Hotmail vs Goodmail

Frequent Slashdot Contributor Bennett Haselton wrote in with his latest column. He says "Are we being too hard on Goodmail for their plans to charge senders a quarter-penny per message to bypass companies' spam filters? Hardly anyone has mentioned that Microsoft has been doing the same thing for years, only (surprise!) charging more. Hotmail lets senders pay a $1,400 "fee" to help get through their spam filter; when I wrote to them about my newsletter being blocked as spam, they said they knew it wasn't spam, but they told me several times they would not even talk about unblocking it unless I paid the $1,400. It's odd that so little attention has been paid to Hotmail's program, since it not only mirrors the Goodmail situation, it validates Goodmail's critics who have said that once you start charging to bypass spam filters, the next step is the marginalization of people who won't pay." Read on for more words.

As you hear words like "Hotmail" and "AOL", you may be tempted to think this doesn't affect you if you've outgrown those companies, but I think that's a mistake. First of all, if you think you might ever run a business that publishes an e-mail newsletter, you'll have to worry that your mail might be blocked unless you pay to unblock it. Second, even if you're only a subscriber to a company's newsletter and you're not worried about filters on your e-mail address, the company publishing the newsletter has to spend time and resources getting their mails unblocked that they send to other people, time that could be otherwise spent improving their services. Third, even if you're not on the Internet at all, in a real sense it affects the kind of world we all live in, if the wealthy are able to communicate with their listeners more easily than everyone else (that gap has always existed, but the Internet narrowed it, and then unblocking-mail fees widened it a little). If the Republican National Committee can get their mail out and MoveOn.org can't, then that could influence elections, and could affect your life even if you're an Iraqi peasant goat farmer who hasn't updated his blog in weeks. And of course what Microsoft and AOL do, sets a precedent for what other companies can get away with -- so every anecdote about boneheaded mail filtering that you hear about, is potentially significant if it could become the norm.

I wasn't thinking about this when I wrote to Hotmail in 2006 about their users missing our e-mails because of the filter blocking them as "spam", as I jumped through some hoops before talking to a human. But the mentality of the people that I talked to seemed to be that "non-paying sender" and "spammer" were more or less equivalent. I explained that we only send mail to people who request it, we verify all new subscriptions, and every message contains an unsubscribe link. Hotmail replied, "The filters are there for the protection of hotmail subscribers. The Junk Mail Reporting program isn't in place to help you circumvent those filters... I recommend you do what you can on your end to educate your subscribers, keep your mailing lists up to date and follow the other guidelines for senders on the postmaster.msn.com site and don't expect our junkmail filters to be modified." Call me a dreamer, but I thought the whole point of having humans in the loop was that if the filter is making a mistake, you can modify it.

(Many people have suggested that I publish via RSS instead of e-mail. For me the problem with that is that our newsletter is used to send out the location of new sites for getting around blocking software, so that by the time the last sites have gotten blocked in most places, the new ones are being mailed out. As long as people can access their e-mail accounts, they can get the new site announcements. But if we used an RSS feed instead of e-mail, then blocking software companies would just block our RSS feed. And besides, even a normal newsletter publisher would lose most of their existing subscribers if they told everybody that they had to switch over to RSS to receive the newsletter in the future. Is it right that they should have to pay that penalty just because an ISP is falsely labeling their mail as spam?)

The $1,400 "fee" that you pay to help get your mail unblocked at Hotmail's servers, is to a third-party company called Sender Score Certified, formerly known as Bonded Sender, whose certifications are used by Hotmail. I didn't think I could get anywhere discussing with them the ethics of charging people to unblock their mail as spam, so instead I asked them, what would happen if someone forked over the cash and then their enemies started filing phony "spam" complaints against them, hoping to get their certification revoked? I think this is an important question for any spam policing system, but unfortunately it usually puts people on the defensive, because there's no real answer -- if you accept spam complaints, then you allow crackpots to do damage, and if you don't accept spam complaints, how do you know if a client is spamming? Bonded Sender's rep replied, "Do you really have that many enemies? If you are running a true 'non-profit', who is that mad at you? Maybe finding this out should be a little higher on the agenda. Where is the 'peace' in Peace Fire?" I asked the same question again, and eventually he said that complaints were based on SpamCop complaints -- a system known for being set up so that anyone could report anyone as a "spammer" without proof -- and that each such complaint would cause $20 to be depleted from your bond, and once it was all gone, you'd lose your certification.

"After reading all of your emails you have sent me," he continued, "it seems that you aren't really trying to find a solution to anything. You are mainly interested in pointing out flaws in programs and letting me know about how people don't like you." Actually I don't think I have enough enemies to cause me serious problems, but I'm working on it! I aspire someday to reach the level of notoriety achieved by groups like MoveOn.org, who does have enough enemies that if systems like Hotmail's were widely deployed, MoveOn would have to worry about militants falsely reporting their mails as spam in order to cost them money and/or get them blacklisted. That's the other basic problem with certification systems: they don't just favor the wealthy, they also favor the non-controversial. Do we really want an Internet where everyone has to be careful about who they offend, because anyone could get them listed as a spammer? I mean, that would be like having a free online encyclopedia where anyone could edit your bio and say that you killed someone!

Is it legal to block someone's mail as spam until they pay you money? Whoah, before I even use the l-word, I'd better insert a disclaimer. No, not that disclaimer. Nobody could possibly think that I was a lawyer after I filed motions in court with the pages stuck together to prove that judges weren't really reading them, unless I had some kind of career death wish. The disclaimer is that at least from my own experiences suing spammers, the law is whatever the judge wants it to be. Some judges say you can sue spammers out-of-state, and some say you can't. Some of them say you can sue in Small Claims only if you've lost money, and some say you can sue for damages even if you haven't lost anything. Some of them say a non-lawyer is allowed to represent their own corporation in court, and some say no. If judges don't even agree on the basic rules, good luck getting a legal consensus on a more abstract issue. Asking objectively if deliberately blocking non-spam e-mail is "legal" is like asking "Do apples taste good?"

But as a general rule, I think courts take a dim view of systematically publishing false statements about someone to try and get them to pay you off in order to stop. Unless you're a spammer, every time Hotmail labels one of your messages as "Junk Mail", they're publishing something untrue about you (at least to everyone who sees the message labeled as junk), and if you've brought it to their attention, then they may agree the statement is untrue but they go on making it anyway. In libel law, liability is partly determined by how much someone has been harmed by the false statements about them; in the case of mail being blocked as "Junk Mail", the harm is about as direct as possible, since because it was falsely labeled as spam, most users will never see it. This is why I think people who say "Hotmail/AOL/Yahoo can do whatever they want with their private network" are missing the point. If I used my own "private network" to publish a subscription service that people use to find out the names of new convicted felons in their neighborhood so that they can avoid doing business with those people, would you have no objection if I "accidentally" included your name on the list, but promised to review your situation for one low fee of $1,400?

There was a time in the late '90's when if Microsoft had said they were going to be blocking non-partner e-mails as "junk mail" unless senders paid a $1,400 "fee" to get unblocked, Congress would have hauled up Bill Gates and given him a good wedgie and told him to cut it out. But these days the Department of Justice doesn't have time to worry about other people's lost e-mail when they can't even lose their own e-mails properly.

All this happened at about the same time Goodmail was first attracting controversy for charging senders a quarter penny per message to bypass AOL's spam filters. When the EFF registered DearAOL.com to call attention to the issue (now defunct, but the Wayback Machine saved a snapshot), I hopefully registered DearHotmail.com in case any anyone wanted to use that example as well, but nothing ever coalesced around that. Meanwhile, some random mis-fire seems to have cancelled out some other random mis-fire, and Hotmail is apparently no longer blocking my mail, at least until this article gets published.

As far as I can tell, the only reason Hotmail got off scott-free and AOL/Goodmail didn't, was that Hotmail snuck their system in quietly, while AOL and Goodmail announced their partnership with great fanfare, apparently overestimating the extent to which e-mail publishers would greet them as liberators. This doesn't reflect very well on the outrage grapevine, people.

But the lesson took -- when Goodmail recently announced their partnership with four more e-mail providers, Goodmail featured a press release on their own site, but of the four ISPs, Verizon was the only one issued their own press release. Apparently the other three saw what happened with AOL/Hotmail and got the message.

You didn't ask, but my own idea for an anti-spam system would be to follow a protocol such that when you reply to a list server to confirm your subscription, the reply goes to an address like:

list-peacefire-confirm-481534893-sender=bennett=peacefire.org@mailserver.com

When you send that reply from your Hotmail account, Hotmail would see the "sender=bennett=peacefire.org" part of the address you're replying to, and recognize that to mean that you want to receive future messages sent from bennett - at - peacefire.org. So future messages from that address would be weighted not to be blocked as spam for that user. It wouldn't do anything to unblock person-to-person messages that get blocked as spam, but those are not mis-blocked as often as legitimate newsletters are, and this method would give newsletter publishers a way to get whitelisted at the same time that the user confirms their subscription. It wouldn't be perfect, since if the user then unsubscribes from the newsletter, but bennett - at - peacefire.org is a jerk and continues to send them mail, that mail would still get through because the Hotmail filter for that user still "remembers" that they confirmed their subscription, and doesn't know that they unsubscribed. However, the vast majority of nuisance spam comes from people you've never heard of, not from people whose newsletters you signed up for and then continued to send you mail after you unsubbed.

Or, suppose you're Amazon and you send mail to millions of users from orders@amazon.com, but you don't want everyone to have that address whitelisted because then a spammer could use the address "orders@amazon.com" to spam millions of people, hoping it would get through the filter of anyone who's an Amazon customer. So in that case people could confirm by replying to:

list-peacefire-confirm-481534893-sender=orders=amazon.com&senderip=72.21.203.1@mailserver.com

When the user sent their reply to that address, Hotmail would parse out the "sender=orders=amazon.com" part and the "senderip=72.21.203.1" part, and whitelist future mails from that address that come only from that IP.

I like this idea because it treats everyone equally, regardless of wealth or popularity, as long as they confirm subscriptions to their newsletter (which is regarded as good mailing list hygiene anyway). On the other hand, if you prefer filtering systems that work better for people who are rich and never offend anybody, then you'll be pleased to know that those seem to be winning.

To summarize:

[Anonymous Coward]

Use Gmail

Re:To summarize:

[Ngarrang]

And how long until Gmail does the same thing?

When more and more services are doing it, it becomes "common practice", which becomes "acceptable practice". Google may find someday they want the extra money it would provide.

"Do No Evil" is only as effective as your definition of "evil".

Re:

[Com2Kid]

And how long until Gmail does the same thing?

GMail's spam filters are over 99.9% perfect after about a week of training from the user. I still occasionally check my spam folder, heck, yesterday a message was put in Spam that shouldn't have been, the first such occurrence in over a year. Although when I first signed up it happened quite a bit more often.

In comparison, when I last used hotmail (admittedly, quite a few years ago), they let lots of spam through, but regularly blocked emails I wanted to read.

Re:

[Solra Bizna]

Until about a month ago, I was getting ~10 spam emails per day through the filters. All of them the same, obviously spam, subject lines ("RX_MEDS no pr3s needed" etc.) which on the one hand made me wonder how they were getting through but on the other made it easy to deal with them. Now I get one of those a week.

In my entire history at GMail, though, I've gotten one mis-marked legitimate message; and if someone else had been reading my incoming messages he would have thought it was spam too.

-:sigma.SB

Re:

[xenocide2]

In my entire history at GMail, though, I've gotten one mis-marked legitimate message; and if someone else had been reading my incoming messages he would have thought it was spam too.

I think this statement bears repitition, as possibly the best way to benchmark spam filter performance realistically.

Re:

[Blue Stone]

>"yesterday a message was put in Spam that shouldn't have been, the first such occurrence in over a year."

Interesting - I have a couple of gmail accounts and the same thing happened to them - last week, one message that should have been in the inbox. It was particularly strange because one of the messages had a filter on it, to give it both a label AND a star (you would have thought ther'd be a rule saying that nothing with a star or a label should ever go into the spam folder unless the filter tells it

Re:

[Spoke]

GMail's spam filters are over 99.9% perfect after about a week of training from the user.

While GMail's spam filters are pretty good, I do find an annoying amount of emails from a couple mailing lists (dspam and postfix mailing lists) marked as spam fairly regularly. I probably get a 2-5 of these false positives a week.

Luckily it's easy for me to see those emails since I have filters which label those messages.

Given the volume of mail I receive on my gmail account it probably is 99.9% effective, but I would

Re:

[rm999]

It's funny, I have a general rule: If I am expecting something at my Hotmail address (which at this point is rare), the *first* place I look is my spam folder. This has worked literally 90% of the time.

Re:

[networkBoy]

"Do No Evil" is only as effective as your definition of "evil".

Do no evil is only as effective as your product (users) sees it. If they leave in droves for the next !evil then so will your customers (advertisers in Google's case). It is fairly self limiting.

Now, you may retain enough users to still be profitable with the spam, ala hotmail, but I think the Gmail userbase is a bit less spam accepting.
-nB

Re:

[Arthur B.]

And they'll lose their marketshare to another email service who will guarantee a lifetime of receiving email with no fees. Oh no in fact they won't do it in the first place so that this doesn't happen. Companies make money by providing services, not by restricting services.

Re:

[ClassMyAss]

You know, people always seem to be surprised that Google escapes most of the Slashdot criticism, and I'll agree that most people here don't have much negative to say about them. But even those who complain about this lack of criticism rarely have anything to offer other than 1) "Nobody ever criticizes Google, how lame is that?", or 2) "Google claims to do no evil, but how can we really be sure that they won't ever be Bad?" Rarely have I seen an actual complaint about them. So I put this to anyone offende

Re:

[Cro Magnon]

Google is a business, and every business I've seen eventually gets around to screwing the customer. I agree that Google's current behavior is good (though not perfect), but it would be a mistake to assume that it will remain so, and its size, and the amount of data it has access to is worrysome.

Hopefully, the very fact that some people are watching it suspiciously will delay its inevitable decent into evil.

Re:

[zippthorne]

But don't forget to manually type the https:// because gmail defaults to plaintext.

Re:

[Zonk (troll)]

Or just install the CustomizeGoogle [customizegoogle.com] extension for Firefox. It has an option to automatically switch gmail, calendar, apps, etc to ssl. Plus it can remove the ads, block cookies to google-analyitics.com, randomize the search tracking cookie, and many other things.

Re:

[Kashra]

The folks who SEND the newsletters don't have the luxury of telling all their subscribers to "use Gmail." They have to deal with the fact that a large percentage of their readership may not use Gmail (for any number of reasons) and the fact that Gmail exists doesn't help them in the least.

Re:

[Fujisawa Sensei]

The folks who SEND the newsletters don't have the luxury of telling all their subscribers to "use Gmail." They have to deal with the fact that a large percentage of their readership may not use Gmail (for any number of reasons) and the fact that Gmail exists doesn't help them in the least.

They don't? They don't have the ability to send confirmation emails when a user sends a subscription request or post: "Cannot send news to Hotmail" on their webpage?

Re:

[x_MeRLiN_x]

That's all well and good for a personal web site, but do you think your boss would be happy about the fact that you chose not send the company newsletter to the majority of subscribers?

Re:

[jZnat]

Unless you have some recent and accurate numbers regarding the popularity of Hotmail, I would say you're full of shit. There are probably more Yahoo! or AOL users than there are Hotmail users nowadays.

Re:

[superbus1929]

I'll just stick to my own domain's email, thanks.

Re:

[WindBourne]

As opposed to MS? Or Yahoo? Or Apple? Or your Gov? Do not get me wrong. I think that Google having this much knowledge about us is worrisome. But, I also note that all the other major players are collecting info on us as well.

Re:

[TheRaven64]

So run your own mail server. If you don't already have a server somewhere, get a dozen or so friends to chip in for the hosting costs. It costs more than free, but completely control the system.

Re:

[WindBourne]

Which I do. But I also use gmail as well. I find that it is a good mix to have both.

Missed the point?

[ukemike]

All you ditto heads missed the point. You can use gmail, but this is about the receiving side not the sending side. It does you no good to have a nice mail client if your outgoing emails are getting blocked by hotmail and you cannot reach your customers or the members of your web-based political organization. So you say that hotmail wouldn't block the whole gmail domain, well they might (it could potentially be a HUGE income stream!). Regardless if you are emailing on behalf of an organization you're gonna want a domain, which gmail could handle for you. But when they start blocking info@society_for_prevention_of_cruelty_to_first_po sters.org until you pony up $1400 to hotmail, and $1400 to AOL, and $1000 to Lycos, and $1800 to bigfreeemailwebsite.com, then you are effectively censored.

so next time a spam article comes up instead of being the first person to say "Use gmail!" or the fourth person to say "ditto!" Try something new and novel. RTFA!!!

Personally I have this radical belief... I believe that I have these inalienable rights. I don't care if the censor is in Washington DC or Redmond, WA it's still censorship.

Wel im not paying anything to extortion

[unity100]

When a client complains that his/her site gets suspended due to his/her non receipt of invoice notifier/renewal email in his/her hotmail/dugamail/omegamail/anymail account due to these companies' "policies", i explain the situation in detail and advise them to acquire a more usable and reliable email account from elsewhere.

hotmail lost many users due to that over 4 years.

Re:Wel im not paying anything to extortion

[Anonymous Coward]

The fact that the email is not being sent is the sender's fault. This article is not true. I contacted Hotmail about my email being blocked. They were professional and gave me a list of things that I needed to do in order to resolve the issue. For email to get to Hotmail users, the sender must following the rules of the Sender ID Framework, which involves changing some DNS settings. More information about that can be found here:
http://www.microsoft.com/mscorp/safety/technologie s/senderid/default.mspx [microsoft.com]

Senders are not required in any way to purchase a certificate from this third party company mentioned in the article.

So... One just have to buy Windows

[marcosdumay]

Nice to know that Hotmail will only accept mail from Windows servers. With specific authorization from the ISP.

Re:

[rtechie]

The problem with this is that the only mail servers that support Sender ID are Exchange and Sendmail, experimentally, and the specification was only finalized and released back in NOVEMBER. Domainkeys was just released and its MUCH more likely it's going to be widely adopted. And Sender ID does not work with mail forwarding.

Re:

[Craig Ringer]

AFAIK Sender ID support in a mail server is only required for verifying sender ID information on incoming mail. To enable sender ID on your domain so others can verify your mail, all you should need to do is add a TXT record to your domain that specifies a list of authorized servers.

Forwarding is somewhat of an issue, but the most common uses can be overcome by whitelisting the forwarding host. I personally don't think it's that big a deal, and in fact I have routinely whitelisted a couple of forwarding hos

Re:

[kindbud]

For email to get to Hotmail users, the sender must following the rules of the Sender ID Framework, which involves changing some DNS settings.

LOL. That's totally wrong. You can have Sender-ID setup in perfect form, right from Microsoft's own HOWTO page, and they will still throw your mails in the Bulk folder if they haven't seen your MTA before. We called them about this, they told us their mail servers take a while to get "trained" on our mail flow. It's true that Sender-ID is required to get out of the

Don't blame Hotmail: There's a better solution

[CdBee]

RSS: Because everyone hates spammy "newsletters" that have a veneer of content and a morass of advertising. A feed is the correct way for a site owner to communicate with users.

Re:

[Zonk (troll)]

And someone has a problem with reading. From TFA:

Many people have suggested that I publish via RSS instead of e-mail. For me the problem with that is that our newsletter is used to send out the location of new sites for getting around blocking software, so that by the time the last sites have gotten blocked in most places, the new ones are being mailed out. As long as people can access their e-mail accounts, they can get the new site announcements. But if we used an RSS feed instead of e-mail, then blockin

Re:

[unity100]

you cant even expect any of the clients to actually regularly (everyday) use the feed, leave aside counting on it. web hosting, and web developments are not time tolerant stuff - one client forgets to check a feed, and his/her domain expires. but everyone has to check their mail, and they do, and they know how to do it. holding clients responsible for watching a feed would fail at the point of making them learn how to use it.

Marked as Spam, eh?

[EveryNickIsTaken]

Well shit, If your newsletter reads anything like your post, I'd mark that as spam too, champ.

Could be workable, if...

[Perp Atuitie]

A "tax" of this kind could be a way around spam, but the Hotmail/Goodmail way has one fatal flaw: it's used as a profit center for the mail carrier. If the tax went to recipients of the spam, who are after all the real victims here, there could be an argument for initiating it. As it stands though, this is just another service-provider scam, a kind of subset of the hierarchical Internet.

Re:

[Intron]

Any pay-for-email scheme will be abused by the con artists currently profiting on spam. If the recipient gets the money, then all of those bots will start sending mail to 'victims'. If the ISP gets the money, then they will set up fake ISPs to collect email tax. Pay-for-email is a stupid idea.

Re:

[Itninja]

The people who simply get the spam in their inbox are certainly not the "real victims here", as you said. The actual victims are the people, corporations, and/or non-profits that supply the mails servers and IT personnel around the world. A tremendous amount of their resources are used to manage all this meaningless spam.

For the end user, massive spam is a pain, and could potentially take a measurable amount of time to delete and filter. For the organizations that provide the email to the end user, spam i

Re:

[wile_e_wonka]

I don't see how a "tax" like this could ever actually work as a way around spam.

Charging advertizers to get email through doesn't block any spam. Spam blockers use algorythms, etc to attempt to find and block spam, but when they fail the mail gets to the inbox without having to pay money. I do get this kind of spam in my Hotmail account. The advertizers who pay are merely guaranteed to get to the inbox. The payment does nothing to keep spammers out of inboxes.

If all email was taxed, then all people who

Re:

[TheGratefulNet]

You have an interesting definition of "victim". Someone who uses Hotmail for their mail spends nothing to use that service.

your time is not worth anything, it seems (?) but mine sure is.

my 'eyeballs' is what pays for any free service. there are very few TRUE free services.

just because cash isn't blatantly changing hands in front of you does NOT mean that you are getting something for nothing.

Re:

[Iron Condor]

Someone who uses Hotmail for their mail spends nothing to use that service.

Hotmail is only free if your time is worthless.

Easy Answer:

[jshriverWVU]

Are we being too hard on Goodmail for their plans to charge senders a quarter-penny per message to bypass companies' spam filters?

No. Personally I think it's fraud, since you're telling and selling the customer one thing, then allowing people to bypass their own securty for a profit at the expense of it's end users.

Re:

[jshriverWVU]

It's not so much that a real spammer will have to pay, as much as the fact it gives them a control over your email that you don't have. Since you are the end user you should be able to define what is and isn't spam. Giving them control makes you powerless. What if you're LUG suddenly is blacklisted and you can't receive emails, and they refuse to remove them from the blacklist unless the LUG pays them the money?

Fascinating

[thetroll123]

"I find your ideas fascinating, and I would like to subscribe to your newsletter"

well thank God for choices....

[Brigadier]

I've used hotmail and yahoo since college at least 8 years. In the last year or so I've switched to gmail. Funny for the very reason mentioned (spam) I never use yahoo, nor hotmail for personal mail because there spam filter is iffy at best, not to mention the fact that they produce there own spam in an attempted to advertise their products. So they can choose to propagate spam but where is it going to get them.

Re:

[zxnos]

the spam filter is iffy at best on gmail as well. at least in my experience. i used it for school. an instructor sent 4 emails from the same account with the subject XXXX - 1 of 4, 2 of 4 etc. i received two of the messages. i replied to one of his messages saying i didnt receive a couple. he re-sent all becuase other students didnt get others. i still missed one. anyway this happened a few times when he sent out emails. i checked the spam folder. there they were. long story short. a person i had replied to

Change over to GMail

[Nom du Keyboard]

I suggest your encourage your subscribers to change over to GMail. I made the change after two of my ISP's (AT&T and Comcast) refused to forward e-mail to me from my own domain. I couldn't even whitelist myself, because they'd blacklisted all of NameZero.

Google, OTOH, deliverers everything, and does a 99%+ accurate job of putting spam in the spam folder, and e-mail in my inbox. Once I was able to accurately see all my e-mail, I was able to kill a very old address that wasn't part of my personal domain, but forwarded through it, that was generating up to 500 spam messages a day. I wasn't aware how bad it had gotten due to the first named ISPs hiding the problem, rather than showing me what all my e-mail looked like. Fond as I was of this address, when it becomes this kind of problem, even good memories of my first e-mail and early Internet days has to go. Google makes this possible, all this for free!

All things considered, I'm sure Google would love to take away all of Hotmail's customers, and they'll do it by providing better service at an equal or better price.

Re:Change over to GMail

[griffjon]

And there's also the forcibly-change-over-to-gmail option - we had some important aolusers (board members) at a previous job; they never got important board listserv emails or massmails or such, they refused to leave AOL and we couldn't afford any of the solutions to get around the AOL blocking.

So I created individual gmail accounts for all the aolusers which we sent to, and set the gmail accounts to auto forward to their AOL accounts. Problem solved.

Learn from the pros

[wiredlogic]

You just have to learn from the spam pros and randomize your newsletters to make them look legitimate.

no free lunch

[grumpyman]

Other 'free' mailing services doesn't have a 'price tag' does not mean they'll do it for free.

I kind of agree

[gurps_npc]

That hotmail and goodmail should not be charging people to unblock spam.

Instead they should simply refuse to unblock spam, period.

Yes, that means that newsletters like this would not get through.

I have a Phone at home. If some insane lunatic started up the idea of calling all his friends having them call all of their friends, as a means of sending out important news, I would laugh at him.

I also laugh at anyone, even this 'nice' newsletter that actually thinks EMAIL is an apropriate means of obtaining this information.

RSS is one way to go.

ANOTHER way to go is messageboard style.

There are still more ways to send out information. You can take an applet that you give to your subscribers that does something similar to hat phone idea does. While it does not work on a phone, it would work on the internet.

But the IMMENSE problem of spam pretty much means that NO, NEWSLETTERS ARE NOT APPROPRIATE FOR EMAIL.

Find another solution, the one you are trying is causing huge problems for the interent. It is NOT our job to help you perpetuate a BAD idea, no matter how much your personal non-profit benefits from the bad idea.

Re:

[Chirs]

How exactly would you deal with all the mailing lists used for various purposes, including lots of open source development?

The linux kernel mailing list sends hundreds of messages a day. How would you propose to manage this without using email?

Re:

[jZnat]

Usenet. You know, the thing we used for this sort of thing in the first place, but nobody seems interested in anymore (other than for warez and whatnot). Perhaps an updated version of NNTP that supports Unicode, binary attachments, and better measures to thwart spammers is in order?

Follow the Money

[Crispin Cowan]

A core principle in figuring out any kind of shady shenanigans is to follow the money. The problem with Goodmail, and with Microsoft's pay-to-play fee, is that the money is being paid to the wrong party. Paying the fee to the mailbox-hosting ISP cannot help but create a corrupting conflict of interest, making this a bribe. Nasty spam will be allowed through if the vendor has the $$$ to pay, and legitimate bulk mail that people have opted into will be blocked, if the news letter is not coming from a moneyed source.

Instead, consider a P2P scheme where the postage is paid directly from the sender to the receiver, where the receiver themselves can white-list a sender as not having to pay. It would produce these kinds of effects:

• For most personal onesey twosey mail, sending volume approximately equals receiving volume, so the postage payment is mostly a wash, with chatty people paying quiet people a modest amount on average.
• For opt-in news letters and mailing lists, the receiver would be expected to white-list the source, e.g. I would white-list my subscription to Bugtraq [wikipedia.org].
• Spammers and "legitimate" bulk mail advertisers alike would have to pay in proportion to the volume of mail they get delivered (non-delivered mail doesn't pay the postage).

There's a bunch of interesting things that can be done with this model:

• Postage is just an offer to pay, which only causes actual payment if the receiver redeems the postage.
• Postage can be nothing more than a GPG certificate attached to the mail, validated by the receiver's MTA or MUA.
• Receivers can dial the amount of postage they require to accept an e-mail. They could set it to a static value, e.g. "at least 2 cents or I'm not interested", or they could even use SpamAssassin to dynamically set the postage, e.g. "at least 10 cents * the spamass score" so that highly spammy mail requires much more postage than plaintext free of spam phrases.
• Gold miners can set up spam trap mail addresses that do nothing but accept postage and throw the mail away. This is abusive to spammers who are paying to have their mail delivered. Cry me a river :-)

Re:

[Crispin Cowan]

This exists, it's the business model for Boxbe.

Cool! I did not know about this, it is great that someone is trying this model. However, I see that Boxbe is using a server-oriented model [boxbe.com] so they can basically filter spam and legitimate mail sent to yourname@boxbe.com. I imagine a more P2P solution, where the SpamAss agent on any mail server would use a server company like Boxbe as a payment clearing service, and filtering is done on whatever MTA you are using.

I care, because I am already getting lots of spam at my well-known address at crispincowan.c

Not an unreasonable suggestion

[Craig Ringer]

Regarding mailing list subscriptions, that's not an entirely unreasonable suggestion, though it's really not much more than auto-whitelisting. However, you'd need to address the:


From: "Sexy Chick" <confirm-12312312-from=mailouts=sending.domain.com @sending.domain.com>

Reply for an exciting photo!


issue. People are stupid. Enough spammers are not stupid that they will trick stupid people. People will demand to be protected from their stupidity, and the filters will go back in.

The ability to examine your

SPF and IP address spoofing

[benhocking]

As you mention, SPF [wikipedia.org], DomainKeys [wikipedia.org], or a similar scheme is the only way to verify header information. The "article" seems to not realize that IP addresses can be spoofed just as easily as e-mail addresses.

Re:

[Craig Ringer]

That's not true. IP addresses are way harder to spoof, not least because a well run upstream network will (mostly) prevent you from doing it though source IP filters etc.

This is not to say that IP addresses are, in absolute terms, hard to spoof. However, From: email addresses are so hilariously easy to spoof that all you need is a telnet client or a scripting language with any sort of mail or socket support.

True

[benhocking]

I've actually spoofed a "from" header myself. :) However, I assume that there are easily accessible systems that allow you to easily spoof the original IP address. All your PC has to do (in theory, I've never tried it) is pretend like it's passing along an e-mail from the IP address you want to spoof. That does mean your IP address will show up in the stream, but it will still look like the "sender" IP address is the one you want it to look like.

I (perhaps obviously) know nothing about "source IP filters"

Re:

[Craig Ringer]

An ISP knows that it and it's customers are only in a certain ranges of addresses (which it allocated). Any IP packets leaving the ISP's network must, therefore, be within those ranges. It is trivial to add a border router egress filter that checks to see if the source address field is in the permitted range(s) and drops the packet if it isn't.

Dodgy ISPs may choose not to implement this, and so long as there is one dodgy ISP out there an attacker on that ISP (or tunneling traffic through a host on that ISP'

About the auto-mated whitelisting idea...

[TypoNAM]

About the idea of whitelisting based on subscribing through an email reply or what not (and forgetting about at times when the user confirms via a URL link) instead of restricting to a specific email server like so:
"list-peacefire-confirm-481534893-sender=orders=a m azon.com&senderip=72.21.203.1@mailserver.com"

Why not leave it at your original format of:
"list-peacefire-confirm-481534893-sender=bennett=p eacefire.org@mailserver.com"

And have the receiving email service/network verify where the emails are c

How is this in any way like goodmail?

[seebs]

Hotmail's blocking people who don't pay. No one's proposed blocking people who don't use goodmail; they've proposed whitelisting people who do.

Hotmail's deliverability is unreliable even when you're "clean", so I'd just write it off; do not use hotmail for business services, and do not accept hotmail addresses for anything where you need reliable delivery.

They're still using Bonded Spammer?

[Animats]

My experience is that Bonded Spammer is essentially dead. If you have Spam Assassin set to tag Bonded Spammer mail, you'll get items in X-Spam-Status like "RCVD_IN_BSP_TRUSTED". I have Firefox set to dump all those into the Bonded Spammer folder. The last e-mail to come in with that tag was in January 2007. I used to get more Bonded Spammer e-mails back in 2004 and 2005, but in 2006 it tapered off, and now it seems to be gone.

Is anyone else still seeing that junk?

Easiest way of realizing that this kind

[goldcd]

of charging is a bad idea, is just to think what would happen if everybody used.
I might run a moderately successful newsletter and I find it's blocked by host x.
So I pay host a $10 (I'll pretend this is cheap).
Now all my users will get their newletter - yay.
Then users on host b report their mail isn't showing up - so I pay out another $10.
Then users on host c etc etc.

Compounding this issue is the more hosts you pay, the more the others will want to be paid etc etc
I assume this would eventually lead

Funny Figures?

[Frosty Piss]

Hardly anyone has mentioned that Microsoft has been doing the same thing for years, only (surprise!) charging more. Hotmail lets senders pay a $1,400 "fee" to help get through their spam filter...

More? Maybe at a single whack it's "more", but let's see how that breaks down in terms of 1/4 penny spam-mails? It's 560,000 spam parcles. Given that most spammers send out MILLIONS, I'd say Hotmail's fee is probably cheaper than Goodmail's 1.4 cent fee. But of course, it's Microsoft, so it's twice as evil anyway.

Correction

[Frosty Piss]

1/4 cent...

SpamCop

[eaolson]

...complaints were based on SpamCop complaints -- a system known for being set up so that anyone could report anyone as a "spammer" without proof...

This is where I stopped reading. SpamCop requires proof in the form of the spam email itself. What other proof of spamminess could there be?

Re:

[TheRaven64]

Unless spammers are including PGP signatures associated with their SMTP server, it is trivial to forge a spam email. Just take any from your spam folder and change the headers to be from someone you don't like. Of course, for SpamCop to take this seriously, you'd need a lot of people to send in spam claiming to be from the same address. Many of SpamCop's input also, I believe, comes from their own honeypots; no one has a legitimate reason for mailing these, and so anyone who does gets blacklisted immedia

Re:

[Trailer Trash]

This is where I stopped reading. SpamCop requires proof in the form of the spam email itself. What other proof of spamminess could there be?

That's a good start, but having a piece of text doesn't tell you if it's spam or not. I mean, some stuff is obviously spam, sure. But I get a lot of really nice looking emails that advertise legitimate businesses or "newsletters" that are polished, and, well, they're spam. But they look just like the newsletters that I get which aren't spam.

I've asked around, and

Re:

[kindbud]

Anyone can report any email as spam to Spamcop, whether it is spam or not. Anyone can even mistakenly report any email as spam to Spamcop, and it will be treated as spam. The sender will get a nasty-gram from Spamcop with the original recipient redacted, same as what happens for actual spam. Having reported an email to Spamcop is not proof that it is spam. It is proof that it was reported to Spamcop, and nothing else.

Obviously, the article is from a spammer

[cdrguru]

Aside from that, I think it is fair to say that email is pretty much something that is useless for any commercial application and pointless for something like a "newsletter". The spam vs. ham ratio has gotten to about 1000 to 1 these days, even if they aren't directly seeing it. And that is part of the problem.

It is assumed to be acceptable for an ISP to block "spam". It is assumed to be OK for anyone to get in the way of mail to a recipient to save them from receiving the torrent of spam that they would otherwise be subjected to. False positives are considered to be something that just happens. None of the agents preventing delivery of mail offer any notification to the user that mail may be waiting for them in the "bulk" or "spam" folder, nor offer any recourse if the mail is simply deleted without delivery.

With that in mind, email is suitable for something for friends and family only. If you are trying to send a receipt to someone for an online purchase, such email is commonly considered to be "commercial" which equates to "spam" in some people's minds. Outlook by default takes anything from sales@abcdef.com and puts it into the deleted items folder, just confirming the view that anything related to "sales" must be spam.

Email is pointless for any commercial use. Companies trying to resurrect email as a viable communications medium are starting to notice this. Sure, pay to send email and some percentage of your customers won't have your email blocked. What percentage? 10%? This means you need to budget tens of thousands of dollars for "email protection" if you are going to go this way.

Face it, email is pointless and unreliable. You will never know if your email is being blocked. You can't tell a complaining customer that never got their receipt that you will "fix" this somehow. It is broken and you need to figure out a different delivery mechanism.

Re:

[perp]

If you think Bennett Hazelton is a spammer, then you are obviously without clue. Look at http://peacefire.org/ [peacefire.org] if you actually want to know who he is and what he does.

Use SPF

[CustomDesigned]

From TFA:
Or, suppose you're Amazon and you send mail to millions of users from orders@amazon.com, but you don't want everyone to have that address whitelisted because then a spammer could use the address "orders@amazon.com" to spam millions of people, hoping it would get through the filter of anyone who's an Amazon customer.

Spammers can't forge a MAIL FROM of "orders@amazon.com" for recipients that check SPF. Decent spam filters let users whitelist emails/domains. With decent anti-forgery like SPF [openspf.org] and

I have a better solution I am looking to build

[John Sokol]

It's basically related to upload/download ratios.
It assumes any user with a good u/d gets a white listed.
Doesn't matter who they are, or credentials or anything like that and it's much much cheaper. Although Money is the only motivator against spammers. You need to make it unprofitable. So people need to pay you to receive an email! You pay then back with a reply.
Although things like legitimate Mailing lists have a special white list bypass that the receiver must open up.

Initially I am looking to replace so

Different experience with hotmail

[Spazmania]

I wrote to Hotmail in 2006 about their users missing our e-mails because of the filter blocking them as "spam", [...] they said they knew it wasn't spam, but they told me several times they would not even talk about unblocking it unless I paid the $1,400.

That's funny. I contacted Hotmail about an identical filtering issue, also in 2006. There was no mention dollars. They did want to make sure my list was opt-in. They also asked me to join a feedback loop where list messages that hotmail members mark as spam are stripped of their identifying information and returned so I can identify problems with my system where unintended recipients have slipped in.

I did find it difficult to get through to folks who could help, but once I reached those folks I found them to be cordial and helpful.

Forget all other questions....

[popo]

Billing for service (and for backbone usage) is coming, and coming fast from a thousand different directions.

The question you should be asking is this: How much would email and internet access have to cost for you to stop using it.

Because the answer is scary. And the big corporations know it.

Nobody cares...

[jojoba_oil]

Okay. This will come off sounding as flamebait, but at least read it before marking it as such.

I'm willing to bet my Karma (what Karma, right?) that Bennett Haselton is, himself, a spammer. I periodically stumble, to my dismay, across his ramblings posted here as front-page material. With most of them overly self-righteous and witchunty in nature, I think he has a little something to hide.

So, to keep things concise I'll simply list facts here:

• He delegitimizes spam-fighting cases by attempting to ridicule judges with his website, judgejokes.com [judgejokes.com]. This is even more instrumental than it seems:
  • It is registered by his censor-fighting organization, Peacefire. Because making fun of judges is totally a worthwhile project for an organization as such.
    
  • It documents [judgejokes.com] both his solicitation of other spammers, and lack of understanding of the law.
• He's worked on filter-circumvention software, which made news years ago [com.com]. A direct quote from that site: "That software, Haselton and the IBB acknowledge, could have other uses here at home".
  
• He spams Slashdot with countless articles that could be summarized to 1-to-2 lines (and often are by comments shortly after being posted). A few of these are linked as related articles above.
  
• He takes huge issue any time that any of his emails aren't received. This article is evidence enough.
  
• And a few other things. I know I'm forgetting many. Anyone else want to step in?
  

Oh, and do yourself a favor, Bennett. Visit Web Pages That Suck [webpagesthatsuck.com] to learn how not to design a webpage. I have yet to see one of your pages look even half-way professional -- which should be important to you if you really want Peacefire to catch on.

Now commence the -1, Flamebait if you see fit. =D

Re:

[moderatorrater]

I completely agree. The most obvious sign to me is that he's never, ever done wrong, he's always the victim. Come on, get a grip. At the very least this guy's just slashvertising himself over and over again. He's right, there's a conflict of interest, but as several people have pointed out, they haven't exploited it like he claims they have.

This story would be so much more interesting

[Russ Nelson]

This story would be so much more interesting if Bennett wasn't an idiot. But then again, if he wasn't an idiot, there wouldn't be any story here.

Disclaimer: I've consulted for Goodmail, so I actually have some clue of what's going on here.

TFA author answered his own question

[macraig]

Haselton answered the question he asked in the first sentence with the the last sentence in the same paragraph! If Microsoft's misdeeds with Hotmail filtering are a validation of GoodMail's critics, then the obvious answer to his question is:

"No, we're not being too hard on GoodMail. We're not being hard enough on Microsoft and Hotmail."

I don't even need to read the unquoted part of TFA, do I?

I will pay a fee...

[Robber Baron]

...but only if the money collected goes into a fund used to pay out bounties on known spammers.

Re:

[jellomizer]

But GMail has advertisments based on keywords of your email. Thats Evil Capitalism too. Why cant a company just pay millions of dollars to keep a good email service for free with no ways of them making money, just so people can use a non-ISP Email address, so they don't have to tell people that they changed email every couple of years, because I changed ISP, I want to tell people that I have changed Email every couple of years because I decided to move from one email service to an other....

Re:Hwo dare they-POP3

[Nom du Keyboard]

Do you still see those adds if you use a POP3 e-mail client such as Outlook/Outlook Express/Thunderbird to receive and handle your e-mails locally?

Re:

[ZachMG]

When using Apple Mail I have never seen an ad anywhere.

Re:

[Constantine XVI]

Nope. You only see the ads in the web interface.

Re:

[vigmeister]

Wait... the answer to a rhetorical question gets modded Informative?

Cheers!

Re:Hwo dare they

[networkBoy]

Yes they do, but the big difference as I see it is that they are up-front about it.
Google: We give you free e-mail, with spam filtering in exchange for advertisements on the side bar.
Hotmail: ditto, oh, and we let pay for spam through too, but we didn't say that.

-nB

Re:

[pla]

But GMail has advertisments based on keywords of your email.

Not if you use POP to get your GMail rather than their web interface.



Thats Evil Capitalism too.

Despite the impression you could easily get from reading Slashdot, most of us don't actually dislike capitalism (though some of us might not realize as much). In reality, a closer reading of the more well-written Slashrants on the subject reveals that most of us actually object to corporate protectionism and profit-before-humans laws in general

Re:

[ls -la]

But GMail has advertisments based on keywords of your email.

Use PoP3. All the mail, no ads.

Re:

[Baba Ram Dass]

It's not about YOU using it, SOMEONE uses it, maybe they have their account there from before they knew better, or maybe they do it just to piss you off, whatever the cause, if you're sending out a newsletter, or a payment receipt, or responding to a craigslist ad, or use a mialing list, or whatever you're doing, and you're on the "spam" list, your email might never see your customer/client/whatever.

There is no guarantee when it comes to e-mail delivery. When you send an e-mail, the e-mail client basically says: "Hey server, please give this message to user X on your system." How again do you, as the sender, deserve that message be delivered? You did nothing for the server; in fact, you created work for the server.

Now if the server in question is such a dick as to demand you, the sender, pay a fee to have the mail delivered to users on said server's system... too bad for the users on that system. You'

Re:

[Xybre]

Your comments are highly subjective. Not everyone respects Google/Gmail (I do, though I don't post my Gmail accounts in public forums). Additionally, you only get an AOL email address with an AOL account which, ostensibly, you pay for, it's not free to sign up. Though if it were, for just an email address, I would still rank it below Hotmail. You do however get a free AIM email account, if I remember correctly.

Again, as I said, people have reasons for keeping around Hotmail and Yahoo accounts. Could be busi

Did you miss the point?

[geekoid]

why, yes, I think you did.

Let us say you have a business, and as part of that business, you send emails to your customers that sign up for it. Not spam, this is information your customers want from you.

Some of your customers use hotmail. Not hotmail wants to charge YOU 1400 dollars to get through there system. That's a problem. It's extortion, it's being a bad internet neighbor, and it breaks the basic premise of email;which may be ok, If when someone signs up for the free email gets clear notification that someone might have to pay 1400 dollars to get an email to them.

They no it's wrong and thats why they try to hide this information from everybody but the person the want to extort.

Re:

[michrech]

No, I think YOU (and the jackass that modded my original post as flamebait) missed the point. You are using someone ELSES system, at no cost to you. You have aggreed to their terms of service in order to do so. That you didn't read the TOS, to see if there WAS a possibility of missing emails because a company you wish to receive emails from is being blocked for not paying a fee to the provider, is not relevant to this issue. It's your fault, not the company you are getting FREE service from. It is thei

Re:

[michrech]

Hey jackass,

He's talking about someone who DOESN'T use Hotmail who is trying to send out a newsletter that Hotmail then blocks (without that person ever having signed/clicked an ToS to send an email TO an email service) that newsletter and comes back with the fact that you need to pay for play to get it delivered.

So YES, you did miss the point.

You fail it too, jackass.

It doesn't matter what Bennett is using for email service. If the subscribers of Bennett's "newsletter" aren't receiving the emails for it, and Hotmail isn't going to work with Bennett (I wouldn't either, if I were in their shoes), then they need to use a different service. As was mentioned previously (by someone who ALSO gets it), Hotmail (and, thusly, Microsoft) are not the only email providers in the game. There are probably HUNDREDS (at the very least, dozens) of other servi

Re:

[michrech]

Well, my point was your original comment was completely inapplicable to the situation you were commenting on. He has accepted no TOS. He is not using "someone ELSE's system". Microsoft has agreed to provide email service in exchange for showing and selling lots of advertising. As such the customer (who is making them money) has some reasonable level of service to be expected from a service provider (ad supported or otherwise).

You can block whoever you like on your domain as long as you don't have a customer who has a reasonable expectation of deliver of services.

Thank you for playing though, your straw man was crunchy.

You still fail it. You must have one thick skull. It is MS's sole decision as to whether they are going to allow email to pass into their system from a specific person. This is in the TOS when you sign up. You are using a service provided to yoy by a company, at no charge for you. They, in fact, do deliver emails to their "customers". The fact that one particular email gets blocked doesn't mean they magically no longer offer "email service".

Talk about straw men. I think all the crow are picking your

Oh?

[Slashdot Parent]

That's a problem. It's extortion, it's being a bad internet neighbor,

And I always thought that good fences made good neighbors.

Re:

[michrech]

The "individuals" to whom he evangalizes his services include residents and natives of oppressive nations, as well as students and other minors. It's generally safe to assume that colleges and universities don't filter web browsing traffic, and if they do, there's a problem. Unfortunately, minors do not have full legal standing until they are 18. That's why they're called "minors". I agree that, yes, some are mature enough to warrant receiving full legal status earlier, and many more are still not ready at 18. But 18 was the age chosen. Until that time, they are not (usually) legally responsible for their actions; their parents or guardians are.

I'd have no problem with the "service" he provides, if it were advertised at residents/natives of oppressive nations. The fact that Bennett doesn't seem to understand that his advertising to children is WRONG because of all the reasons you listed (and probably more) is what makes me so angry when I see any of his babbling. There was a time when I thought teenagers should be treated as adults, able to make many of their own decisions (such as being able to look at porn on the internet). Care to guess how

Re:

[TheRaven64]

Second I think I'm in the majority here, but who the fuck wants newsletters?

Depends on the newsletter. For something infrequently updated, I'd rather subscribe to a newsletter than poll an RSS feed. It's simply more bandwidth-efficient to use a push service than a pull model for this kind of thing.

Re:

[Charcharodon]

-1 Troll. It's an improvment. I just wait for another Apple Fan boy circle jerk love fest articles and say something mean about Steve Job's mother or how much the iPhone sucks and people that buy it are mindless drones that should get me a lower score.

Re:

[Charcharodon]

Secondly, most newsletters are opt-in or double opt-in only. That means people ask for them and go to the trouble of double opting for them. If there is a great abundance of newletters out there then by simple deduction it follows that a great number of people want newsletters.

I get newsletters all the time that I chose not to opt-in or specifically opt-ed out. Most newsletters aren't worth the paper they're printed on, financial or otherwise. If it is that important to me I check up on it on a regul

Because Viagra Isn't Automatically SPAM

[Slashdot Parent]

The mere presence of the word "Viagra" in an email does not make it SPAM. Ever hear of a urologist? I'm willing to bet that urologists discuss Viagra over email all the time. For fun, I created an email message that I sent to myself to see what SpamAssassin scored it:

Subject: Interesting phenomenon related to Viagra use

Hi, Dr. Smith-

I just wanted to write you to let you know that I really enjoyed the article you wrote in the New England Journal of Medicine about the side effects of Cialis, Viagra, and Levitra. It turns out a patient of mine experienced debilitating nausea while on Levitra, so I prescribed Viagra in its place, as you recommend.

In addition, I thought you might be interested to know that this patient suffers from Raynaud's disease, and he reported a 50% reduction in the frequency of his attacks after switching from Levitra to Viagra. Curious, I found an article in PubMed detailing this phenomenon and I thought I'd pass it along to you.

I hope your knee is healing up nicely, I'm sure you can't wait to get back on the tennis court.

Best Regards,
Dr. Gerald Jones

SpamAssassin scored it -0.9, which is what I would expect. This is despite the "DRUGS_ERECTILE" rule firing.

The spam filter that you would design would reject the message, and that would be an obvious false positive.

Better luck next time,

Re:

[WilliamSChips]

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the mone