Forgot your password?
typodupeerror
Spam Privacy

To Beat Spam Filters, Look Like A Spammer? 143

Posted by Soulskill
from the hello-sir-madam dept.
Slashdot contributor Bennett Haselton writes "A recent webinar for newsletter publishers suggested that if you want your emails not to be blocked as 'spam,' you paradoxically have to engage in some practices that contribute to the erosion of users' privacy, including some tactics similar to what many spammers are doing. The consequences aren't disastrous, but besides being a loss for privacy, it's another piece of evidence that free-market forces do not necessarily lead to spam filters that are optimal for end users." Read on for the rest of Bennett's thoughts.

Lest you think that spam filters only rarely make mistakes any more, recall the instance in which after I mailed out a group of 10 proxy websites to my own mailing list, the British "anti-spam" outfit Spamhaus blacklisted two of the domains, which caused the registrar (Afilias) to disable all 10 of the domains en masse, so that the sites simply disappeared from the Web. (This happened even though our mailing list is 100% closed-loop confirmed-opt-in; users have to reply to a confirmation message in order to join the list, so the actual emails were not "spam.") It took several days to find out what happened and restore the domains, during which Spamhaus and Afilias refused to answer any of my inquiries, and have to this day not reached out or explained what they're doing to avoid similar screw-ups in the future. And this was just the latest in a long line of headaches caused by spam filters including filters at Hotmail, AOL, Yahoo, and Gmail, which had regularly categorized our emails as "spam" and caused users to miss them.

So when the email deliverability company WhatCounts announced their October 16th webinar on how to avoid having your mails blocked as spam, I watched in real time with some interest. The webinar (which you can view here), was presented by Brad Gurley, the "Director of Deliverability" for WhatCounts, who has worked in the email "deliverability" industry for 10 years. While email deliverability services is one of the products that WhatCounts charges for, the presentation didn't contain any blatant plugs for their own services, so I'm taking the contents at face value. Even if any statements in the webinar happened to be incorrect, it's still safe to assume that the presentation represents mainstream thinking in the email deliverability industry, which will determine what recommendations are made to email senders.

I hasten to add that WhatCounts should not be blamed for any of the recommendations that they made that I'm counting as "eroding privacy"; their job was to answer the question, "What is the best way to make sure my emails don't get blocked as spam?", and they answered it. The fault, if any, should lie with the spam filters which encourage these practices. Furthermore, I'm only saying that the practices encouraged in the webinar are eroding user privacy, not violating it. (If you ask every new subscriber for their name and geographic location, I would call that an "erosion" of privacy if it normalizes the practice of collecting more user data than you need, but it's not a privacy violation as long as the user willingly gives it to you.)

The webinar begins with some recommendations that are actually good netiquette, such as cleaning subscriber lists regularly (removing bouncing addresses), and displaying a prominent "unsubscribe" link for users who want to leave. If you run a newsletter, and good netiquette isn't a compelling enough reason to put an "unsubscribe" link near the top, here is a direct quote from the webinar:

"The Unsubscribe link should be prominently placed within the message body. Unsubscribe links that are hidden or hard-to-find will generate spam complaints from unhappy users who want to unsubscribe. Placing the link in the preheader has been shown to reduce spam complaints in many cases."

That's one reason that every message that I send to my own newsletter, contains this text at the top:
[You are receiving this because you subscribed to the Circumventor distribution list. To unsubscribe from this list, click here: http://www.peacefire.org/circumventor/cv-unsub.html or reply with the word "unsubscribe" in the subject.] (I give people the option of replying with the word "unsubscribe", even though that creates some hassle for me to process those requests manually, because many of our users are on censored networks and cannot access the unsubscribe link on the peacefire.org website.)

But, on to the less-stellar news: the presentation also says that the key to getting users to keep opening your emails -- and hence to signal to the email providers like Hotmail and Yahoo that your mails are not "spam" — is "engagement." Gurley suggests that senders "tailor mailings to segments of subscribers based on demographic data," including segmenting users based on city or zip code. Nothing sounds wrong with that, except that to "tailor" the mailings based on demographic data, you have to have that demographic data -- i.e. ask users for their age, sex, location, income bracket, or other information at the time that they join the list.

As I said, I don't consider this a violation of privacy if the user gives their information voluntarily, it's just an erosion of privacy, because it normalizes the process of asking users for extra data when there's no clear reason why it's necessary. In the late 1990s, you could join most companies' email lists without providing any more information than an email address; if you were asked for more information, it was for an obvious reason (such as filling out a profile on match.com, or ordering a product to be shipped). The less information about users was stored all in one place, the less opportunity there would be for the company to abuse it, or to be bought out by some other company that would abuse it, or for someone to hack into their servers and steal the information outright.

Our mailing list in particular serves a segment of the population who are particularly privacy-conscious -- they're using our proxy sites to circumvent Internet blocking software, so in almost all cases, just the simple act of being our mailing list could get them in some amount of trouble with somebody (although the severity would vary). So by design, we collect the minimum amount of information -- the email address -- necessary to send new proxy sites to the users. The more information that we asked for, the less likely the user might be to sign up in the first place.

Again, companies are within their right to ask for this information, but I don't think the rest of us newsletter publishers should be penalized for not asking for it.

The presentation goes on to say that email providers such as Hotmail and Yahoo judge whether an email is "spam" based on what proportion of the time users open an email from that sender. As Gurley says, "Give people a reason to open your email and keep opening it." The trouble is that this penalizes email notifications where you can fit all of the relevant content into the subject line -- many of my emails say something like "new Circumventor: badbadger.info", and for most users, that's all they need to see. Some subscribers have specifically said that they always want to see the new proxy site name in the subject line, because they're on a network where they are blocked from accessing their full email inbox, but they can use other webpages to see the subject lines of recently received emails. (For example, Yahoo Mail users might be on network where Yahoo Mail is blocked, but if you're signed in to yahoo.com you can see the subject lines of your last few emails on the www.yahoo.com front page.) If I'm being penalized by spam filters because user's don't open my emails, then obviously that's incentivizing me to do the users a disservice, by putting the proxy site name only in the message body.

(This might be an issue that is highly specific to my particular mailing list, because most people don't run email newsletters where they can fit all of the relevant content into the subject lines. However it's easy to think of other web applications that have a need for subject-only notifications -- Google Calendar sends me an email whenever one of my calendar events is coming up -- and those shouldn't be penalized just because the user never opens them.)

Finally, the presentation suggests that senders unsubscribe any user who hasn't opened the last 50 emails you sent them. This might set off mild alarm bells with tech-savvy readers, who know that the only way to tell if a reader has opened your message, is to embed images into the messages -- and if your newsletter content doesn't lend itself to images, you have to plant a surreptitious "web bug" image into the email, a tiny image that serves no purpose except that if you open the message and the image loads, it tells the sender that the message has been read. (For this reason, if you open an email message that does contain images, most email clients will not display them unless you click "Show images" or something similar -- because otherwise, if images always loaded automatically, spammers could use web bugs to tell who was opening their emails. So in fact, if a user opens your message and doesn't click "Show images", you generally can't tell that they opened your email.)

Again, I would consider web bugs to be an erosion of privacy more than a violation of it, on the order of asking for the user's zip code at the time they join their newsletter -- in both cases, the reason being that you are collecting more information than is strictly necessary for the operation of your mailing list. (In the case of web bugs, the "information" you're collecting is whether the user opened your message or not.)

Some people feel more strongly about it. A recent message posted on MIT's "liberationtech" mailing list had this to say about "web bugs", to a person who was asking about why his newsletter was being blocked:

You do not appear to use web bugs in your mailing list messages. A wise choice: web bugs are malware, they're invasive and abusive, and they actively degrade the security of recipients...which is a pretty crappy way to treat one's audience.

I think this is over the top -- all that a web bug does, is tell the sender whether you opened their message -- but, whether this opinion is valid or not, some people out there feel that way, and using web bugs in your email might piss them off.

Although before you cut loose the users who haven't opened your last 50 emails, Gurley's presentation also suggests trying to win them back with one last message with a "teaser" subject line like "We're saying goodbye...", or "Are we not going to talk to you any more?", or "Are we breaking up?". I hate subject lines like that, whether from spammers or from people I've signed up to get mail from. (Although now that I think about it, I doubt I'm really that mad about the 1 second of my time that they wasted; I think I just resent the fact that even just for that 1 second, they actually had me fooled, and I thought it really was a message from a friend.)

But again, we can't kill the messenger: Brad Gurley's job was to do a presentation on how to get your emails past the spam filters at the major email providers, and if using "come-on" subject lines works, because it gets more users to open your messages, then that's part of the answer. (Remember, this presentation was aimed at opt-in email senders, not spammers.)

So, I don't know that I can do anything differently with my list as a result of the presentation. I think it would be too off-putting to users to ask for their age and zip code, and in any case it wouldn't do any good for all the users who have already signed up. I probably couldn't use web bugs even if I wanted to, because the web bugs would have to load the image from a website, and if the user opened the email from a network where Web access was censored, the network's filter might block the website that the web bug loaded the image from. And for a list with many members who are still in high school, and whose parents might read their email over their shoulder, I don't feel like trying to get their attention by sending them an email with the subject "Are we breaking up?"

The more important takeaway here, though, is that there's no reason to expect the free market to deliver spam filters that are optimal from the user's point of view. In a world where users had perfect information, if Hotmail told their users, "We're going to start flagging the newsletters in your inbox as 'junk mail' unless the sender asks for your zip code when you sign up, and uses teasing subject lines to get you to open the message, and uses web bugs to verify whether you've opened it," their users would likely say, "Screw you, I'm going to Gmail!" (Which many of their users have apparently said anyway.) If this doesn't happen, it's because the vast majority of users don't have enough information for the market in spam filters to function effectively. And thus there's nothing to stop Hotmail and Yahoo from imposing arbitrary conditions on senders through their spam filters, which will lead to more legitimate senders resorting to "come-on" subject lines and web bugs -- ironically, looking more like the spammers they're trying to differentiate themselves from.

This discussion has been archived. No new comments can be posted.

To Beat Spam Filters, Look Like A Spammer?

Comments Filter:
  • by Anonymous Coward on Tuesday October 22, 2013 @05:29PM (#45206555)

    Get yer own blog, Bennie!

    • Re: (Score:2, Insightful)

      by seebs (15766)

      I don't know, but it would probably be less damaging. The world does not benefit from this guy getting a ton of high-visibility options for advertising his militant refusal to even consider trying to comprehend anything about email or spam.

    • by Anonymous Coward

      Especially when this is like the third whiny rant about his mailing list being blocked by spam filters.

      • I maintain a small announcement list for about 200 mostly highly tech-savvy people. We've been around for 25+ years on a range of different platforms, and are currently using a hosting platform with Linux and mailman (as opposed to the previous home Linux box and majordomo), but we still occasionally get spamblocked. It's text-format mail, no automated verification, and it's possible that some mailbox services are blocking us silently instead of bouncing, but most of the bouncegrams I get these days claim

    • by Anonymous Coward

      This is just the latest in a series of Slashdot posts in which he explains why spam is that which he does not do.
      He's a spammer. Hence he's recommending that spammers do the kinds of things spammers do.

      • But it's different, because he advocates one singular bit of good netiquette. He's like a serial killer whose kind enough to sterilize the knife between each stabbing.

      • by Anonymous Coward

        Not having read any of his earlier posts, (and yes,being new to slashdot), I don't understand why everyone is hating on him. If his newsletter is opt in, he's not a spammer. And... In terms of end user ethics, it sounds equivalent to me to some Tor or Silk Road users. Why are some authoritarian circumventions ok but not others? Or is it because his post was rather long?

    • by RogueyWon (735973) on Tuesday October 22, 2013 @06:27PM (#45207053) Journal

      I was going to respond that I frequently read far better posts in slashdot comment threads than Bennie's tedious whinges.

      Then I realised that this was seriously underestimating how bad he is.

      I have read better posts in the reader comment threads at the bottom of stories on the Daily Mail website.

      • by lgw (121541)

        Let's be honest here: YouTube comments would be a step up from Bennie's tripe.

        It ain't spam filters blocking your email lists, bud, it's the fact no one cares for anything you have to say.

      • by Bogtha (906264)

        Give the editors a break, they miss JonKatz.

    • At least he isn't arguing that the Fifth Amendment is a bad thing again....
    • by synaptik (125) *
      #ohnoitsbennett
  • Spam filtering not a solution. E-mail has a monopoly on a lot of functions today. Getting accounts on most websites, getting receipts and confirmations from online purchases, recovering passwords, and countless other functions of the Internet. One thing they all have in common is that not only are they E-mail, but they are also unencrypted and can be spoofed with minimal effort.

    A free market solution would be to offer more options. Automatic, universal encryption or digital signatures applied to everyth

    • by key134 (673907) on Tuesday October 22, 2013 @05:52PM (#45206767)

      Spam filtering not a solution. E-mail has a monopoly on a lot of functions today. Getting accounts on most websites, getting receipts and confirmations from online purchases, recovering passwords, and countless other functions of the Internet. One thing they all have in common is that not only are they E-mail, but they are also unencrypted and can be spoofed with minimal effort.

      A free market solution would be to offer more options. Automatic, universal encryption or digital signatures applied to everything genuine would be a legitimate solution to spam, and everything else gets dropped by your server. There are some minor obstacles, but if every mail server also serves the keys for the accounts it holds, it would be a simple matter to verify what current keys to accept at the recieving end.

      Your post advocates a

      ( x ) technical ( ) legislative ( x ) market-based ( ) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      ( ) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      ( x ) Requires immediate total cooperation from everybody at once
      ( x ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      ( ) Laws expressly prohibiting it
      ( x ) Lack of centrally controlling authority for email
      ( ) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      ( x ) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( x ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      ( ) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      ( ) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( x ) Outlook

      and the following philosophical objections may also apply:

      ( x ) Ideas similar to yours are easy to come up with, yet none have ever
      been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( x ) Blacklists suck
      ( x ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( x ) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      ( ) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      ( ) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      ( x ) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your
      house down!

      • by mysidia (191772) on Tuesday October 22, 2013 @08:43PM (#45208069)

        Your post is ( ) full of myths, common errors, and logical mistakes
        ( x ) a form flame
        ( ) a bunch of nonsense
        ( ) a pile of dog shit
        ( ) a commission of philosophical thoughtcrime
        ( ) Full of rambling and fallacious arguments

        Your criticism is not genuine. Here is why it is not genuine:

        ( x ) TL; DR
        ( ) It was too wordy
        ( x ) You checked boxes in your form flame that don't apply to the current situation.
        ( x ) You failed to check boxes in your form flame that apply to the current situation.
        ( ) There is no apparent logical structure of your post
        ( ) Your post is clearly talking about an imaginary world

        Specifically, in your rush to post, you failed to account for:

        ( x ) The premature criticism of proposed ideas or concepts supplied by your post
        ( ) Posts like yours are only written by infidels.
        ( ) Ego cogito sum.
        ( ) English is the language that we speak.
        ( x ) A proper post or comment, does not contain checkboxes or other oddities.
        ( x ) The power of Obama's booming voice
        ( x ) The US government's role as a world power
        ( ) The power of idiots in large numbers
        ( x ) The power of free markets (aka the rich elite)
        ( x ) Vendors promising it will work, anyways
        ( ) The extreme reach of NSA authority
        ( ) Solutions that seem at first to be unacceptable, may be the only option

        Your post also commits the following offenses:

        ( x ) Discouragement of rational discourse
        ( x ) Nonsensical objections against "good enough" pragmatic solutions, or solution that might work, on idealogical basis
        ( ) Lack of a cogent argument
        ( ) The conclusion of your argument does not follow from the premise.
        ( x ) If it is simple, it must be wrong
        ( x ) Backwards compatibility is always required
        ( ) You are begging the question. ( ) You have committed unspeakable abortions of logic and rational thinking.

        Furthermore, this is where I think you should stick it:

        This page intentionally left blank

    • by Kjella (173770)

      A free market solution would be to offer more options. Automatic, universal encryption or digital signatures applied to everything genuine would be a legitimate solution to spam, and everything else gets dropped by your server.

      And how exactly would encryption and signatures make sure the content is not spam? As long as email costs nothing but the electrons they'll continue to carpet bomb us with spam.

      The solution must be some form of whitelisting, not blacklisting system. Mailing lists and outgoing mail addresses are trivial, the question is incoming mail from previously unknown sources. Personally I'd suggest doing a hash collision to burn CPU time, implemented like this:

      1) Server auto-replies with a mail that says you aren't wh

      • One of the fundamental problems with spam is that email is amazingly easy to fake. I can send you an email from president@whitehouse.gov through any valid SMTP server and it will arrive as such. What my proposal does is verifies the claimed key or signature is the correct key for the claimed source account.

        The advantages of this are twofold. First, virus-originated would no longer be able to spoof every address in your contacts list while sending e-mail, and any that did would be dropped by the servers.

        • One of the fundamental problems with spam is that email is amazingly easy to fake. I can send you an email from president@whitehouse.gov through any valid SMTP server and it will arrive as such. What my proposal does is verifies the claimed key or signature is the correct key for the claimed source account.

          Go look at DKIM and SPF (and not SenderID). The problems have been discussed ad nauseam and those are the best solutions to date. And even they have a lot of fun and unworkable corner cases.

          Frankly
    • by ultranova (717540)

      A free market solution would be to offer more options.

      A free market solution is to go with the cheapest immediate option and ignore long-term costs. He who ignores future gets bonuses today, and by tomorrow some other sucker is left holding the now-worthless shares.

      Automatic, universal encryption or digital signatures applied to everything genuine would be a legitimate solution to spam, and everything else gets dropped by your server.

      Unless you're trying to imply that spam filtering is illegal, "legitimate

      • OK, you're incorrectly nitpicking my terminology when you address my description of encryption-based systems as a "legitimate solution". If you took the time to actually look at what I am describing here, I am talking about whether it is legitimately a solution rather than a mitigation. My brief description here is not intended as a fully fleshed out proposal, but a general concept that, if adopted, would render spamming botnets basically useless.

        As I've mentioned in other posts, one of the easiest soluti

        • by ultranova (717540)

          My brief description here is not intended as a fully fleshed out proposal, but a general concept that, if adopted, would render spamming botnets basically useless.

          And it fails at that, since the botnet will simply send the spam from the accounts of pwned users.

  • If your clients really want to get your spam, simply instruct them to whitelist you during the registration process.

    Having said that, I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.

    • I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.

      People who live at school are often subject to filtering even in the dorms. So what is "their own time" to you?

      • by asmkm22 (1902712)

        They can complain to their parents for sending them there. They're kids. Sorry if I don't shed a tear over it.

      • by H0p313ss (811249)

        I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.

        People who live at school are often subject to filtering even in the dorms. So what is "their own time" to you?

        Those students should be taking the issue up with the school to which they are paying fees for the privilege of being censored.

      • by BitZtream (692029)

        Then get an ISP and stop leeching off bandwidth provided by the school at a reduced rate so you can ... LEARN.

        Oh, tepples ... didn't realize I was replying to someone as equally retarded as bennett.

        School bandwidth isn't for your porn or socializing, its for education. If you want to browse porn, pay for a normal ISP and shut the fuck up. My tax dollars aren't there to subsidize your partying. Grow up.

    • by khasim (1285)

      Or post your spam on /. as an "article". FTspammyA:

      The webinar (which you can view here), was presented by Brad Gurley, the "Director of Deliverability" for WhatCounts, who has worked in the email "deliverability" industry for 10 years.

      Just from that sentence, there is no way I would ever do business with them.

      Even if any statements in the webinar happened to be incorrect, it's still safe to assume that the presentation represents mainstream thinking in the email deliverability industry, which will determin

      • by Tom (822)

        > (I give people the option of replying with the word "unsubscribe", even though that creates some hassle for me to process those requests manually, because many of our users are on censored networks and cannot access the unsubscribe link on the peacefire.org website.)

        Setup your system to they are processed automatically. It is 2013. This is /. Please submit an "ask Slashdot" if you require assistance with that.

        That's not even worthy of an "ask slashdot" question. We've had that particular piece of technology for about 15 years (Mailman was released in 1999).

      • by gl4ss (559668)

        yeah..

        many spammers don't think they're sending out spam. yet if they're getting filtered and recipients don't even want to see the messages then what else is it than spam? "important information about important oppurtunities"?? what the hell is it if not spam?

        you're running a mailing list, it's up to you to make it worthwhile so that people don't mark it up as spam and instead mark it up as important.

    • Having said that, I don't really have much sympathy for someone who's trying to help students and employees circumvent network policy. They can watch their porn or check facebook on their own time.

      Actually at my last job I'd regularly have to "circumvent network policy" to just do my goddamn job. That policy was quite literally set by Congress, by the way, so good luck getting it fixed.

      Maybe we shouldn't apply technical solutions to these sort of non-technical problems. Maybe we should just discipline/fire

  • [I]t's another piece of evidence that free-market forces do not necessarily lead to spam filters that are optimal for end users.

    Where'd that come from? Last I checked, "free-market forces" weren't capable of programming anything. Programmers do. Nothing's preventing anyone from making a better filter.

    The "free-market forces" non-sequitur bespeaks an author with an ax to grind.

    • The free market doesn't really apply when there is near-zero cost to sending an email other than actually typing the message.

      I got greatly annoyed by a colleague who attended a seminar from a training company that had been spamming our company. Buying anything from a spam message promotes spamming, but it's clearly effective for spammers.

    • by RogueyWon (735973)

      I don't think Bennie's quite ready to be trusted with an ax of his own.

      I'm not even sure he's allowed metal spoons, since The Unfortunate Incident At Dinner.

  • What is this? (Score:5, Insightful)

    by IamTheRealMike (537420) <mike@plan99.net> on Tuesday October 22, 2013 @05:54PM (#45206781) Homepage

    Article can be summed up as, "Sending mail people actually want is soooooo hard, I have to do all kinds of privacy-invasive things and that makes me a spammer!"

    I've not seen such rambling nonsense for a long time. The guys domains appeared in spamhaus because - reality check - they are open proxies. Every single open URL redirector on the internet gets ruthlessly pillaged by spammers who are trying to avoid domain name blocks, so a URL like "http://my-proxy.com/render?url=http://buy-cheap-meds.info" inevitably lands my-proxy.com on spam-filter blacklists, because they learn that 99% of the time my-proxy.com appears in an email, that email is unwanted. URL shorteners are especially vulnerable to this.

    As to the other ideas - hey, here's a great one. How about instead of using image bugs to try and figure out if your last 50 (!!) mails were ignored, why not ask users to re-opt in every so often if they want to continue receiving your mails? Was that really so hard? Keeping a good reputation with spam filters really isn't magic, so it blows me away that people host webinars on the topic - send mail people want. That's pretty much 95% of it. The other 5%? Avoid sharing resources that get abused by spammers - like URL shorteners.

    I think Bennet may just have to give up on what he's trying to do here. If his proxies get abused by spammers to work around spam-filter URL domain reputation, then communicating lists of open proxies via email is inevitably going to break.

    • by nullchar (446050)

      I think your opt-back-in-every-N-messages is a good idea.

      Re-opting in could be done via replying to the email. This would establish a "communication" between the recipient and the sender. It should help against mis-qualifying other messages from the same sender as "spam" if there is a thread.

      For example, Thunderbird's junk filtering allows you to whitelist your addressbook. Thus, these users should be encouraged to add his sender(s) to their addressbook. Replying to a few messages might do this (depending o

      • Actually, that's why I have my mailing list set up so that when someone joins the mailing list and replies to the confirmation message, the confirmation message reply goes to my personal email address (where a filter catches it and puts it in a mailbox so a script can mark those people's subscriptions as "confirmed"). My personal email address is also the address that I send the list messages from.

        I was hoping this would mean that the user's mail client would see that they're already "communicating with"
        • by nullchar (446050)

          That's a bummer that the bi-directional communication does not help with your filtering.

          However, asking the user to add your address to their address book may help.

          You may also consider dividing your list up with multiple sender/receiver pairs. Subscriber A would get the email from your Sender A, and reply to her. Subscriber B would get the email from your Sender B, and reply to him. At least total counts from Sender A would be lower than a single Sender.

          I'm assuming you are also using SPF (v1 and v2) and D

        • by nullchar (446050)

          In addition to SPF and DKIM, you should also publish DMARC [dmarc.org] records for your sending domain(s). This way, you can receive failure reports from the major providers that support DMARC.

          (DMARC is a DNS TXT record just like SPF, but you list a 'mailto' URI to receive failure and aggregate reports of problem messages.)

  • by fatboy (6851) on Tuesday October 22, 2013 @05:54PM (#45206787)

    is this a non-problem?

    • by H0p313ss (811249)

      is this a non-problem?

      Not a problem for me, but then I'm neither sending newsletters that look like spam nor wanting to read newsletters that arrive by email that look like spam. In fact if my mail gateway would automatically filter all the newsletters I manage to accidentally subscribe to I would be happier.

      Sounds to me like an outdated means of communication whose time has come and gone (a decade ago?), these days if people want to read your content they can "go get it" with the click of a mouse on a bookmark, you don't have t

    • t I don't think the rest of us newsletter publishers should be penalized for not asking for it.

      No one here gives a shit. My advice is go talk to people who have the most to gain from allowing opt-in content. Namely, the major mail providers.

      Bennet went to some marketing demo, got his panties in a bunch, and then as usual complains to Slashtards. We can't help him.

      So yeah, non-problem.

      I tried not to reply, but asshattery is hard to not reply to.

  • Then when he asked why... no answer. I originally checked this post out thinking there might be value, and I was wrong.
  • Whenever I send or receive a URL in the first email exchanged, I wind up checking the spam folder in webmail (Yahoo, Gmail) because that's where it winds up half the time. After having it transferred to the Inbox, there's rarely another issue of getting any mail from them. Meantime, we've all had outright spams get through the filters, server-side or client-side, because the author tried hard to make it seem more like a human sent something you wanted to see. But I do wonder how a spam reply from Craigsl

  • You have a newsletter and problem being misfiled as spam? Put each new issue online (you probably do already) and offer an RSS feed with it. Some people greatly prefer RSS to a periodic email, and you can point people to it if they tell you the emails are getting blocked.

    • by nullchar (446050)

      The point is most people who receive the proxy list by email cannot simply view the website or RSS feed showing proxies.

      • by JanneM (7445)

        It's a real stretch to call a one-line proxy announcement that fits in the subject a "newsletter", though. It's quite the special case. The presentation he refers to was about a much more general situation with traditional, actual newsletters.

        In his specific case he could put the information in the body of the email, thus forcing people to open it; or he could offer alternative delivery mechanisms through SMS or other channels alongside email for those that get caught out by spam filters.

    • by RogueyWon (735973)

      Don't go offering practical solutions; you might get in the way of a perfectly good uninformed moan.

  • by Tom (822) on Tuesday October 22, 2013 @06:43PM (#45207183) Homepage Journal

    You know, if you get frequent run-ins with anti-spam tools, then maybe they are all stupid and broken and need to be re-examined - or, maybe, you need to re-examine the way you work, including the tough question of maybe you ARE a spammer?

    The #1 red flag for any conspiracy theory, crackpot or pseudo-science is always the attribution of blame exclusively to outside forces. If nobody listens to you, it must be because of a conspiracy to cover things up, or the establishment trying to put you down, or whatever.

    As other posters have outlined: You had open proxies, thus you rightfully belonged on the blocklists. If you re-examine your other problems, you might also find that everything works as it should in the anti-spam world, except for the spammers.

    • If you're sending mail only to people who have signed up to receive your mails and replied to the confirmation message, then you're not a spammer, are you?

      Saying "open proxies properly belong on blocklists", you might be confusing open SMTP relays (where most mail originating from them is spam, which is why they're blacklisted) with open web proxies (where most emails containing the name of the proxy site, are not spam).

      You realize that the guy who said our mails were blacklisted because some spammer ha
      • by Rockoon (1252108)

        If you're sending mail only to people who have signed up to receive your mails and replied to the confirmation message, then you're not a spammer, are you?

        That depends on if they have the unconditional authority to make those decisions about that email address. Clearly in every case that you are bitching about actual frequent ("systematic") spam filter problems, the user themselves never had any pretense of unrestricted email access. Work email accounts, university email accounts, free email accounts, and so on.

        An alternative to your theory that you are the victim of anti-spam technology is that you and the service owners are both victim of the people that

        • If you're sending mail only to people who have signed up to receive your mails and replied to the confirmation message, then you're not a spammer, are you?

          That depends on if they have the unconditional authority to make those decisions about that email address.

          Not under any commonly accepted definition of "spam".

          Under virtually every commonly accepted definition, you're not a spammer if you receive the email owner's consent to send them mail (as verified by them replying to a confirmation message that was sent only to them). It's not your responsibility to determine whether the email address owner had the "right" to make decisions about that email address.

          Otherwise, every email sender in the world could be branded a "spammer", if someone happened to subscrib

          • by Rockoon (1252108)
            Your problem is that you don't know what "owner" means with regard to email accounts.

            That email account I have at work doesn't belong to me, yet I can subscribe to your shit. You claim that I am the owner and have given you permission to send your shit if I subscribe. The reality is that I am not the owner and the owner has not given you permission to send your shit, even if I have subscribed.

            You really don't seem to understand much about the shit you are doing. The thing is that what you are doing is f
      • by gl4ss (559668)

        oooh... if it only were so.

        people will regard hot spam just as much spammy as cold spam. even more so, because with cold spam I might not know of the service.

        with hot spam I know of the service. but hot spam is sent out to "remind" me that the service exists. the way the "optimizer" web admins do it is that since they have stats that they get more hits on the day they send out spam then it must be working! never mind if people will never return then again because the notice the spam was indeed spam and the

      • by Tom (822)

        Glad to see you are willing to re-examine your position.

        Your original post lacks numbers. I sent out 35,000 mails recently, to people who had signed up with one of my online services, and had absolutely no trouble with any anti-spam filters except that delivery took a while for sites who throttle you.

        Unless you're doing several times that volume, you must be doing something horribly, horribly wrong. And asking spammers for advise is to me a good indication of what's wrong. These fucking assholes make a livi

        • WhatCounts does deliverability for non-spammer clients. If they were delivering messages for spammers, their sending IPs would end up blocked at most of the sites that they're trying to deliver mail to.

          Perhaps people heard "deliverability services" and assumed that must be talking about spammers. But legitimate senders have trouble getting past spam filters too, that's why they need "deliverability services". Since the company I was talking about sends to verified-opt-in mailing lists, I think that nega
          • by Tom (822)

            But legitimate senders have trouble getting past spam filters too, that's why they need "deliverability services".

            I call bullshit on that one. I used to work for a company with about a million customers. Spam filters were never anyones concern, the reason external partners come up for delivery is that you need mail servers tuned to handling high-volume messages like that with all the greylisting and delays and bounces.

            If you have trouble getting past spam filters, then I maintain the reason is most likely that you are too close to actually being a spammer. Might not be the customer side (i.e. they may all have signed u

    • Tom,

      Hey, it's been a while. Remember me? We were friends on MySpace a few years back. I've moved on to a new social service. Do you want to join me on Friendster?

      Take care,

      Seth
      • by Tom (822)

        That's the weirdest thing I got this year, especially because I never had a MySpace account in my life and always avoided it like the plague.

        • I apologize for the weak humor in that comment. I don't have a mySpace account, either, but it seems that all mySpace users would by default be connected with a guy named 'Tom' who was one of the founders of the company. 'Tom' was friends with everyone on the service.
          • by Tom (822)

            That's an... interesting way to increase your friend count. Don't tell Zuckerberg.

  • by Lehk228 (705449) on Tuesday October 22, 2013 @07:31PM (#45207605) Journal
    stop using email for mailing list subscriptions entirely, this would be more appropriately handled through RSS. however that would require actual opt-in instead of "we got you to click on yes so you are opted in"
  • Can you please quit posting this morons thoughts like he is someone who matters? Is he one of the DICE flunkies or something? No one gives a shit about his ignorance. Just because he created a couple websites doesn't mean he has a clue or is authoritative on any subject, including the ones he's created the websites for.

    Yes, I know who he is.

    Yes, he's a fucking idiot. Stop posting his ridiculous diatribes.

  • But that's what my mom did for years! A typical email from her:

    From: Mom
    To/CC: Me, "Me", <Me"
    Subject: home

    Body:
    dio you wants us to come
    go on youtub theres a nice video
    your mom

    And my spam filters aren't filtering those.

  • Bennet Haselton isn't Jon Katz 2.0.

    Katz's mindless ramblings were at least occasionally interesting.
    The editors had the good sense to list Katz as an editor himself so that he could be filtered away.

    Curse myself for not noticing the submitter before clicking the link. Curse /. and especially soul kill for making it necessary for me to read who the submitter is.

  • Spam is an economic problem. People will respond to this by praising their favorite spam filters, and ignoring the obvious fact that the filters don't solve the problem, and never will solve the problem. Spam is present not to piss you off but because spammers make money by sending it out. If you truly want to stop spam, no number or combination of technical fixes, legislative proposals, public executions, user education, or forum posts will do. The one and only way to stop spam is to prevent the spamme
  • by martin-boundary (547041) on Wednesday October 23, 2013 @06:40AM (#45210597)
    Just because you think you're not a spammer doesn't make you not a spammer.

    Spam is in the eye of the beholder, and that's not you.

    So chill out, accept that your newsletter isn't the best thing since sliced bread, and that the fact you're sending it to someone who was probably tricked into subscribing, but changed their mind once they read the first paragraph, doesn't make it legitimate for all time or any time at all.

    The Internet doesn't owe you a living. Don't send out your messages, make a website and leave them there. If people want to read them, they'll come. Peace.

    • by neminem (561346)

      Yes, it does make it legitimate. It doesn't make it a good newsletter, but it does make it legitimate. If they signed up for it, the email contains an obvious unsubscribe, and clicking on it and hitting submit on the resulting page makes you no longer get the newsletter, then it's not spam, period, end of story.

      How would you like it if some newsletter you *did* want to get stopped coming to you because somewhere up the chain, some automated process decided it was spam and bounced it?

      Is it possible some peop

  • In my humble opinion BH does some truly admirable work documenting abusing blocking and documenting/creating ways around blocking.

    I'm a strong supporter of the old cyberpunk credo: "Information want to be free". I'm opposed to all filtering and blocking, no matter if it's stupid parents that think that their child benefits from living in a rose-colored bubble completely unaware of the real world and possibly unable to find support for whatever 'deviant' thoughts he or she might have, or employers that think

  • I block Bennett's stories from appearing.

    Bennett gets someone else to post his drivel.

    Bennett is getting around a filter that was put in place, via Slashdot's own system....and is therefore evading. To talk about how to get around filters.

    Anyone else see the irony here?

  • How do I block it?

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."

Working...