happened to subscrib
Re: (Score:2)
That email account I have at work doesn't belong to me, yet I can subscribe to your shit. You claim that I am the owner and have given you permission to send your shit if I subscribe. The reality is that I am not the owner and the owner has not given you permission to send your shit, even if I have subscribed.
You really don't seem to understand much about the shit you are doing. The thing is that what you are doing is f
Re: (Score:2)
oooh... if it only were so.
people will regard hot spam just as much spammy as cold spam. even more so, because with cold spam I might not know of the service.
with hot spam I know of the service. but hot spam is sent out to "remind" me that the service exists. the way the "optimizer" web admins do it is that since they have stats that they get more hits on the day they send out spam then it must be working! never mind if people will never return then again because the notice the spam was indeed spam and the
Re: (Score:2)
Glad to see you are willing to re-examine your position.
Your original post lacks numbers. I sent out 35,000 mails recently, to people who had signed up with one of my online services, and had absolutely no trouble with any anti-spam filters except that delivery took a while for sites who throttle you.
Unless you're doing several times that volume, you must be doing something horribly, horribly wrong. And asking spammers for advise is to me a good indication of what's wrong. These fucking assholes make a livi
Re: (Score:1)
Perhaps people heard "deliverability services" and assumed that must be talking about spammers. But legitimate senders have trouble getting past spam filters too, that's why they need "deliverability services". Since the company I was talking about sends to verified-opt-in mailing lists, I think that nega
Re: (Score:2)
But legitimate senders have trouble getting past spam filters too, that's why they need "deliverability services".
I call bullshit on that one. I used to work for a company with about a million customers. Spam filters were never anyones concern, the reason external partners come up for delivery is that you need mail servers tuned to handling high-volume messages like that with all the greylisting and delays and bounces.
If you have trouble getting past spam filters, then I maintain the reason is most likely that you are too close to actually being a spammer. Might not be the customer side (i.e. they may all have signed u
Long-time, no chat (Score:2)
Hey, it's been a while. Remember me? We were friends on MySpace a few years back. I've moved on to a new social service. Do you want to join me on Friendster?
Take care,
Seth
Re: (Score:2)
That's the weirdest thing I got this year, especially because I never had a MySpace account in my life and always avoided it like the plague.
Re: (Score:1)
Re: (Score:2)
That's an... interesting way to increase your friend count. Don't tell Zuckerberg.
Re: (Score:2)
Your a moron who has no clue. He isn't a spammer. He's sending emails to people who requested them!!!!
Show me one spammer on this planet who isn't claiming the same thing.
Rule #1: Spammers lie.
That's not to say there aren't some who believe their own lies. I'm not passing judgement, which is why I told him to re-examine his assumptions. If I were sure he's intentionally spamming, I'd have told him to drop dead.
email is the problem (Score:3)
Bennett Haselton (Score:1)
Can you please quit posting this morons thoughts like he is someone who matters? Is he one of the DICE flunkies or something? No one gives a shit about his ignorance. Just because he created a couple websites doesn't mean he has a clue or is authoritative on any subject, including the ones he's created the websites for.
Yes, I know who he is.
Yes, he's a fucking idiot. Stop posting his ridiculous diatribes.
Re: (Score:1)
Jon Katz 2.0 (Score:2)
Bennet Haselton isn't Jon Katz 2.0.
Katz's mindless ramblings were at least occasionally interesting.
The editors had the good sense to list Katz as an editor himself so that he could be filtered away.
Curse myself for not noticing the submitter before clicking the link. Curse /. and especially soul kill for making it necessary for me to read who the submitter is.
summary tl;dr marked as spam. (Score:1)
You can't solve an economic problem this way (Score:2)
hey spammers! (Score:3)
Spam is in the eye of the beholder, and that's not you.
So chill out, accept that your newsletter isn't the best thing since sliced bread, and that the fact you're sending it to someone who was probably tricked into subscribing, but changed their mind once they read the first paragraph, doesn't make it legitimate for all time or any time at all.
The Internet doesn't owe you a living. Don't send out your messages, make a website and leave them there. If people want to read them, they'll come. Peace.
Re: (Score:2)
Yes, it does make it legitimate. It doesn't make it a good newsletter, but it does make it legitimate. If they signed up for it, the email contains an obvious unsubscribe, and clicking on it and hitting submit on the resulting page makes you no longer get the newsletter, then it's not spam, period, end of story.
How would you like it if some newsletter you *did* want to get stopped coming to you because somewhere up the chain, some automated process decided it was spam and bounced it?
Is it possible some peop
Why all the flames? (Score:2)
In my humble opinion BH does some truly admirable work documenting abusing blocking and documenting/creating ways around blocking.
I'm a strong supporter of the old cyberpunk credo: "Information want to be free". I'm opposed to all filtering and blocking, no matter if it's stupid parents that think that their child benefits from living in a rose-colored bubble completely unaware of the real world and possibly unable to find support for whatever 'deviant' thoughts he or she might have, or employers that think
Does anyone find it ironic... (Score:1)
I block Bennett's stories from appearing.
Bennett gets someone else to post his drivel.
Bennett is getting around a filter that was put in place, via Slashdot's own system....and is therefore evading. To talk about how to get around filters.
Anyone else see the irony here?
This article is Spam (Score:1)
Re: (Score:2)
You know, War and Peace is actually rather good. Long and heavy going? Sure. But if you put the effort into it, it's a rewarding read.
The same can't be said of this article.
Re: (Score:2)
The webinar begins with some recommendations that are actually good netiquette.
Is this webinar on the Information Super Highway?
Can you work the 'cyber' prefix in there somehow?