The Plague Of False Positives

from the revolting-against-spam-filters dept

This has been discussed before, but the "quick hook" of many spam filters is causing many legitimate emails to get lost. The article includes the story of someone who had a senior exec at a potential customer email him for some information about his products. The guy tried to write back, but every time, his emails were blocked as spam. Luckily, in this case, he was alerted. Plenty of times, those email disappear into a blackhole. Just recently, I experience something similar. Responding to a specific company request, I was told that my email address had been specifically "blacklisted". I had to email the person from an outside email address just to get around it. The article claims that some ISPs are giving up on filtering spam themselves - saying that they get such angry calls over "false positives". While I can understand why a number of legitimate opt-in bulk email gets caught in spam filters, individualized emails shouldn't be. However, the article says up to 15% of "routine email" messages never get delivered after being flagged as spam. The main problem is that spam is really in the eye of the beholder, not the eye of the ISP or network administrator. While the article suggests the answer is more desktop spam filters, I disagree. A desktop spam filter makes less and less sense in a mobile world where you want to access your email on many different devices. What we need are spam filters on the server side (don't even want to bother downloading spam), which gives the end-user control over the defining process (and the ability to review flagged emails). While there are tools like SpamAssassin for this purpose, most aren't very easy for an everyday user to set up and manage themselves. At the same time, I think that challenge-response systems actually make this problem worse by basically defining all emails as spam. That is it has an almost 100% false positive rate at startup. Anyone who decides not to jump through your hoops never gets their email to you, and thus is classified as a false positive.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    ben, 30 Sep 2003 @ 10:02am

    a few other things to try

    there are a couple of simple things you can try to do, both involve the person sending you email to be a person however. the first is going to knowspam.net, they have been very useful in the past for me. the second is, if you use Outlook (or anything else that lets you make filters), filter out any email that doesn't have a word or phrase of your choosing in the subject (or even the date would work), then have an autoreply to any incoming email (so it's _FROM_ you) with a message to please include your word in the subject. (unfortunately, this requires downloading, but at least you don't have to deal with it). another method is a public, free, temporary email address, like spamhole.com or the like, if you don't already have spam coming to your email account, or don't want more...

    reply to this | link to this | view in chronology ]

  • identicon
    Chris, 30 Sep 2003 @ 10:32am

    What I'm doing

    I'm using Procmail to forward all mail tagged by SpamAssasain to a seperate spam catcher account. Then I skim the headers of the spam once a day for false positives. There is one there occasionally - maybe 1 or 2 per week. SA lets about 20 spams through a day, I think my web host has it set fairly liberal. It's not a perfect solution, but it has helped.

    reply to this | link to this | view in chronology ]

  • identicon
    aNonMooseCowherd, 30 Sep 2003 @ 12:56pm

    Brightmail

    The ISP I use for email uses Brightmail. Suspected spam gets put on their webmail system where you can see summaries (subject, from, date) and view or save individual messages. Every so often I review this to see if any legitimate mail has been flagged as spam. Over the last year or so I've probably checked several thousand headers, and have never seen a *single* legit email that was flagged as spam. This works because Brightmail doesn't try to guess from the content whether the message is spam; it tries to match it with known spam. Of course this means that not all spam is filtered, but my own filter rules (e.g. look for Korean encoding) get rid of most of the rest of it.

    reply to this | link to this | view in chronology ]

  • identicon
    Christopher Ambler, 30 Sep 2003 @ 2:26pm

    I disagree

    I've blogged a response at http://onthenet.ambler.net

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 30 Sep 2003 @ 2:36pm

      Re: I disagree

      Because Christopher couldn't take the time to post his disagreement here, I'll summarize:

      He thinks I'm wrong about challenge-response because most people will set up their C-R systems so that the sender never notices (since your addressbook will automatically get whitelisted).

      That doesn't explain the C-R challenges I get all the time - all of which I ignored.

      Sure, it would be great if it worked, but so far, it doesn't. Defining everything as spam isn't the solution. It just makes the problem worse.

      reply to this | link to this | view in chronology ]

      • identicon
        Christopher Ambler, 30 Sep 2003 @ 3:32pm

        Re: I disagree

        I'm sorry, I thought pointing to my blog would set up a trackback link, but it didn't. Thank you for summarizing.

        I still have to disagree. It works fine for me. If someone has a c/r system and doesn't bother to clear addresses that they send to, that's their issue. If you get a challenge because the sender didn't bother to either whitelist you, or, better, use a system that does it automatically, you're well within your rights to ignore it.

        It's all about tools, and how people use them. At the end of the day, c/r works for me, and I don't get any complaints. Of all of the technilogical solutions, c/r seems to be the only one that is actually getting the job done.

        reply to this | link to this | view in chronology ]

        • identicon
          nobody, 1 Oct 2003 @ 7:29am

          Re: I disagree

          At the end of the day, c/r works for me, and I don't get any complaints.

          Might it be that you don't get any complaints because nobody bothers to deal with your c/r system? I know I don't deal with anyone's.

          reply to this | link to this | view in chronology ]

          • identicon
            Christopher Ambler, 1 Oct 2003 @ 9:32am

            Re: I disagree

            No, it might not be that. I get plenty of email, have never had anyone tell me that they didn't want to deal with the c/r, or missed an expected email.

            To confirm this, I save all of my unconfirmed email and go through it once a week or so. I've never found anything in there that I thought should have been confirmed.

            As I said, c/r seems the best solution right now. There are some things that could be done to it to make it even better, and address some of the concerns expressed. I expect we'll see those improvements in short order.

            reply to this | link to this | view in chronology ]

  • identicon
    dapete, 30 Sep 2003 @ 2:41pm

    Mailwasher works well

    reply to this | link to this | view in chronology ]

  • identicon
    Three Men In A Boat, 1 Oct 2003 @ 6:17am

    No Subject Given

    Um, if what you're saying is that there's no spam filtering solution that will work for all users, well, duh. Two points:

    1. The article has this quote:
    "What people resent the most is having the IT department or ISP determine what is -- and what is not -- spam," said Herrick. "No one else has the right to open your regular mail. It should be no different with e-mail."
    The above is a generalization... many, many users LOVE having the ISP determine what is spam... especially parents of kids using the net.

    2. The article states, "... all users ultimately wind up wasting a lot of time searching through their bulk mail folders for false positives ...", a generalization which is simply wrong.

    reply to this | link to this | view in chronology ]

  • identicon
    Cory Seaman, 1 Oct 2003 @ 8:02am

    No Subject Given

    We've been evaluating the final release of Office 2003 for the past couple of weeks, and Outlook now has an AMAZING built-in junk mail filter (based on the research done for MSN) which really SHOULD be an answer for all...um, beholders. It nails 97%+ of my spam so far, which is better than even SpamNet and Spammunition did, and it turns up very few (none for me so far) false positives, even on the "Aggressive" setting. I'm totally impressed.

    reply to this | link to this | view in chronology ]

  • identicon
    jake, 1 Oct 2003 @ 12:06pm

    This is what we use

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.