spam problems

[cellio]

This morning I received mail, forwarded by my email provider, from AOL. They were threatening to blacklist our entire domain because of a spam complaint (note use of the singular). I was getting this complaint because a single piece of spam was sent by some third party via a mailing list I own. So they were threatening to blacklist us, though we were only the vehicle. That's like going after the phone company because a telemarketer called you.

I've since fixed the mailing list to close that particular loophole, at some inconvenience to some list members. I also sent a message to the list saying, basically, be more careful in targetting your complaints. But it turns out it's only partially the fault of the list member who complained.

AOL makes it very easy for people to complain about spam, even if they didn't mean to. Apparently, the current UI is such that many people accidentally hit the "complain" button when they meant to hit the "delete" button. My sys admin told me of cases where AOL users "complained", presumably erroneously, about messages that they had sent. Talk about bad interface design! Quick, send them some experts in human-computer interaction! Heck, send them any intern from any HCI program.

AOL is huge, and they're certainly not going to investigate every spam complaint. Smaller providers can't afford to do so either. So they'll blacklist sites, usually temporarily, based on complaints, not on investigations. I think it's wrong to target hosts of mailing lists (absent reason to believe that they're being especially reckless), but I suppose this is how things work now. And it's going to get even worse now that the federal government has legalized spam and abolished state laws that limited it.

I'm not sure, but I might have liked it better when the uncertainty in email delivery came from the UUCP chain rather than from blacklists (and black holes). At least then everyone who was using email knew it wasn't necessarily reliable; now people just assume you're ignoring them. Sigh.

But all of this did finally prod me into learning enough about procmail tonight to set up some filtering on my own inbox. The spam has been getting a lot worse in recent months, up from 10-20 messages a day to more like 100. So I finally have candidate spam going to its own folder that I'll check in on from time to time. In the few hours it's been in place it's caught 23 pieces of spam, missed three pieces of spam, and caught no non-spam. So far, so good.

Comments

[siderea]

Oh, yeah only a modest amount of that was spam filtering -- but I don't merely filter out my spam, I sort my spam so I can track where they got my address. I have something like 12 email addresses, including some I can use + notation with so I can customize what I put into a website form (e.g. "myusername+theirdomain@mydomain.tld") So I can actually tell which email lists have been compromised, and so forth. On that ISP, I had to do some pretty intensive header reading (searching Receiveds, etc.) to detect clues because they (#$@^*&$!!!) discard envelope addressing upon delivery.

But I also had/have all sorts of email applications -- auto responders, email list, more exotic things. I liked to joke that my procmailrcs were smart emough to answer email for me. :)