The Plague Of False Positives
from the revolting-against-spam-filters dept
This has been discussed before, but the “quick hook” of many spam filters is causing many legitimate emails to get lost. The article includes the story of someone who had a senior exec at a potential customer email him for some information about his products. The guy tried to write back, but every time, his emails were blocked as spam. Luckily, in this case, he was alerted. Plenty of times, those email disappear into a blackhole. Just recently, I experience something similar. Responding to a specific company request, I was told that my email address had been specifically “blacklisted”. I had to email the person from an outside email address just to get around it. The article claims that some ISPs are giving up on filtering spam themselves – saying that they get such angry calls over “false positives”. While I can understand why a number of legitimate opt-in bulk email gets caught in spam filters, individualized emails shouldn’t be. However, the article says up to 15% of “routine email” messages never get delivered after being flagged as spam. The main problem is that spam is really in the eye of the beholder, not the eye of the ISP or network administrator. While the article suggests the answer is more desktop spam filters, I disagree. A desktop spam filter makes less and less sense in a mobile world where you want to access your email on many different devices. What we need are spam filters on the server side (don’t even want to bother downloading spam), which gives the end-user control over the defining process (and the ability to review flagged emails). While there are tools like SpamAssassin for this purpose, most aren’t very easy for an everyday user to set up and manage themselves. At the same time, I think that challenge-response systems actually make this problem worse by basically defining all emails as spam. That is it has an almost 100% false positive rate at startup. Anyone who decides not to jump through your hoops never gets their email to you, and thus is classified as a false positive.
Comments on “The Plague Of False Positives”
a few other things to try
there are a couple of simple things you can try to do, both involve the person sending you email to be a person however.
the first is going to knowspam.net, they have been very useful in the past for me.
the second is, if you use Outlook (or anything else that lets you make filters), filter out any email that doesn’t have a word or phrase of your choosing in the subject (or even the date would work), then have an autoreply to any incoming email (so it’s _FROM_ you) with a message to please include your word in the subject. (unfortunately, this requires downloading, but at least you don’t have to deal with it).
another method is a public, free, temporary email address, like spamhole.com or the like, if you don’t already have spam coming to your email account, or don’t want more…
What I'm doing
I’m using Procmail to forward all mail tagged by SpamAssasain to a seperate spam catcher account. Then I skim the headers of the spam once a day for false positives. There is one there occasionally – maybe 1 or 2 per week. SA lets about 20 spams through a day, I think my web host has it set fairly liberal. It’s not a perfect solution, but it has helped.
Brightmail
The ISP I use for email uses Brightmail. Suspected spam gets put on their webmail system where you can see summaries (subject, from, date) and view or save individual messages. Every so often I review this to see if any legitimate mail has been flagged as spam. Over the last year or so I’ve probably checked several thousand headers, and have never seen a *single* legit email that was flagged as spam. This works because Brightmail doesn’t try to guess from the content whether the message is spam; it tries to match it with known spam. Of course this means that not all spam is filtered, but my own filter rules (e.g. look for Korean encoding) get rid of most of the rest of it.
Re: Brightmail -- what ISP do you use?
Is it EarthLink? Or someone else?
Thanks.
I disagree
I’ve blogged a response at http://onthenet.ambler.net
Re: I disagree
Because Christopher couldn’t take the time to post his disagreement here, I’ll summarize:
He thinks I’m wrong about challenge-response because most people will set up their C-R systems so that the sender never notices (since your addressbook will automatically get whitelisted).
That doesn’t explain the C-R challenges I get all the time – all of which I ignored.
Sure, it would be great if it worked, but so far, it doesn’t. Defining everything as spam isn’t the solution. It just makes the problem worse.
Re: Re: I disagree
I’m sorry, I thought pointing to my blog would set up a trackback link, but it didn’t. Thank you for summarizing.
I still have to disagree. It works fine for me. If someone has a c/r system and doesn’t bother to clear addresses that they send to, that’s their issue. If you get a challenge because the sender didn’t bother to either whitelist you, or, better, use a system that does it automatically, you’re well within your rights to ignore it.
It’s all about tools, and how people use them. At the end of the day, c/r works for me, and I don’t get any complaints. Of all of the technilogical solutions, c/r seems to be the only one that is actually getting the job done.
Re: Re: Re: I disagree
At the end of the day, c/r works for me, and I don’t get any complaints.
Might it be that you don’t get any complaints because nobody bothers to deal with your c/r system? I know I don’t deal with anyone’s.
Re: Re: Re:2 I disagree
No, it might not be that. I get plenty of email, have never had anyone tell me that they didn’t want to deal with the c/r, or missed an expected email.
To confirm this, I save all of my unconfirmed email and go through it once a week or so. I’ve never found anything in there that I thought should have been confirmed.
As I said, c/r seems the best solution right now. There are some things that could be done to it to make it even better, and address some of the concerns expressed. I expect we’ll see those improvements in short order.
Mailwasher works well
http://www.mailwasher.net/
No Subject Given
Um, if what you’re saying is that there’s no spam filtering solution that will work for all users, well, duh. Two points:
1. The article has this quote:
“What people resent the most is having the IT department or ISP determine what is — and what is not — spam,” said Herrick. “No one else has the right to open your regular mail. It should be no different with e-mail.”
The above is a generalization… many, many users LOVE having the ISP determine what is spam… especially parents of kids using the net.
2. The article states, “… all users ultimately wind up wasting a lot of time searching through their bulk mail folders for false positives …”, a generalization which is simply wrong.
No Subject Given
We’ve been evaluating the final release of Office 2003 for the past couple of weeks, and Outlook now has an AMAZING built-in junk mail filter (based on the research done for MSN) which really SHOULD be an answer for all…um, beholders. It nails 97%+ of my spam so far, which is better than even SpamNet and Spammunition did, and it turns up very few (none for me so far) false positives, even on the “Aggressive” setting. I’m totally impressed.
This is what we use
http://www.agatestreet.com