spam problems

[cellio]

This morning I received mail, forwarded by my email provider, from AOL. They were threatening to blacklist our entire domain because of a spam complaint (note use of the singular). I was getting this complaint because a single piece of spam was sent by some third party via a mailing list I own. So they were threatening to blacklist us, though we were only the vehicle. That's like going after the phone company because a telemarketer called you.

I've since fixed the mailing list to close that particular loophole, at some inconvenience to some list members. I also sent a message to the list saying, basically, be more careful in targetting your complaints. But it turns out it's only partially the fault of the list member who complained.

AOL makes it very easy for people to complain about spam, even if they didn't mean to. Apparently, the current UI is such that many people accidentally hit the "complain" button when they meant to hit the "delete" button. My sys admin told me of cases where AOL users "complained", presumably erroneously, about messages that they had sent. Talk about bad interface design! Quick, send them some experts in human-computer interaction! Heck, send them any intern from any HCI program.

AOL is huge, and they're certainly not going to investigate every spam complaint. Smaller providers can't afford to do so either. So they'll blacklist sites, usually temporarily, based on complaints, not on investigations. I think it's wrong to target hosts of mailing lists (absent reason to believe that they're being especially reckless), but I suppose this is how things work now. And it's going to get even worse now that the federal government has legalized spam and abolished state laws that limited it.

I'm not sure, but I might have liked it better when the uncertainty in email delivery came from the UUCP chain rather than from blacklists (and black holes). At least then everyone who was using email knew it wasn't necessarily reliable; now people just assume you're ignoring them. Sigh.

But all of this did finally prod me into learning enough about procmail tonight to set up some filtering on my own inbox. The spam has been getting a lot worse in recent months, up from 10-20 messages a day to more like 100. So I finally have candidate spam going to its own folder that I'll check in on from time to time. In the few hours it's been in place it's caught 23 pieces of spam, missed three pieces of spam, and caught no non-spam. So far, so good.

Comments

[kmelion.livejournal.com]

AOL has basically blocked all yahoo and hotmail accounts from reaching their users, which makes emailing my family a real PITA.

[estherchaya.livejournal.com]

good heavens that's obnoxious.
Why can't they leave it to the individual user to block that which they don't intend to read?

[cellio]

AOL specifically reaches out to users who tend to lack the skill or willingness to use filters. (I mean, you can get better service more cheaply elsewhere, but you have to do more work.) Their users "just want it to work, dammit". Many of their customers are people who otherwise wouldn't use email at all, but AOL makes it easy. These are the people who think it's AOL's fault that they get spam, so from a business perspective, it's worth it to AOL to dump some legitimate mail in order to cut down on the spam. People are more vocal about the undesired messages they do get than about the desired messages they don't get. Out of sight out of mind, I guess.

Complaints from outside -- the people trying to send mail to AOL -- are unlikely to be effective. Until large numbers of their users complain about the policies, nothing will change -- and what are the odds of that?

[cellio]

Is your family resistant to the idea of moving from AOL to someone else? What if some helpful relative came in and did all the setup work for them, so all they had to do was cough up a credit card and a password?

A few years ago we helped set up my father-in-law and his wife with AOL. (We had gone to visit, and they said something like "while you're here can you get us onto the internet?" and handed us a CD. They are, ahem, not the most technically-ept folks we know.) And the process really was very, very easy. I think that's why people like it -- setup is very easy, most spam is filtered out (along with mail you wanted, but you don't know about that), and the UI gives the impression of doing all the right things. The user who erroneously clicks on that "complain" button, for example, never learns of his error -- you click it and the mail goes away, just like you wanted, and that's it. You may never know that real people can no longer send you mail, until they tell you.

[kmelion.livejournal.com]

Yeah, my dad is very resistant to changing ISPs. He's worried he won't be able to get his fishing reports anymore. My brother and I (when I was there) complained constantly about the slowness and the disconnects. My dad blamed it on the computer.

[chite.livejournal.com]

AOL really burns my ass.

In Mary Kay, consultants have an opt-in mailing list. If we add someone to our mailing list, MK sends out one message asking for permission to send them more messages. If they do not respond, or if they say no, MK will not allow us to send messages out to them.

AOL, however, has determined that MK consultants are spamming their customers when we send out email from the marykay domain, and they bounce them.

It would seem that there is nothing MORE right that MK could be doing.

[cellio]

You are doing everything right. How irritating!

I take it there's no way for your customers to initiate the list subscription? Or would that even help, if AOL is going to block you anyway? Bah.

[siderea]

Hey, are you still at That ISP[*]? They have spamassassin, which if you're not using in your procmail recipes, you should be. I was their Procmail User From Hell (900 lines of procmailrc, woohoo!) and would be happy to answer such questions as I can.

[* I'm not. I like my new shell provider much better.]

[cellio]

Yup, I'm still there. And yes, I'm using the SpamAssassin score as the basis for my (so far) lone procmail recipe. Thanks for the offer of help; you'll be hearing from me as I try to improve things. :-)

(900 lines? I trust that most of this was not spam filtering but other stuff like handling mailing lists?)

[siderea]

Oh, yeah only a modest amount of that was spam filtering -- but I don't merely filter out my spam, I sort my spam so I can track where they got my address. I have something like 12 email addresses, including some I can use + notation with so I can customize what I put into a website form (e.g. "myusername+theirdomain@mydomain.tld") So I can actually tell which email lists have been compromised, and so forth. On that ISP, I had to do some pretty intensive header reading (searching Receiveds, etc.) to detect clues because they (#$@^*&$!!!) discard envelope addressing upon delivery.

But I also had/have all sorts of email applications -- auto responders, email list, more exotic things. I liked to joke that my procmailrcs were smart emough to answer email for me. :)

AOL's ludicrous spam policy

[(Anonymous)]

Given how much spam comes FROM AOHell addresses, you'd think they'd set their policies more carefully. Instead, a user accidentally clicking on block instead of delete can cause an entire domain to be shut out.

This happened to JTan (my shell/email/webhost provider) a few months ago. One Sunday morning I suddenly found I couldn't send email to my girlfriend, who is unfortunately still on AOL. Chris investigated, and discovered that JTan was blacklisted based on "complaints from users". After investigation, the best he was able to detemine wsa that some AOL idiot had signed up for a mailing list hosted on JTan, and then instead of unsubscribing started blocking...

I'm all for improving the user experience, to a point, but when you dumb it down so much that you HURT other people, you've done something wrong.

Re: AOL's ludicrous spam policy

[cellio]

I'm also at JTAN, and I remember the incident in October. I don't know how many "complaints" it was based on, but we were blacklisted for about 12 hours. Chris' fast response kept it from being much worse. I believe the fact that we now get warnings (none were issued in October) before blacklisting are the result of Chris' diligence in pursuing things with AOL.