Think long and hard about what spam filtering/blocking systems you utilize, especially if you have users that care about what mail they receive.
I run a bunch of closed-loop opt-in systems for my employer. Periodically Spamcop somehow decides that one of the systems is a source of spam, even though it isn't.
The server, at 208.248.77.244, has been listed at least 3 times in April and May 2003. Check for yourself here. (I've archived the source locally for reference in case the info goes away.)
The first time it happened, I talked to about 20 different site admins. I got a wide variety of replies. Some were kind enough to whitelist the IP or domain. Some actually didn't realize that Spamcop misfired like that, and discontinued their use of the Spamcop blacklist.
Sadly, a couple of the replies showed that some people just don't understand how it works. Here's an excerpt from one of the replies from a medium-sized ISP.
The reason your [sic] are being listed on SpamCop is because a lot of your recipients deem your mailing as unsolicited. Unsolicited means that the recipient has not granted verifiable permission for the message to be sent.Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
The problem is, I explained, is that you gain verifiable permission through the use of a confirmed opt-in process, aka closed-loop, aka double opt-in. And that's what this server does. None of the stated metrics apply here; the original listing resulted from two spam complaints, both of which were erronious. "Two" is a poor guess at bulk.
Spamcop tries to guess if a site is sending spam based on a metric measured by how much of the server's mail is reported as spam. Here's why that doesn't work.
Invalid reports. I've worked in a spam prevention capacity for various companies and on various anti-spam group projects. From way back to when I started the RRSS relay blocking list, our biggest problem was people sending in incorrect reports. Intentionally or not, people sent in things that weren't really spam, weren't really relays, sent in the same report over and over, and even faked headers to try to get us to block sites. The lesson here is that unsubstantiated complaints are a worthless measure alone. They need to be coupled with expertise, insight, and investigation by the blocking list operator. That is NOT the case with Spamcop; it's purely complaint driven. There is no manual oversight before a listing takes place.
Spamcop's measurements are invalid. In our case, 2 complaints were measured against 179 total pieces of mail over the previous 7 days. That's approximately a 1.1% complaint ratio, and if that were correct, it would be high. The problem is that it's not correct. The server had served approximately 10,000 subscription confirmations in just the previous 12 hours, and handled somewhere around 70,000 subscription confirmations in the past 7 days. You come out with a vastly different metric in that instance.
Metrics are a poor indicator of poor practices. If you say that you have to have a 2% complaint ratio before you take action against a spamming client, you're saying that you'll let them spam forever as long as they stay under the radar. What's more important is this question: What does the complaint, and your investigation, reveal?In my job, I regularly take action with clients to resolve their problems way before any sort of metric is hit. If I get one complaint about somebody and that complaint shows me that they're doing something against best practices, then it's in my best interest to fix it or make it stop. Obviously this varies under different circumstances.
My specific problem with lists like Spamcop is that they take bad measurements and try to sell them as good. If you want to use the list to block mail, that's your right. You can block all mails containing the letter "h" if you want. However, just like any other choice, the more you know about it, the better able you are to make an informed decision.
(Note: This is out of date. Click here for a much more up-to-date commentary from me about Spamcop.)
Think long and hard about what spam filtering/blocking systems you utilize, especially if you have users that care about what mail they receive.
I run a bunch of closed-loop opt-in systems for my employer. Periodically Spamcop somehow decides that one of the systems is a source of spam, even though it isn't.
The server, at 208.248.77.244, has been listed at least 3 times in April and May 2003. Check for yourself here. (I've archived the source locally for reference in case the info goes away.)
The first time it happened, I talked to about 20 different site admins. I got a wide variety of replies. Some were kind enough to whitelist the IP or domain. Some actually didn't realize that Spamcop misfired like that, and discontinued their use of the Spamcop blacklist.
Sadly, a couple of the replies showed that some people just don't understand how it works. Here's an excerpt from one of the replies from a medium-sized ISP.
The problem is, I explained, is that you gain verifiable permission through the use of a confirmed opt-in process, aka closed-loop, aka double opt-in. And that's what this server does. None of the stated metrics apply here; the original listing resulted from two spam complaints, both of which were erronious. "Two" is a poor guess at bulk.
Spamcop tries to guess if a site is sending spam based on a metric measured by how much of the server's mail is reported as spam. Here's why that doesn't work.
- Invalid reports. I've worked in a spam prevention capacity for various companies and on various anti-spam group projects. From way back to when I started the RRSS relay blocking list, our biggest problem was people sending in incorrect reports. Intentionally or not, people sent in things that weren't really spam, weren't really relays, sent in the same report over and over, and even faked headers to try to get us to block sites. The lesson here is that unsubstantiated complaints are a worthless measure alone. They need to be coupled with expertise, insight, and investigation by the blocking list operator. That is NOT the case with Spamcop; it's purely complaint driven. There is no manual oversight before a listing takes place.
- Spamcop's measurements are invalid. In our case, 2 complaints were measured against 179 total pieces of mail over the previous 7 days. That's approximately a 1.1% complaint ratio, and if that were correct, it would be high. The problem is that it's not correct. The server had served approximately 10,000 subscription confirmations in just the previous 12 hours, and handled somewhere around 70,000 subscription confirmations in the past 7 days. You come out with a vastly different metric in that instance.
- Metrics are a poor indicator of poor practices. If you say that you have to have a 2% complaint ratio before you take action against a spamming client, you're saying that you'll let them spam forever as long as they stay under the radar. What's more important is this question: What does the complaint, and your investigation, reveal? In my job, I regularly take action with clients to resolve their problems way before any sort of metric is hit. If I get one complaint about somebody and that complaint shows me that they're doing something against best practices, then it's in my best interest to fix it or make it stop. Obviously this varies under different circumstances.
My specific problem with lists like Spamcop is that they take bad measurements and try to sell them as good. If you want to use the list to block mail, that's your right. You can block all mails containing the letter "h" if you want. However, just like any other choice, the more you know about it, the better able you are to make an informed decision.Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.