Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Are Spam Blockers Too Strict?

Zonk posted more than 8 years ago | from the unequivocal-no dept.

226

Myrte writes "Wired.com has a long piece on whether spam blockers are blocking wanted messages." From the article: "For years, e-mail users complained that torrents of unwanted messages clogged their inboxes and crimped their productivity. Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages. AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem."

cancel ×

226 comments

Sorry! There are no comments related to the filter you selected.

The answer to life, the univerise, everything (0)

Anonymous Coward | more than 8 years ago | (#15272478)

No.

Spam blockers ruined my life. (4, Funny)

Rob T Firefly (844560) | more than 8 years ago | (#15272479)

Thanks to my damn spam blocker, I've missed out on hundreds of opportunities to accept millions of dollars from Nigerian royalty.

Re:Spam blockers ruined my life. (2, Funny)

dotpavan (829804) | more than 8 years ago | (#15272528)

ha! try beating this: How much ever we cry, Dvorak stories get through /. filters :)

Re:Spam blockers ruined my life. (1)

Fordiman (689627) | more than 8 years ago | (#15272600)

Well, somebody's gotta be the devil's advocate. It's actually quite fortunate that he happens to be an incoherent moron.

Re:Spam blockers ruined my life. (0)

Anonymous Coward | more than 8 years ago | (#15272566)

My previous company's spam blocker blocked everything from one of our biggest (yes, millions of dollars) customers. It almost ruined our IT guys life when he was almost fired.


so the parent post wasn't just funny

Re:Spam blockers ruined my life. (0)

Anonymous Coward | more than 8 years ago | (#15272633)

Hmmm. Million-dollar clients. One IT guy. Sounds like a typical company...

Re:Spam blockers ruined my life. (0)

Anonymous Coward | more than 8 years ago | (#15272686)

Parent wrote: "Hmmm. Million-dollar clients. One IT guy. Sounds like a typical company..."

Not uncommon for non-tech companies.

And those are also the companies mostly likely to get mad at an IT guy or improperly filtering spam, since the CEO won't understand the tech details of why is customers can't reach him.

Re:Spam blockers ruined my life. (4, Funny)

c0d3h4x0r (604141) | more than 8 years ago | (#15272588)

You think that's bad? Thanks to spam blockers, my dick is only one inch long.

Re:Spam blockers ruined my life. (0)

Anonymous Coward | more than 8 years ago | (#15272829)

Sorry bud but that has nothing to do with spam. But at least you can admit your "short commings."

Re:Spam blockers ruined my life. (1)

Dracen (973030) | more than 8 years ago | (#15272599)

Its a good thing you miss them, it gives me a chance to reply and get all that money. I am now bankrupt and have no credit, not to mention I am living in a cardboard box but I know that any day now my Nigerian friends will send me millions!

Re:Spam blockers ruined my life. (0)

Anonymous Coward | more than 8 years ago | (#15272642)

I am now bankrupt and have no credit, not to mention I am living in a cardboard box but I know that any day now my Nigerian friends will send me millions!

You have to spend money to make money

Not a chance (0)

smvp6459 (896580) | more than 8 years ago | (#15272481)

I'd gladly lose wanted messages in order to never see unwanted messages.

Re:Not a chance (2, Funny)

EvanED (569694) | more than 8 years ago | (#15272509)

Stop using email. It's 100% effective at blocking email spam.

Re:Not a chance (1)

Kjella (173770) | more than 8 years ago | (#15272702)

It's not funny, really. While I haven't stopped using e-mail, I've probably stopped using it the way it was supposed to be used. I keep several different web accounts, and the "post-whereever-I-feel-like" account is on rotation. Once it gets too clogged, I sign up for a new free account (sorry Yahoo for all the dead accounts filled with spam). Then I got a personal account, a "mailinglist-and-other-legitimate-but-not-trusted" account, some spamdump accounts for silly sign-ups. Oh, and my work account is only used for work, no mailing lists or other shit to clog it. It's basicly my own white/gray/blacklist with revocation. I know several people who got so spammed to death, they simply had to declare their main account RIP. And I certainly know many people who you should call, which never get around to reading your mail. I suppose in a way you can say they've stopped using email. Or at least, email is no longer an efficient way of communicating with them.

Re:Not a chance (1)

Kenshin (43036) | more than 8 years ago | (#15272596)

Speak for yourself.

Last year my company missed a whole bunch of e-mails from clients because our webhost had installed an overzealous e-mail blacklist that blocked out ALL of the Sympatico ISP. (Canada's 2nd biggest ISP.)

So ya... it sucked. We didn't notice for about 2 weeks. But we got it fixed after a few phone calls.

Re:Not a chance (2, Insightful)

statusbar (314703) | more than 8 years ago | (#15272705)

The real problem is that people are typically assuming that email is a reliable and secure technology, when it is not at all. People just need to learn about using 'return receipts'. The alternative is to use an entirely different communications protocol for messaging.

--jeffk++

Re:Not a chance (1)

CastrTroy (595695) | more than 8 years ago | (#15272746)

That's why spam filters based on blacklist/whitelist are so bad. You'd be better of trying a good spam filter like spam assassin.

Re:Not a chance (0)

Anonymous Coward | more than 8 years ago | (#15272610)

I'd gladly lose wanted messages in order to never see unwanted messages.

As a potential member of a class action lawsuit against a major videogame company, I was recently contacted by the plaintiffs' lawyers via email. It ended up in my yahoo spam folder. I almost never look through the spam folder, but for once I did, and was quite glad I did. I don't have a check yet, but because I responded to the email, they now have my updated mailing address so they can send it to me if and when it happens.

Exactly which "wanted" messages are you OK with losing?

Re:Not a chance (1)

Tweekster (949766) | more than 8 years ago | (#15272647)

You expect to get legal notices via email?

Email is inherently a buggy form of communication. It could take 3 seconds to get to the person or 3 days. A phone call or letter with return receipt would be a bit more reliable.

Not to mention legal info probably shouldnt be sent in the clear.

Well if you do lose the case, you can always claim incompetent representation and appeal.

Re:Not a chance (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15272653)

Really?

You wouldn't mind missing those emails from clients, thus losing out on all future chance of business from them?

You wouldn't mind missing the tentative email from an old friend, thus never learning they wanted to reach you, and giving them the impression you'd rather ignore them?

You wouldn't mind missing the email from your now ex-girlfriend after a big argument, which she'll see as a sign that you refuse to discuss it?

You would gladly accept all of those results, if it meant you'd never get spam?

Re:Not a chance (3, Interesting)

CastrTroy (595695) | more than 8 years ago | (#15272694)

I use spam assassin, and I found it only blocked stuff that was actually spam. I set it to 4, and it still let things like marketing emails from Nintendo and Sony though (I like being on the mailing list), and other newsletters I subscribed to. It rarely if ever blocks anything that I want to see. It's very good at blocking stuff that I didn't want to see. I don't really see a problem with spam blockers. And I had mine set pretty low.

Re:Not a chance (1)

ciscoguy01 (635963) | more than 8 years ago | (#15272869)

I'd gladly lose wanted messages in order to never see unwanted messages.

Not a good solution. Overzealous (=poorly designed) spam blocking is a very big problem today. There are techniques that result in little or no false positives.
But time and again, we have people blocking on domain name in the from: address.
If that were a good way to block spam you would only have to block Yahoo.com to get rid of most of it. But it's not a good way.
I have analyzed thousands of spam messages, and it is fairly rare for the sending IP the connection came from to compare favorably with the domain in the from: line.
The techniques that result in few false positives do let some spam through. It's the cost of spam blocking. You can get rid of 90-98%.
The last 2% - 10% is where you block legit mail.

As Hermann Pasquale so eloquently put it... (1, Interesting)

gEvil (beta) (945888) | more than 8 years ago | (#15272483)

web site http://geocities.com/UxiQinsardWalli/ [geocities.com]

comfortable-looking light, as it might be a fire or torches twinkling.
When they had looked at it for some while, they fell to arguing. Some
said no and some said yes. Some said they could but go and see, and
anything was better than little supper, less breakfast, and wet clothes
all the night. Others said: These parts are none too well known, and
are too near the mountains. Travellers seldom come this way now. The old
maps are no use: things have changed for the worse and the road is
unguarded. They have seldom even heard of the king round here, and the
less inquisitive you are as you go along, the less trouble you are
likely to find. Some said:
After all there are fourteen of us. Others said: Where has Gandalf
got to? This remark was repeated by everybody. Then the rain began to
pour down worse than ever, and Oin and Gloin began to fight. That
settled it. After all we have got a burglar with us, they said; and so
they made off, leading their ponies (with all due and proper caution) in
the direction of the light. They came to the hill and were soon in the


In short, no!

Re:As Hermann Pasquale so eloquently put it... (1)

Nom du Keyboard (633989) | more than 8 years ago | (#15272917)

comfortable-looking light...

What some people won't do to avoid the Slashdot Lameness Filter.

Re:As Hermann Pasquale so eloquently put it... (1, Funny)

Spy der Mann (805235) | more than 8 years ago | (#15272987)

What some people won't do to avoid the Slashdot Lameness Filter.

Ironically, this is what spammers do :-/

Norton Antispam (4, Informative)

devphaeton (695736) | more than 8 years ago | (#15272490)

The absolute biggest piece of hilarity is Norton Antispam. People rush out and buy it, and install it on their computers. Usually they never do anything in the way of setting it up (just expect it to work magically), but that makes no difference because it continually reconfigures itself on its own whims.

And then they call and abuse their ISP support personnel for days on end of "I'm not getting any of my damned email!!"

And it's all right there in their 'Deleted Items' folder. :rolleyes:

Re:Norton Antispam (1)

1000101 (584896) | more than 8 years ago | (#15272871)

Are you suggesting that this is Norton's fault or the end user's fault?

I think the funny thing is.... (1)

narrowhouse (1949) | more than 8 years ago | (#15272891)

If the average marketing email didn't so closely resemble SPAM this wouldn't be a problem. I don't want email for life because I bought one product from a company 5 years ago. I have a folder set up at work to filter out the emails our marketing and sales people send INTERNALLY. I don't need an email every time they sell something, just like I don't think they want an email from me everytime I do MY job. If companies only sent mail to people who really wanted it there would be no such thing as SPAM. Your "Exciting Announcement" is my trash if I didn't ask you to keep me updated. That goes double for all the sites that insist I register with an email address to read their content. Do you hate it when people cypherpunk your site? Stop spamming them!

Really? (0)

imboboage0 (876812) | more than 8 years ago | (#15272505)

...torrents of unwanted messages clogged their inboxes...
Really? I didn't know it was possible to download those straight to Gmail! What did I do with those pr0n torrents...

Obvious? (2)

Daniel_Staal (609844) | more than 8 years ago | (#15272514)

Um, error exists in both directions. Limiting error in one without concern for the other usually increases the other. (Instead of limiting the error you usually shift the range.) This is known.

What's news here?

Re:Obvious? Sig (1)

Nom du Keyboard (633989) | more than 8 years ago | (#15272933)

'Sensible' is a curse word.

I don't know how. Len('Sensible') > 4.

I don't understand (4, Insightful)

linvir (970218) | more than 8 years ago | (#15272525)

it has long borne the brunt of complaints from mass e-mailers over the problem
Does this mean mailing list owners or something? I associate "mass e-mailer" with "spammer", so my first instinct was "You may continue to cry". So are there other mass e-mailers? Does it mean the likes of Amazon? If so they too may continue to cry. I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.

Re:I don't understand (1)

Daniel_Staal (609844) | more than 8 years ago | (#15272654)

Sure there are. Let's see, from my own inbox, I've got postgresql.org (Postgres mailing list), perl.org (Perl mailing lists), benzedrine.cx (PF mailing list)...

Anyone who regularly sends email to multiple other people is a 'mass mailer'. I'm on at least a dozen different disscusion or announcement lists that I have signed up for.

Re:I don't understand (0)

Anonymous Coward | more than 8 years ago | (#15272859)

I run an email service that sends earthquake notices [usgs.gov] . We can send out 50-60,000 notices about a big earthquake. That's gotten us blocked from some systems as a 'mass mailer' even though everyone on our list had to subscribe to get in.

Re:I don't understand (2, Interesting)

hackstraw (262471) | more than 8 years ago | (#15272772)

I don't need to know about This week's hot deals on Electronics & Photo at Amazon.co.uk.

I don't either that is why I use http://www.spamgourmet.com/ [spamgourmet.com] and create a new account for every online purchase.

From the FA, "False positives have been a problem with e-mail marketing for a very long time".

I run a small mail server, use SpamAssassin, and I check for false positives periodically, and the only thing close to false positives that I get are marketing mails, and I don't care (nor do my users).

When I look at these mails, they suck. They often use known spam mass mailers. They are very close to spam, and its not a loss in my eye to have them quarantined with the V1agra mails as well.

I also go through my snail mail beside a trashcan and put all of the mass mail marketing junk in the trashcan without opening it.

These guys already have a much lower than 1% success rate with mass snail mail and email. I don't care if their success rate is another 10% lower than it is already.

I am not required to buy stuff from anybody. Also, there is no requirement for a business to make money. Businesses fail every day. So be it.

Re:I don't understand (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15272911)

>> I associate "mass e-mailer" with "spammer"

That's an invalid assumption.

People sign up for newsletters. There are 300,000+ who've subscribed to ServerSide, for example (mostly Java developers). That's mass e-mailing.

Eh... (2, Informative)

vertinox (846076) | more than 8 years ago | (#15272531)

I can't send email from my work place to my free register.com hosted account because I had emailed myself some links to look at while at home. Apparently the spam bot assumed messages with just a subject and links and flagged my work address as spam.

I couldn't get them to undo the change... But it is a free service and I figured I won't get anywhere if I push it and these days I just send any emails with links to my hotmail account.

Re:Eh... (1)

Carrot007 (37198) | more than 8 years ago | (#15272676)

You never thought of whitelisting your work email address?

Thats what everyone else does so we can mail links to look at later at home.

Re:Eh... HotMail (1)

Nom du Keyboard (633989) | more than 8 years ago | (#15272950)

I just send any emails with links to my hotmail account.

So, likely, does every other spammer as well.

Everything is proceeding as they have forseen (1)

voice_of_all_reason (926702) | more than 8 years ago | (#15272532)

AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem.

Well, then. You can simply pay a fee if you want to continue that Lord of the Rings Mailing List! (http://www.out-law.com/page-6611)

I'd like it if my spam filter could "mod up"... (5, Interesting)

VMaN (164134) | more than 8 years ago | (#15272543)

I'd like it if my spam filter could "mod up" non english email.

most of my email correspondance isn't in english, while most of my spam is in english... I've instructed my dad to delete ANY mail with an english subject if he doesn't know the sender before opening it, and that seems to work out fine, english is his 3rd/4th language and only has 2 contacts using it. If something is important enough, he'll get at call about it :) (this probably wouldn't fly at work, but for his personal email it's fine)

SpamAssassin can do this (1, Informative)

Anonymous Coward | more than 8 years ago | (#15272592)

Pretty easily. You can tell it which languages are good, and which ones aren't ones you'd be expecting. I get a lot of German spam because of my last name, so it's pretty easy to pick out.

Re:I'd like it if my spam filter could "mod up"... (2, Informative)

onebuttonmouse (733011) | more than 8 years ago | (#15272664)

You can do it in spamassassin. For example, just add ok_languages ja zh to its local.cf

Re:I'd like it if my spam filter could "mod up"... (1)

VMaN (164134) | more than 8 years ago | (#15272766)

My language only has ~80.000 people speaking it.. Even google can't give me results "only in faroese"

Re:I'd like it if my spam filter could "mod up"... (1)

Daniel_Staal (609844) | more than 8 years ago | (#15272839)

You mean 'Farsi'? Maybe Google can't, but Spamassassin can recognise Persian and set it as the perfered language. Farsi would be a dialect of that, so that should do what you want.

I think he knows his own language's name (1, Informative)

Anonymous Coward | more than 8 years ago | (#15272956)

Faroese is a North Germanic language with around 47,000 speakers in the Faroe Islands (Føroyar). Faroese is closely related to Icelandic and the dialects of western Norway, though as a result of the isolation, the Faroese language has a distinctive character of its own.

Re:I'd like it if my spam filter could "mod up"... (1)

DragonWriter (970822) | more than 8 years ago | (#15272740)

I'd like it to work in reverse, since almost all of my wanted email is in English, and almost all of the non-English --and certainly 100% of the Chinese, Arabic, and, if I recognize the characters right, Thai -- email I receive is unwanted.

Re:I'd like it if my spam filter could "mod up"... (1)

(startx) (37027) | more than 8 years ago | (#15272849)

I would like the exact opposite solution, with the spam filter deleting anything that ISN'T in english. English is my primary and, outside of two years of high-school German, only language. Yet most of the spam messages I recieve are in some strange baltic language.

Not trying to put out famebait but... (2, Insightful)

Eric Damron (553630) | more than 8 years ago | (#15272544)

Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email. It's kind of a stupid question with a "WELL DUH!" answer.

Not trying to put out a flame but really guys...

Re:Not trying to put out famebait but... (1)

Iphtashu Fitz (263795) | more than 8 years ago | (#15272931)

Obviously spammers are trying to get through filters by making their email appear legitimate. The closer spam looks like legitimate email traffic the harder it is to block them without also blocking some legitimate email.

But the spammers are caught in a bit of a catch-22 situation, especially when it comes to distributed spam-blocking tools like Razor [sourceforge.net] , DCC [rhyolite.com] , etc. If a spam is obviously forged then it's easy to flag as a spam. But alternatively if a spam has non-munged contact information, whether an e-mail address, a URL, or even a phone number or snail-mail address, those are all strings that it's VERY easy for filters to test against.

It's not that they're too strict (4, Insightful)

Nijika (525558) | more than 8 years ago | (#15272569)

It's more that SMTP is too broken. The model we use to communicate with each other is sadly too open, given the potential of the technology for automation. The real solution is to extend or replace SMTP completely.

Re:It's not that they're too strict (0)

Anonymous Coward | more than 8 years ago | (#15272823)

Why don't you go get right on that.

Re:It's not that they're too strict (4, Insightful)

hackstraw (262471) | more than 8 years ago | (#15272855)

The real solution is to extend or replace SMTP completely.

People say this from time to time, but they conclude that its still best the way it is. I value mailing lists, and making people pay or whatever proposed mechanism there is simply does not cut it.

I get spam sent via email. I get spam in my snail mailbox. I get spam on my fax machine. I get spammed by cold calls from sales drones/marketers. I've never had this happen (yet), but I've seen someone's phone get spammed with hundreds of porn text messages over a 10 or 15 minute time period. The user was initially billed for the porn spams and had to call the phone company to get them taken off of there bill.

It just seems as though open communication is just going to be subject to spam. Don't want it? Use your own private network to communicate.

Never too strict (1)

Weaselmancer (533834) | more than 8 years ago | (#15272570)

Not even if they let you reach through the internet and castrate the spammer. With a spoon. Full of lemon juice. And margarita salt.

Re:Never too strict (1)

i love pineapples (742841) | more than 8 years ago | (#15272960)

Won't that make for a joyous Cinco De Mayo!

So much still gets through (1)

studyguidesystems (971995) | more than 8 years ago | (#15272571)

I get so much spam a day even with blocking software. Sadly some of the titles make me giggle. I do like that one that states it's topic is "cure all diseases" then when read further it is for viagra. Glad i don't have that disease.

How is this a "gray area" (5, Insightful)

TubeSteak (669689) | more than 8 years ago | (#15272576)

A particularly troublesome gray area, Schneider said, involves affiliate marketers. These marketers often send e-mails to people who signed up on a website with whom the affiliate has a marketing agreement. The recipient of the e-mail, however, probably isn't aware of the arrangement and has no idea why they're receiving the message.
Translation: people are getting e-mails they neither want, nor expected.

It's like inviting someone to a party & you agree that they can bring their "affiliates" along. Your invitee shows up with 20 strangers & whoever you have working the door says "I don't know all these people, they aren't allowed in."

The solution isn't to cry about the "gray" area, it's to explicitly tell people who the fark these affiliates are & what they'll be sending.

Re:How is this a "gray area" (1)

Arandir (19206) | more than 8 years ago | (#15272929)

It's like inviting someone to a party & you agree that they can bring their "affiliates" along. Your invitee shows up with 20 strangers & whoever you have working the door says "I don't know all these people, they aren't allowed in."

This is why I don't invite Linux companies to parties. A significant portion of my spam is coming form "affiliates" of Linux companies. On some days they even outnumber the scammers. I fear the day some Linux company opens shop in Nigeria...

Confirmation challenge (4, Insightful)

Spazmania (174582) | more than 8 years ago | (#15272577)

When I get a message with a moderate probability of being spam, my spam blocker sends a message back requesting that the sender confirm the message. Works great. Those few legitimate senders stuck on a problematic server can still get their messages to me and so far no spammer has attempted to bypass it.

The only time it doesn't work is when the sender's spam blocker dumps the confirmation request or when the sender doesn't understand what to do.

Don't send mass e-mails (4, Insightful)

iamacat (583406) | more than 8 years ago | (#15272578)

Just like door to door salesmen and tele-marketers, mass e-mailers have ruined their reputation as a group and are no longer effective at what they are trying to do. If you want to keep your customers updated, offer an RSS feed, personalized with their user id if necessary. Times change, deal with it.

Re:Don't send mass e-mails (3, Insightful)

c0d3h4x0r (604141) | more than 8 years ago | (#15272636)

Your point is actually true in a more general sense.

In general, if people want something, they will seek it out for themselves.

People don't want or need to be advertised at in any way via any means. This applies to companies trying to sell products or services, religions trying to amass followers, or political activists trying to rally voters. It's all BS.

If I want something, I'll go seek it out for myself. Leave me the hell alone. It's not your place to constantly bother me.

I'm not sure I agree (1)

blueZ3 (744446) | more than 8 years ago | (#15272889)

When you're driving down the road and you get hungry, how do you know there's a BurgerBell on the corner if not for the sign (which is clearly advertising)? What about things you don't know exist, or things that are new? How do you know to "go out and seek" a cool gadget if you've never heard of it before? Or never knew that it was possible to do what that tool does?

I'm NOT arguing that spam or junk mail is Ok. I'm just trying to point out that not all advertising is bad. Intrusive advertising like telemarketing, spam, and junk mail is annoying (and I work hard not to purchase items advertised in one of these ways) but I'm not bothered by advertising in general.

Re:Don't send mass e-mails (1)

sjwest (948274) | more than 8 years ago | (#15272880)

Setup up amavisd here.- I open the quaranteen folder and I find that it catches most spam, the spam i do get, i report. Thus it is better to be deleted unseen by me than hit the folders i look after.

To answer the question: its good enough, but what spam i get means they sure wish they didnt they send it to me to start with.

Willian Chan [mailto] of Slough England knows that lession, so please send him some spam.

Gmail (1)

zlogic (892404) | more than 8 years ago | (#15272579)

Occasionally, Gmail's spam filter places valid mail into Spam - once it was some user's request for an invite, once it was my cellular phone invoice, and once a Dilbert daily strip. So I have to wipe out the spam folder with caution - at least I have to read every subject.

Re:Gmail (2, Funny)

Carrot007 (37198) | more than 8 years ago | (#15272638)

Sounds like it was working fine to me ;-)

Yes and no (5, Insightful)

Bogtha (906264) | more than 8 years ago | (#15272627)

If a user has signed up for a mailing list, and doesn't get what they asked for, then that's a false positive, no matter how commercial the mailing list. And this does happen. So in that respect, spam blockers are too strict.

But on the other hand, I fish out a few false positives from my spam dump every month and look to see why they were blocked. In most of the cases, it's because the mailing list operator is doing something dumb. For instance, the last false positive I received - for a legitimate, informative mailing list I deliberately signed up for - triggered my spam filter because of forged headers, two counts of malformed headers, and every other line was in all caps.

The reason why they were caught out was because they used what appears to be a mass mailer designed for sleazy purposes, and they didn't bother with any QA.

Anybody who is running a mailing list should follow a few simple rules:

  1. If you outsource, outsource to a reputable company.
  2. If you run the mailing list yourself, use reputable software.
  3. Set up an email account for every popular spam blocker, and include those addresses in your mailing lists. Check those accounts every time you send out an email, to see if you are blocked by any of them.
  4. Never buy email addresses. Ever.

That's what I consider to be common sense, but apparently common sense is hard to come by these days.

Yes (2, Interesting)

aftk2 (556992) | more than 8 years ago | (#15272650)

My experience, though, is that it isn't the spam catching software that works with typical desktop email applications like Apple's Mail, Entourage, Thunderbird or Outlook that's too strict (sometimes far from it, especially w/regards to Entourage); it's the spam catching software used by Webmail providers like Hotmail and Yahoo's Mail.

I know it's in their best interest to flag as much stuff as Bulk Mail as possible (which can then be filtered into a bulk mailbox, and removed automatically after 30 days), but until I recently switched hosts, everything I was sending to Yahoo or Hotmail was going into the Bulk Folder. Now, I think this may have been due to my hosting provider, but all the tests I ran seemed to indicate that they weren't on any blacklists, or anything like that.

I even took the time to implement SPF records for my domains. This had a noticeable effect in GMail, which actually adds a header to incoming mail stating whether an SPF record was found and followed; it had no effect in Hotmail, however, which is maddening, since it's Microsoft's stupid initiative!

I don't know what the answer is, but we're not there yet.

How 'bout double-dipping the spam? (1)

jtownatpunk.net (245670) | more than 8 years ago | (#15272657)

Our corporate email is outsourced so I have little control over it. At first glance, it seems that users should be able to individually control their SPAM settings since each user has the option to configure SpamSheild Pro to match their tolerance for spam and tell the system how to process suspected spam. But there's a "secret" filtering process that happens before mail ever gets to SpamShield. It'll generate a soft-bounce back to the sender and the recipient is never informed that a message was blocked.

SpamShield is set, by default, to dump spam into a spam folder than the user can monitor. If something gets in there by mistake, the user can whitelist the sender or lower the threshold for spam detection. But if it never gets that far, they have no idea they're missing anything and the user has no way to adjust the settings for this "secret" pre-filter.

To me, this just seems stupid. Back in the olden days, my ISP was one of the first to implement user-configurable spam filtering. I didn't turn it on because I wanted every bit of mail to be stored on a system that I could control. I didn't want anything being set aside in a temporary folder where it would be delted in a week or two. Now I've got an email system that doesn't even tell me when it rejects mail.

other issues with spam... (1)

joeldg (518249) | more than 8 years ago | (#15272671)

accidentally deleting your airline reservations while wilding trying to remove spam from your inbox so you don't MISS the airline reservation mail..

*sigh*

what you get for not paying attn to the little box in lower left of the thunderbird window..

yes! (1)

gEvil (beta) (945888) | more than 8 years ago | (#15272674)

They're absolutely too strict. I've added myself to Hormel's email notification list countless times, but their messages never get through to me.

re: Are Spam Blockers Too Strict (0)

Anonymous Coward | more than 8 years ago | (#15272677)

Yes, it's gone too far.

I can't email my own father. I can't email bug submissions into gnome.org using bug-buddy. I use my ISPs mail server. What's the huge problem?

If you run a mail server, please respect abuse@ and postmaster@ accounts, and please don't ever reject mail being sent to those accounts! Ever!

SMTP is brain dead and should have never been used (2, Insightful)

postbigbang (761081) | more than 8 years ago | (#15272682)

This is what happens when you don't think forward on protocols. The cure, in the form of hundreds of attempts at everything from Baysien filters to source-IP blockers, seem to always fail. Why? Because SMTP, our mail protocol, is based on telnet, 7-bit ASCII, and easily fudged authentication. Worse, 'thinking' filtration systems use a rules basis that appears to work, but can never work because the rules can change, as any successful spammer knows.

Then, we get a bunch of techno-idiots like the US Congress to legislate email relationships, miserably, contributing further to the problem.

The real solution? Simple blockage. Route the bastards to 127.0.0.1. Force authentication of the address and its owner before it can go out of the blocked ACLs. And if it happens again, shunt the address to a different CIDR block. Or re-write SMTP. That's all that's going to work. Nothing is foolproof because fools are so ingenious. Never underestimate the power of a hacker, and locks keep your friends out, your enemies have pick tools.

Re:SMTP is brain dead and should have never been u (1)

Spazmania (174582) | more than 8 years ago | (#15272812)

Your whackamole solution doesn't work either. Too many zombies at otherwise legitimate organizations. Would you victimize them even more?

Zombies are irresponsible and need to be killed (1)

postbigbang (761081) | more than 8 years ago | (#15272905)

Block them. Let their owners deal with their infections. Until they're known to have been cleansed

ROUTE THEM TO NULL.

Re:SMTP is brain dead and should have never been u (2, Insightful)

chill (34294) | more than 8 years ago | (#15272866)

Force authentication of the address and its owner before it can go out of the blocked ACLs.

This would be so trivial to bust thru and automate it isn't funny. What happens to zombie machines? They can authenticate fine, so slip right by this problem. Instead of sending thousands of messages as fast as possible, use thousands of zombies and send just and handful messages each. You'll never trip the thresholds for volume and the spam will be buried in among the legitimate e-mail sent by that user.

Authentication is not a solution.

Gmail (0, Redundant)

Peyna (14792) | more than 8 years ago | (#15272712)

I have yet to find a single "wanted" e-mail end up in my Spam folder in Gmail. I get maybe 1-2 "unwanted" e-mails in my Inbox, that I quickly mark as spam and never see again. Most of those tend to be in languages I can't read. I wish I could just block all e-mails that aren't in English, but that doesn't seem to be an option yet.

Re:Gmail (1)

assassinator42 (844848) | more than 8 years ago | (#15272775)

I don't get much spam at all in my Gmail inbox. It has let the Nigerian scam email through a few times. Of all the spam, I'd think they'd have that one blocked pretty well. I guess not. I don't know if I've ever gotten a legitimate email in the spam folder. Of course, if I did, I probably wouldn't notice since I use a POP3 client and don't get the spam folder.

Not seen a problem (1)

thebdj (768618) | more than 8 years ago | (#15272734)

I really have had no issue with any spam blocking stopping legitimate mail in year. When that happened, it was Yahoo! Mail which was blocking legitimate e-mails from friends with overseas e-mail addresses, in particular one ending in .nz, I believe. Otherwise, I really have had no problems, though I do not use commercial/3rd party blockers.

When I was actually using Outlook '03, I really had no problems except that junk still got through. The problem of junk still getting through happens on Yahoo! occassionally, but I attribute a lot of this to spammers just getting craftier and finding ways around the filters that they use. Gmail isn't too bad either, though my junk mail there is much, much lower then any of my other accounts and most the junk mail I do get is from my forwarded college e-mail address, which apparently started picking up a lot of spam sometime while I was still in college.

If they think it's so easy.... (1)

AriaStar (964558) | more than 8 years ago | (#15272748)

Well, spam blockers aren't humans reading the e-mails, and who but the recipient will always know if something is wanted? I mean, I may not want Viagra (no need without boy bits), but you might. If users want to complain, they ought to take a look on what it's like to create the anti-spam and anti-phishing programs. There is quite a lot to it, and not so many of us who do it for as many users as there are. Here, at my company, the spam department has just a few people who evaluate potential spam mail (or phishing, depending on which section the person is assigned to). If it's spam, our software is programmed to identify it based on certain criteria. If something is filtered out, it goes to the junk box. The user has the option to go through that box nand white-list anything marked as spam that they may actually want when they have the time to do so. It's much more efficient than going through your inbox and having to manually soft out the spam yourself. Spam filters are meant to assist, not to 100% take care of the problem. It's a piece of software that follows instructions literally. If I send you a legitimate e-mail about medical findings on Viagra and your filter identifies e-mail with the word "Viagra" as potential spam, assuming you're using a basic filter versus something like a Bayesian, it's going to get thrown in the junk box. How is it supposed to be able to identify it as legitimate? Even with Bayesians, words identified as spam words may have a legit use, but enough use of those words will give it a rating neccessary for it to be marked as spam. The simple solution, if someone is worried about legit mail going to their spam boxes, is to not use a spam filter at all. Then it will all go to their inbox. And who knows. You just might find yourself the lucky one standing to gain several hundred million dollars. (Something I find humorous - I had to edit this post to get it through SlashDot's filters!)

An amusing spam mail (1)

AriaStar (964558) | more than 8 years ago | (#15272808)

Oh, and this is one of my favorite spam mails, copied and pasted exactly. Try making a filter that knocks this out. My company's software did, intentional spelling errors and all.

Everybody knows the great sexual scandal known as "Klinton-Levinsky". After the relations like this Klintons popularity raised a lot! It is a natural phenomenon, because Bill as a real man in order not to shame himself when he was with Monica regularly used Voagra. What happened you see. His political figure became more bright and more attr= active.
It is very important for a man to be respected as a man!

See our Voagra shop to enter upon the new phase of your life.

I've Definitely Had Problems With AOL (4, Informative)

John_Booty (149925) | more than 8 years ago | (#15272784)

I used to work for a company that sent emails to medical professionals regarding ongoing clinical drug studies.

These emails absolutely took "opt-in" to the next level.

Not only did the doctors opt-in to receive these emails, they had to go through a fairly rigorous screening process to be eligible to receive them. On top of that, it actually would have been highly illegal for us to send these emails to others!

So, needless to say, the emails weren't spam and were going to modestly-sized email lists of 100-1,000 total recipients, approx 25% of which were AOL users.

And still, we had countless problems with AOL blocking them. AOL never listened nor responded.

Re:I've Definitely Had Problems With AOL - Be Afra (2, Funny)

Nom du Keyboard (633989) | more than 8 years ago | (#15272988)

Not only did the doctors opt-in to receive these emails...approx 25% of which were AOL users.

So 25% of doctors are AOL users. Now I'm really afraid to go in for my next checkup.

Of the three groups mentioned (users, marketers (1)

blueZ3 (744446) | more than 8 years ago | (#15272804)

and mailing list owners) only one should have any say in whether spam filters are too strict or not. I'll give you two guesses, and to make it easier I'll tell you up front: it ain't marketers or mailing lists.

Marketers are worried (1)

TheRecklessWanderer (929556) | more than 8 years ago | (#15272814)

OK Here is the part of the article that I like... Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking Does anyone see the hilarity in this? Marketers and mailing list operators are worried that their spam isn't getting to people because of spam blocking. Umm, yes...that's the idea. What makes some marketer think that I want their email? Pretty good chance that I do not.

AOL vs. Opt-in Email (0)

Anonymous Coward | more than 8 years ago | (#15272817)

AOL allows its users to click "This is Spam" on whatever message in the inbox that the user perceives as spam. It doesn't matter if the user opted into the list, if they decide one day that they don't want to be on that list anymore, they click "this is spam." and if the complaints for that list go over a threshold, ALL connections from that email server are blocked. The threshold? 0.1%. It gives control of their blocklist to the whims of their users.

It's basically an admission on AOL's part that they don't have the capacity to deal reasonably with senders, that they have no ability or desire to distinguish between V!@gr@ spam and legitimate opt-in bulk email, and they've decided to err on the side of blocking third-party ACCREDITED email that their users have affirmatively signed up for. Do you want the OPTION to decide for yourself if emails addressed to you are spam? Then get a real ISP.

Surgemail... our Savior. (1)

Pi55edOff (938166) | more than 8 years ago | (#15272818)

If everyone used Surgemail, spam is in full control of the Receiver and partial control by the sender.

http://www.surgemail.com/ [surgemail.com]

And is one of the least expensive and MOST functional, Multiplatform system in a whole. Since we installed it. We ended up ensuring other client's mail servers have become into RFC Check, ensured blocking 99% of the spam to clients, and never ever send an executable virus to our clients (since it renames all executables to _exe,etc instead of .exe,etc)

I'd like to see stats (2, Interesting)

secondbase (870665) | more than 8 years ago | (#15272830)

They say, "List operators, marketers, and email users complain spam filters are too strict." I'll bet 99% of marketers, 90% of list operators (not the 10% that are legitimate), and 1% of users think it's too strict.

Block and tackle (3, Interesting)

Billosaur (927319) | more than 8 years ago | (#15272833)

Listen, when you go to your snail-mailbox and get the mail, you can pretty much tell which mail is good and which is junk, right? I mean, it's easy to tell letters and cards from family members and friends from bills and unsolicited junk. It's easy because there's a physical form of recognition taking place.

Email is tougher, because in most cases all you have to go by is a sender's email address/identifier and the subject line. Now I don't knwo if you've looked at those two things closely, but it's usually easy to tell when the email is spam (how many freinds do have named Lemon T. Viceroy?). Now, as reported, phishers are getting more sophisticated and they are making much more convincing emails that are tricking people into believing the email is from their bank. They's be able to save themselves some time and frustration by checking the email address vs. a legit email they've received from the bank.

I think blocking has to start at the user end. You have to put up a wall and say that only these addresses are legit and anything else is suspect. You dump suspect emails into a separate folder and peruse it for emails that are actually legitimate, and add a pass-through for them to your wall. It requires maintenance and vigilance, and cooperation from banks, credit card companies, etc., who have to make sure you know what legitimate addresses they will send emails to you with. Any left over emails you fire back to the senders and alert your ISP

Putting the responsibility for screening mail on the user is problematic, but it's certainly a lot more efficient than having to listen to complaints about legitimate mail getting blocked constantly. I do this very thing constantly with my personal account and by using my ISP's spam filter, I'm doing a pretty good job of screening out the crap. By alerting my ISP of definite frauds, I'm hopefully making things easier for others. Of course, you have to make this system easy to use, or users will get frustrated and it won't work properly.

Maybe snail mail isn't dead yet for a reason.

Should be a given (2, Insightful)

SPaReK (320677) | more than 8 years ago | (#15272834)

This should be a given. If you try to block spam, you are going to block some legitimate messages. Hopefully, your ratio of blocking spam messages against legitimate messages is good, but it will never be perfect. This is due partly because spam itself is subjective. A lot of spam messages can be picked out and determined to be a spam message by 10 out of every 10 people. But for some messages, its not that simple. It's just real subjective. Then you're asking an algorithm to use subjective logic to determine whether a message is spam or not and problems just occur. Like I said, for the most part these filters work pretty good, but its not going to be perfect and anyone that thinks so, is just not thinking straight.

I am not opposed to some degree of flagging an alleged spam message, but to discard it without the end user knowing about it is where issues begin to arise. By flagging a message, the end user is able to use their own discretion to determine whether a message is a spam message and they can do whatever they want with those messages.

This isn't to say that RBLs and spamlists are a bad idea, just if you implement one of these, then be prepared for some type of backlash. Perhaps in some cases an RBL is necessary, but to think that using an RBL you are going to stop all spam and all of your clients are going to be happy, that's just wrong.

Start using SPF already (3, Informative)

Twillerror (536681) | more than 8 years ago | (#15272838)

OPENSPF.ORG [openspf.org]

I know this isn't the final answer, but to me it is by far the most responsible and far reaching.

  • No cost. You already have DNS servers for your MX record if you are a valid server.
  • Using DNS means that we already have a great infrastructure.
  • Doesn't stop emails from people like amazon.com if you want them, but adding @amazon.com to your block list is now valid.
  • Faster and more reliable then content filtering.
  • Makes phising a bit harder, as you can no longer send support@citigroup.com.

Will spammers register real domains, yes. Will they send emails with a fake from address that has at least a valid domain, yes. It makes it just that much harder, and makes it harder to use farms. If the SPF record has a huge subnet then the spam blockers can ignore it, and then put it on a watch list. At least we are adding some level of authentication to the process.

The cost of SPF is so little, I don't understand why their is not more push for it, and why we can't just give it a shot. I'd rather do that then go thru some authentication process with a company and then pay for some type of certicificate. Lastly, as a programmer I hate when all of the suden we have to do quadruple opt-outs, when the real problem is people sending gobs of rolex adds from their dorm room with or without their knowledge.

Re:Start using SPF already (1)

pe1chl (90186) | more than 8 years ago | (#15272927)

I am using 3 different domain registration services that include DNS service, All of them offer a method to remotely edit the zone contents.
None of them offer the possibility to insert TXT records using the remote editor.

This severly limits the usefullness of SPF.

I have no idea why TXT records are not supported. Queries about it to the people offering the service either result in no reply or some "we'll put it on the wishlist but it is low priority" (and it still is on the list after two years).
On one of the services I got a TXT record inserted on request (which I can't edit myself) because a name is used very frequently for spoofed source addresses. It has not resulted in a noticable decrease in false bounces.

I think SPF is just one of those "it only works when everybody uses it" approaches... and most people aren't in the position to implement it.

Depends on the spam blocker. (1)

Richard Steiner (1585) | more than 8 years ago | (#15272858)

I've been quite happy with the spam-blocking service that my ISP contracts with (POSTINI), as their filtering service is quite customizable. Whitelisting the few false positives I've seen is very easy to do, even mailing lists.

I got the answer (1)

moochfish (822730) | more than 8 years ago | (#15272893)

[this message has been filtered by your ISP's anti-spam software]

quite the opposite for hotmail (0)

Anonymous Coward | more than 8 years ago | (#15272895)

hotmail's spam filter sucks so bad that it lets all the spam through and blocks most of the legitimate mail. i am not joking here at all... it's so bad that I just go straight to the spam folder to check my mail.

Excuse Me, But... (1)

Nom du Keyboard (633989) | more than 8 years ago | (#15272899)

Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages.

Like I care that these people are upset. Every one of their messages that gets through to me that I've never asked for upsets me, so what goes around, comes around. That fact that they're squawking in pain now is music to my ears.

One Word... (0)

Anonymous Coward | more than 8 years ago | (#15272901)

Verizon.

I applied for their whitelist once. After about 2 or 3 months (no, I am not making this up) I got a cheerful response that I had been added, or approved, or something. I had long since forgotten about the issue and had contacted the person another way.

I don't understand why their customers put up with that crap.

My opinion on Postini (0)

Anonymous Coward | more than 8 years ago | (#15272918)

It works great. I have never had a legtitimate email blocked fom them in almost two years and on the flip side, very few pieces of spam (1 a month at most) get through [1]. Our user population does get some good email blocked from time to time but Postini provides a web interface to manage the white and black lists. Considering we do not get many calls from users (which seem to call about everything), I would say the Postini web interface works fine and they are capable of using it themselves to forward on accenditially blocked email, or Postini is doing a decent job of not blocking what it should not block.

[1] I have not been stupid with my email address and Postini only has to block roughly 50 pieces a week.

ooOOOooo Barracuda! (1)

Itninja (937614) | more than 8 years ago | (#15272958)

We use the Barracuda 300 'spam firewall' appliance. I have yet to get a legitimate email blocked entirely. But sometimes they are 'tagged' and quarentined until the user verifies they are (or are not) spam.

Marketers? (1)

jdavidb (449077) | more than 8 years ago | (#15272959)

Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages.

Marketers? Marketers don't have a say in it. They are spammers. If I want their information, I'll assume responsibility for making sure I can receive it. Thank you for your "concern" that I might be missing many valuable opportunities.

taking slashdot paranois to its logical conclusion (1)

wpegden (931091) | more than 8 years ago | (#15272986)

How long until they outlaw spam blockers which don't give "legitimate marketers" a backdoor?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>