For our userbase with yahoo/hotmail/aol accouts they hit the spam button more often than delete. Then complain they do not get emails anymore from us, then want discounts on a bill of sale they missed. It is a never ending story.
With a large enough userbase, misdirected spam complaints become far
less of a factor.
Lets put it this way .. one or two users can forget and report the
same email as spam. If a whole bunch of users do that, not just a
few, then either two things.
1. You have a problem
or
2. There's a mass outbreak of alzheimers and all our users forgot
Again - that's with a large enough userbase and with marketing content
sent in bulk.
Deliverability problems for lower volume is tougher to troubleshoot
and it could be because of various other reasons than just complaints.
--srs (mailops IS operational and belongs on nanog)
Another interesting side effect of that is email forwarder accounts.
Take a user who gets a domain on our shared hosting setup and forwards
the email for certain users to a Yahoo account. If those mails are
marked as spam, it seems to be our server that gets blacklisted rather
than the originating server.
No surprise. Guess whose IP is the one handing off to yahoo?
If you have forwarding users -
* Spam filter them to reject spam rather than simply tag and forward it.
* Isolate your forwarding traffic through a single IP, Let ISPs know.
Feedback loops often aren't that useful either. We're on the AOL Scomp
feedback loop, and we've often got fairly personal email sent to our
abuse desk because the users simply press spam rather than delete.
You have a far smaller userbase, and a userbase you know. For us, with
random nigerians and other spammers signing up / trying to sign up all
the time, FBLs are invaluable as a realtime notification of spam
issues.
And as I said random misdirected spam reports wont trigger a block as
much as your leaking forwarded spam. Or your getting a hacked cgi/php
or a spammer installed direct to mx spamware. [so if you are cpanel -
smtp tweak/csf firewall and mod_security for apache should be default
on your install if you havent already done so]
-srs
Funny we were just having similar conversation on mailop.org 
. Suresh is right about the feedback loops (you also should subscribe to comcasts/hotmails/trend micro's (mail-abuse.com)). If you don't have an external gateway that makes doing reports easy then they are a good way to find out when spam problems arise, such as the pesky Nigerian spammers who constantly find new ways to thwart all anti-fraud checks prior to creating the accounts. One thing that I did, when being an email admin for a very large shared hosting company, was when I ran reports of emails going to @yahoo.com I took the top 10 or so recipients and figured out who had the forwarders setup to send to them. I talked to the customer and even gave them alternative solutions (such as giving them 6months free for Postini inbound anti-spam service for that forward account). The worst ones were those who had catchalls setup to forward to their spam@yahoo.com account, those simply got notified that it was removed.
-r
We pretty constantly are deferred on yahoo, and at one point had all outbound mail for yahoo logged at the sender/recipient/subject/size level to get an idea what was up.
In an experiment, I found that after being 'clean' (not being deferred) for close to a week, simply sending myself 1 single email, then hitting spam in the yahoo box was enough to get us being blocked for another 24 hours.
I would sign up for a FBL if they had one; I find the others I have very valuable (though about 90% of what I get back is 'spam rather than delete' ).
Ray Corbin wrote:
Feedback loops often aren't that useful either. We're on the AOL Scomp
feedback loop, and we've often got fairly personal email sent to our
abuse desk because the users simply press spam rather than delete.
AOL's Scomp is spam it's self. If I read though 100 messages maybe one
message is really spam. The other 99 are jokes, regular emails, maybe a
news letter from their church, etc. Most people are lazy and would rather
click on the Spam button instead of unsubscribing for a list they subscribed
to in the first place.
Richey
It depends on your environment. I've seen where it is helpful and where it is overwhelming. If you are a smaller company and want to know why you keep getting blocked then those should help. If you are a larger company and get a several hundred a day, but you send 100k emails to AOL then it is not as big of a deal. If you are a shared hosting provider and you get a lot of them you should look into what is being sent to AOL, such as forwarded spam from customers 'auto forwards' (isolate the auto forwards to a separate IP address and simply don't sign up for the FBL for it).... If you have a good setup where only customer-originated email is being sent through the IP's you have a FBL on, then it is useful and you shouldn't get as many complaints.
-r
My favorites for AOL Scomp reports are when people report sub/unsub as spam, then send nasty e-mails 20 minutes later that they either never got confirmation of what they did, or that it never actually removed them.
Had one user in particular, who reported mailing list as spam, purged them from said list myself, then 30 mins later signed back up, reported the subscription confirmation as spam, then complained after I removed him again.
Not exactly brightest bulb some of them are.
Why the hell can't AOL integrate the standard listserv commands integrated
into many subscription emails into a friggin' button in their email
client, right next to "Spam" (or even in place of it) that says
"Unsubscribe?"
I realize it could be used badly if globalized, but if AOL got off their
duff and vetted some of the higher volume truly honest subscription
emailers and allowed their emails to activate the Spam->Unsub button, it
might save everyone some headaches.
Because a lot of spammers would prefer that people simply unsub from
their lists rather than they get blocked?
And because unsub urls could lead to a lot of nastiness if theres a
truly malicious spammer?
And because .. [lots of other reasons]
There are a few (sender driven) initiatives to move towards a trusted
unsubscribe, but ..
--srs
Peter Beckman wrote:
Seth Mattinen wrote:
In a perfect world, the spam button would only affect delivery to that
user, not everyone. Especially when they go all rabid click crazy on the
spam button for personal correspondence from their mom.
I accuse postini of having exactly this vulnerabillity - that one user classing mail as spam automatically means it marks all other mail from that user to everyone else. There really outta be some transparency here so that everyone understands the how and the why of 'spam' classification.
Mike-
I like to imagine the consequences of forwarding spam complaints to my
users when I can be sure who sent the original message. That ought to
reduce the number of people who mark messages from friends / family /
colleagues as spam...
Tony.
Maybe its me...but I don't recall seeing a 'this is spam button' for Postini. I know there is an email you can report spam to, but I doubt there is an automated process for it. I have had great success with Postini thus far and have used them for a few years.
-r
I realize this is easier in theory than practice but I wonder how much
better the whole AOL (et al) spam button would get if they ignored the
spam button unless two (to pick a number) different customers clicked
the same sender (I know, forged sender etc but something like that) as
spam in a reasonably short amount of time like an hour or a day at
most.
I know of the 99.99% false positives I get I am pretty sure if the
threshold were two related complaints it'd get rid of, well, probably
99.99% of them (percentages not scientifically accurate!)
Ok, that's not an algorithm but I hope you see my point.
My point is that what makes spam "spam" is not that some one clicks a
spam button, it's that more than one person, and just two might be a
sufficient threshold in practice, believes it's spam. At least from
the POV of a network operator trying to id spam sources from spam
button clicks.
If they ever get it down to fretting about spams really sent to only
one AOL (et al) customer then one could revisit this idea.
P.S. I thought about this a little and decided it's more in the realm
of network operations than spam per se, the same idea could be applied
to any number of customer-reported problems which ripple outwards.
It reminds me of years ago when I worked with the Boston Fire Dept and
as you ran for the trucks the sure sign there really was a fire was
fire alarm shouting over the house loudspeaker "CALLS COMING IN!"
which meant hq was getting more than one unrelated report (fire box,
phone) in the same general location. Then your heartbeat increased.
That is, one call, who knows, two or more unrelated? Must be
something.
> For our userbase with yahoo/hotmail/aol accouts they hit the spam > button more often than delete. Then complain they do not get emails > anymore from us, then want discounts on a bill of sale they missed. > It is a never ending story.
>I realize this is easier in theory than practice but I wonder how much
better the whole AOL (et al) spam button would get if they ignored the
spam button unless two (to pick a number) different customers clicked
the same sender (I know, forged sender etc but something like that) as
spam in a reasonably short amount of time like an hour or a day at
most.I know of the 99.99% false positives I get I am pretty sure if the
threshold were two related complaints it'd get rid of, well, probably
99.99% of them (percentages not scientifically accurate!)Ok, that's not an algorithm but I hope you see my point.
My point is that what makes spam "spam" is not that some one clicks a
spam button, it's that more than one person, and just two might be a
sufficient threshold in practice, believes it's spam. At least from
the POV of a network operator trying to id spam sources from spam
button clicks.If they ever get it down to fretting about spams really sent to only
one AOL (et al) customer then one could revisit this idea.
Barry, there's also the honest accidental emailings that are being clicked as spam as well. In the days of old, spam was unsolicited bulk email. The problem that I see currently is what is Sally in Florida is sending mail to joe@thisdomain.com, hosted by yahoo, when they should have sent it to jjoe@thisdomain.com or joel@thisdomain.com and the recipient clicks it as spam. Bam, Sally's now a spammer in the eyes of yahoo.
This is not much different in practice than what Spews used to do. Blow out an entire /16 to stop what they "percieved" as spam from someone deep in the trenches, without very little recourse to remove yourself from the axe path unless you switched providers.
Barry Shein wrote:
I realize this is easier in theory than practice but I wonder how much
better the whole AOL (et al) spam button would get if they ignored the
spam button unless two (to pick a number) different customers clicked
the same sender (I know, forged sender etc but something like that) as
spam in a reasonably short amount of time like an hour or a day at
most.
Well there's a problem with that too.
Lets say that you happen to need to deal with various office workers, who just happen to be the kind of folks who hold the public they serve in low regard and high contempt. Lets further say that these office workers feel no obligation to obey the law or demonstrate any consideration whatsoever for you or the trouble their callous inconsideration actions have caused you, requiring that you repeatedly and persistiently make contact and state your case. Lets further say that these same office workers - who are incompetent functionaries bewildered by that pointy thing on the screen and have zero forethought about the consequences of their actions - decide it's easier to deal with you by clicking 'spam' repeatedly instead of engaging in that conversation and working twords a resolution of the problem you need to report.
We forget here on nanog that our list participants are (usually) high functioning people with substantial computer, technical, communications experience and who approach their personal communications a lot differently than the average 'end user', who has difficulty even finding the 'on' button let alone using it to any great effect. I run into the above described office worker stereotype on a frequent basis (the bearer of bad news, or having to represent someone or some cause) and the default action - spam - is almost universal amoungst these types. Just because THEY say it's spam, doesn't mean a whole lot of anything other than maybe you interrupted their coffee break or it would be too much work and maybe someone else will get the message so they don't have to do anything.
The idea of using a group of users to effectively 'vote' only works when the group in question is comprised of reasonable people, and unfortunately, freemail users and office workers 'protected by postini' are the least likely candidates to make reasonable choices with votes for spam.....
$0.02
Mike-
Why the hell can't AOL integrate the standard listserv commands integrated
into many subscription emails into a friggin' button in their email
client, right next to "Spam" (or even in place of it) that says
"Unsubscribe?"Because a lot of spammers would prefer that people simply unsub from
their lists rather than they get blocked?And because unsub urls could lead to a lot of nastiness if theres a
truly malicious spammer?And because .. [lots of other reasons]
I realize it could be used badly if globalized, but if AOL got off their
duff and vetted some of the higher volume truly honest subscription
emailers and allowed their emails to activate the Spam->Unsub button, it
might save everyone some headaches.
As I said (but you clipped), the suggestion could (and would likely) be
abused if turned on globally, but if AOL vetted some of the more popular
subscription mailings where people were clicking spam rather than
unsubscribe for trusted sources, it could work.
There are a few (sender driven) initiatives to move towards a trusted
unsubscribe, but ..
I think in order for an Unsubscribe button to be implemented by Gmail,
Yahoo, AOL, etc, there would have to be some sort of internally reviewed
list of trusted senders for which each company had a mail admin contact
for (technical implementation not applicable for this discussion).
Working together to communicate openly about subscription email with
trusted parties would help (in theory) to reduce the effects of clueless
end users who lazily click "Spam" and cause headaches for both senders and
receivers of legitimate subscription email.
Beckman
Why the hell can't AOL integrate the standard listserv commands
integrated into many subscription emails into a friggin' button in
their email client, right next to "Spam" (or even in place of it)
that says "Unsubscribe?"
AOL sends its spam button feedback in industry standard ARF format. It
took me about 20 minutes to write a perl script that picks out the
relevant bits from AOL and Hotmail feedback messages and sends unsub
commands to my list manager.
As to why they don't have a separate Unsub button, users wouldn't use
it. AOL are not stupid, they know that people hit the spam button for
all sorts of reasons, many of which have only the vaguest connection
to spam. If you run a small well-run network, the only stuff you're
going to see from the spam button is unsubs and false alarms. That
doesn't mean the spam button is broken; it means that you're not the
kind of sender they're worried about.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
Cool! Didn't know that. My props to AOL and Hotmail for making it easier
for mail admins to deal with claims of spam. Your point on "Users wouldn't
Use it" makes sense, they wouldn't.
Beckman