You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2014/08/11 21:02:38 UTC
Opinions needed on what to consider spam
Hi,
Hopefully you'll consider this a related question, as I would really
appreciate your input. We periodically have users that complain about
receiving email they believe to be spam, but it looks to be legitimate. One
current case was an email received from Computer Associates. It passed
through CA's servers. There's a pastebin for it below.
Another was one of those mass-mailing training seminar bulk messages. If
the test rules had any real score, it probably would have been tagged:
T_AXB_XM_SENTBY=0.01, T_FSL_ABUSED_WEB_1=0.01,
T_FSL_HELO_NON_FQDN_2=0.01, T_FSL_UNSUB_RATWARE=0.01,
T_HEADER_FROM_DIFFERENT_DOMAINS=0.01, T_NOT_A_PERSON=-0.01
The domain is legit and it looks to be a real company. Are these the types
of messages where the business purchases a list from a bulk mailing company?
Do you consider marketing emails such as these to be spam, and should they
be marked?
The user also submitted a message with about 400 recipients and a
completely blank body. This was probably a broken attempt by a spammer to
send something, but it should have been caught. Should there be a meta to
catch that?
# CA email
http://pastebin.com/5H5wwfHb
# training email
http://pastebin.com/B9Mfqjgr
Any ideas greatly appreciated.
Thanks,
Alex
Re: Opinions needed on what to consider spam
Posted by Steve Bergman <sb...@gmail.com>.
On 08/13/2014 10:04 AM, Antony Stone wrote:
> Which is why we can't rely on them to unsubscribe, and need another way of
> stopping it coming in.
When they complain, why not tell them to unsubscribe? Perhaps my view is
clouded by the fact that I have 1 mail server and 100 users, and not 100
mail servers and 100,000 users. But I am a lone admin. And I tell people
to unsubscribe from emails which look reasonably legit to them, and to
mark the stuff that doesn't look legit as Junk (which trains SA via
Dovecot-Antispam).
Re: Opinions needed on what to consider spam
Posted by Daniel Staal <DS...@usa.net>.
--As of August 13, 2014 11:25:26 AM -0400, David F. Skoll is alleged to
have said:
> I believe that unsubscribing is safe. If the list owner is legitimate,
> unsubscribing will work. If the list owner is a spammer, he/she already
> has your email address and I don't believe spammers track the validity
> of addresses anyway. (Safe doesn't mean effective, of course!)
>
> The only case in which unsubscribing is dangerous is if you
> unsubscribe from a previously-unknown address. That'll get you added
> to spammers' lists.
--As for the rest, it is mine.
There is a third case I've seen on occasion, that hasn't been discussed:
Unsubscribe via web. Many legitimate sites use it - to unsubscribe you
click a link and go a web site, which gives some option to unsubscribe.
(Often from multiple lists, or something similar.)
But these are *not* safe if the mail isn't 'legitimate': I have also seen
the link go to a site filled with malware; the unsubscribe link then is the
real attack.
I'm still split on unsubscribe-via-email, but I don't consider it actively
hazardous. Unsubscribe-via-web can be.
Daniel T. Staal
---------------------------------------------------------------
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------
Re: Opinions needed on what to consider spam
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Wed, 13 Aug 2014 17:11:32 +0200
Axb <ax...@gmail.com> wrote:
> On 08/13/2014 05:04 PM, Antony Stone wrote:
> > For the Nigerian 419 spam, the last thing you want to do is reply
> > to it :)
> unsubscribe doesn't mean "reply"
The point is that any unsubscribe mechanism must of necessity inform
the list owner that your email address really does work.
I believe that unsubscribing is safe. If the list owner is legitimate,
unsubscribing will work. If the list owner is a spammer, he/she already
has your email address and I don't believe spammers track the validity
of addresses anyway. (Safe doesn't mean effective, of course!)
The only case in which unsubscribing is dangerous is if you
unsubscribe from a previously-unknown address. That'll get you added
to spammers' lists.
Regards,
David.
Re: Opinions needed on what to consider spam
Posted by Alex <my...@gmail.com>.
Hi,
>> For the Nigerian 419 spam, the last thing you want to do is reply to it
:)
>
> unsubscribe doesn't mean "reply"
>
> where I sit, if you can't unsubscribe with ONE click, they get the hard
block
All of this doesn't translate to the end-user, though. There's no way I
could ever set up a set of rules, in the form of an end-user doc, that
could be used to describe when to unsubscribe and when not to, and under
what conditions an email can be trusted and when it shouldn't (beyond what
they already know about when to trust a website and when not to).
I can't even tell you how many times I get emails from "Lead IT Technician"
that includes a forwarded message from an end-user where the only thing in
the body includes "This user is complaining they received a spam". This
Lead IT guy can't even investigate himself whether it's spam, or have
enough sense to instruct the end-user on what to do.
>> Which is why we can't rely on them to unsubscribe, and need another way
of
>> stopping it coming in.
>
> Most "bulkers" have nice dedicated X headers which you can use to
tag/reject
And that can't be easily spoofed? Or do you mean mail from ConstantContact,
for example? Those can already be blocked on Received headers. They're also
normally pretty reputable, so it's tough to just outright reject those.
What about those emails, which are most certainly unsolicited, from people
selling marketing lists? Or VoIP phone systems? They are legit, have legit
unsub links and web sites, phone numbers, etc. But they're unsolicited.
Shouldn't there be SA rules to block these already? Our users never
complain about them, because I just think they don't know they're not
unsolicited and think they somehow got signed up for something.
Thanks everyone for the great conversation.
Alex
Re: Opinions needed on what to consider spam
Posted by Axb <ax...@gmail.com>.
On 08/13/2014 05:04 PM, Antony Stone wrote:
> For the Nigerian 419 spam, the last thing you want to do is reply to it :)
unsubscribe doesn't mean "reply"
where I sit, if you can't unsubscribe with ONE click, they get the hard
block
>> >That's true, but a lot of users (I've done it myself) forget that they've
>> >subscribed to something, especially if it's really low-volume.
> Which is why we can't rely on them to unsubscribe, and need another way of
> stopping it coming in.
Most "bulkers" have nice dedicated X headers which you can use to tag/reject
Re: Opinions needed on what to consider spam
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Wednesday 13 August 2014 at 16:51:28 (EU time), David F. Skoll wrote:
> On Wed, 13 Aug 2014 16:43:29 +0200
>
> Antony Stone <An...@spamassassin.open.source.it> wrote:
> > - spammers who get unsubscribe responses will use that to confirm
> > the address and send more, therefore unsubscribing to them is a bad
> > idea
>
> I wonder how often this happens. This implies that spammers actually care
> about the quality of their lists, which I don't think is true. It's so
> cheap to use a botnet to blast out spam that I bet most spammers keep using
> addresses forever and don't bother trying to validate them.
I think this goes back to the question "what is spam?"
If you're talking about email promoting Viagra, Fake watches, Lottery wins, or
Russian brides, then I completely agree with you.
On the other hand, the mass-marketing newsletters which are selling dubious
(but real) products and services are just as unwanted by the end users, but
are probably trying to manage their own address lists at least slightly
sensibly.
I'm undecided about the Paypal / Bank / Amazon credit card number hoovering
schemes - although by gut feeling is they put more effort into the comprmised
websites than they do with the address lists, because if they get someone
once, they've scored, they don't need to repeat to the same address.
For the Nigerian 419 spam, the last thing you want to do is reply to it :)
> > Therefore users should be encouraged to unsubscribe from things they
> > really did subscribe to, but otherwise MTA rejection of what looks
> > like spam should reduce the quantity of both spam mass-mailings and
> > genuine newletters etc.
>
> That's true, but a lot of users (I've done it myself) forget that they've
> subscribed to something, especially if it's really low-volume.
Which is why we can't rely on them to unsubscribe, and need another way of
stopping it coming in.
Antony.
--
"A person lives in the UK, but commutes to France daily for work.
He belongs in the UK."
- From UK Revenue & Customs notice 741, page 13, paragraph 3.5.1
- http://tinyurl.com/o7gnm4
Please reply to the list;
please *don't* CC me.
Re: Opinions needed on what to consider spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On Wednesday 13 August 2014 at 16:14:06 (EU time), Matus UHLAR - fantomas
>wrote:
>> call an unsubscribe-hook _and_ train as spam.
>> Should be viable for both solicided an unsolicited mail.
>>
>> Or, does anyone think that unsubscribing spam is counter-productive still?
On 13.08.14 16:43, Antony Stone wrote:
>Rejecting spam at the MTA can be good for this:
I was talking about mail that already came to the mailbox and thus can't be
rejedcted anymore.
> - spammers who get unsubscribe responses will use that to confirm the address
>and send more, therefore unsubscribing to them is a bad idea
It was afaik already proven that sensding "unsubscribe" mail from new
address (nobody knows about) caused spam going to the address.
I was asking if you find this still to be true.
>Therefore users should be encouraged to unsubscribe from things they really
>did subscribe to, but otherwise MTA rejection of what looks like spam should
>reduce the quantity of both spam mass-mailings and genuine newletters etc.
I agree, the unsubscribe button should be shown to user whenever an
unsubscribe link is detected (at least the one in List-Unsubscribe: header)
Note that unsubscription confirmation request should not be tagged as
spam, so the user can confirm it.
I see here possibilities for some list unsubscribe rules...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
Re: Opinions needed on what to consider spam
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Wed, 13 Aug 2014 16:43:29 +0200
Antony Stone <An...@spamassassin.open.source.it> wrote:
> - spammers who get unsubscribe responses will use that to confirm
> the address and send more, therefore unsubscribing to them is a bad
> idea
I wonder how often this happens. This implies that spammers actually care
about the quality of their lists, which I don't think is true. It's so
cheap to use a botnet to blast out spam that I bet most spammers keep using
addresses forever and don't bother trying to validate them.
> Therefore users should be encouraged to unsubscribe from things they
> really did subscribe to, but otherwise MTA rejection of what looks
> like spam should reduce the quantity of both spam mass-mailings and
> genuine newletters etc.
That's true, but a lot of users (I've done it myself) forget that they've
subscribed to something, especially if it's really low-volume.
Regards,
David.
Re: Opinions needed on what to consider spam
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Wednesday 13 August 2014 at 16:14:06 (EU time), Matus UHLAR - fantomas
wrote:
> >> Bowie Bailey wrote:
> >>> But you still have to consider point 1. If a user starts complaining
> >>> that he's getting spam from Amazon, I'm not going to mess with SA, I'm
> >>> going to tell him to click the unsubscribe link at the bottom of the
> >>> email. (Assuming that it actually is from Amazon, of course)
> >
> >Alex wrote:
> >> I don't really like the per-user control. The challenge is to build a
> >> system that requires as little maintenance as possible - that's what
> >> we're supposed to be doing, IMHO.
>
> On 12.08.14 18:11, Kris Deugau wrote:
> >So... What do you do, when user A gets extremely mad to see
> >$legitimatenewsletter in their Inbox, and user B gets extremely mad to
> >see $legitimatenewsletter in their Spam folder? If you only have a
> >global policy with no way to adjust on a per-user basis, you're going to
> >have someone mad at you either way.
>
> call an unsubscribe-hook _and_ train as spam.
> Should be viable for both solicided an unsolicited mail.
>
> Or, does anyone think that unsubscribing spam is counter-productive still?
Rejecting spam at the MTA can be good for this:
- spammers who get unsubscribe responses will use that to confirm the address
and send more, therefore unsubscribing to them is a bad idea
- genuine newsletters (which the user might even have signed up to, and has
either forgotten or just doesn't care) would respond correctly to the
unsubscribe request, but will also often auto-unsubscribe addresses after a
certain number of non-delivery bounces
Therefore users should be encouraged to unsubscribe from things they really
did subscribe to, but otherwise MTA rejection of what looks like spam should
reduce the quantity of both spam mass-mailings and genuine newletters etc.
Antony.
--
"I estimate there's a world market for about five computers."
- Thomas J Watson, Chairman of IBM
Please reply to the list;
please *don't* CC me.
Re: Opinions needed on what to consider spam
Posted by Dave Warren <da...@hireahit.com>.
On 2014-08-12 15:11, Kris Deugau wrote:
> So... What do you do, when user A gets extremely mad to see
> $legitimatenewsletter in their Inbox, and user B gets extremely mad to
> see $legitimatenewsletter in their Spam folder? If you only have a
> global policy with no way to adjust on a per-user basis, you're going to
> have someone mad at you either way.
>
> Sooner or later, once you scale beyond a very small number of users, you
> *will* have a conflict between where any give pair of users expects to
> see a particular message.
>
> At that point you have to decide: Is this something most people want in
> their Inbox? And then make exceptions on a per-user basis for those who
> don't.
This is why god invented mailbox rules. Users can filter mail that isn't
spam themselves as they see fit.
I won't create per-user rules at the spamfilter level, and have done
very well with site-wide bayes (I don't find users are generally willing
to train enough to make per-user bayes make sense)
However, I do expose whitelisting and blacklisting to users, as well as
a range of filtering options that users can use at the server level for
webmail and IMAP use, plus of course users can create whatever disaster
of client-side rules their client is capable of implementing
(although we never recommend these, and do not support them, since users
create a nightmare of crap that we aren't willing to invest the time
into understanding and fixing)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: Opinions needed on what to consider spam
Posted by Dave Warren <da...@hireahit.com>.
On 2014-08-13 17:47, Steve Bergman wrote:
>
> On 08/13/2014 01:06 PM, Dave Warren wrote:
>>
>> In short, yes, it is unproductive. The quasi-legitimate stuff does go
>> away, but the rest doesn't. This was confirmed just recently by Laura on
>> Word To The Wise, who posted about this just 5 days ago:
>>
>> https://wordtothewise.com/2014/08/unsubscribing-spam-part-3/
>>
>
> Quote from the linked material:
>
> "During the month of November, I unsubscribed from every commercial
> email that came into the account."
>
> So mindlessly unsubscribing from viagra ads, with unsubscribe links,
> which have a load of random phrases at the bottom results in a a
> higher spam load later... if you are willing to accept data from an
> n=1 experiment with a low spam count.
>
> What if you have a larger number of accounts, and direct intelligent
> users to unsubscribe from emails which seem reasonably legit to them?
I've performed similar experiments with my own spam-trap addresses over
the years, with similar results. In my experience, it helps to keep a
domain "fresh" in spammer's lists if they see periodic activity for
domains that are entirely comprised of traps.
I seeded one trap from scratch simply by editing/entering the address
into the unsubscribe link/form of any spam "probably legitimate" spam
that I received that had a form I could manipulate without revealing
it's true source. The address still receives a moderate volume of spam
today, mostly from very disreputable sources that likely bought the
list, but not exclusively. Again, a n=1 experiment, but again, it showed
that even if you're selective, there's no such thing as limiting
yourself to reputable spammers.
However, I don't find that it's the intelligent users who have massive
spam problems to begin with, it's the ones who throw their email address
into every field requesting it and pound "Next" like a monkey wanting a
banana, ignoring pre-checked boxes along the way, that have the worst
spam problem. In my experience, these are the types that don't do
particularly well at knowing what to unsubscribe from, and what might be
legitimate. You can explain the obvious viagra stuff, but their
attention span is that of a gnat.
But as with all things, your mileage may vary.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: Opinions needed on what to consider spam
Posted by Steve Bergman <sb...@gmail.com>.
On 08/13/2014 01:06 PM, Dave Warren wrote:
>
> In short, yes, it is unproductive. The quasi-legitimate stuff does go
> away, but the rest doesn't. This was confirmed just recently by Laura on
> Word To The Wise, who posted about this just 5 days ago:
>
> https://wordtothewise.com/2014/08/unsubscribing-spam-part-3/
>
Quote from the linked material:
"During the month of November, I unsubscribed from every commercial
email that came into the account."
So mindlessly unsubscribing from viagra ads, with unsubscribe links,
which have a load of random phrases at the bottom results in a a higher
spam load later... if you are willing to accept data from an n=1
experiment with a low spam count.
What if you have a larger number of accounts, and direct intelligent
users to unsubscribe from emails which seem reasonably legit to them?
Re: Opinions needed on what to consider spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 2014-08-13 07:14, Matus UHLAR - fantomas wrote:
>>call an unsubscribe-hook _and_ train as spam.
>>Should be viable for both solicided an unsolicited mail.
>>
>>Or, does anyone think that unsubscribing spam is counter-productive
>>still?
On 13.08.14 11:06, Dave Warren wrote:
>In short, yes, it is unproductive. The quasi-legitimate stuff does go
>away, but the rest doesn't.
this was why I recommended
- unsubscribe (for the legitimate stuff to go away)
- train (to reject in the future)
> This was confirmed just recently by Laura
>on Word To The Wise, who posted about this just 5 days ago:
>
>https://wordtothewise.com/2014/08/unsubscribing-spam-part-3/
>
>TL;DR: Spam load went up. Unsubscribing from each of 312 messages in
>one month resulted in 6 straight months of higher spam load.
>
>I've had similar results on a Gmail spamtrap I've got (an address
>I've never used and don't use, but happens to be a common
>firstname.lastname combination, so it gets tons of typo'd mail
>seeding the trap)
This is the valuable info I was searching for...
Now I can speculate what happened if only FNs were unsubscribed
(no unsubscribe on detected spam)...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: Opinions needed on what to consider spam
Posted by Dave Warren <da...@hireahit.com>.
On 2014-08-13 07:14, Matus UHLAR - fantomas wrote:
>
> call an unsubscribe-hook _and_ train as spam.
> Should be viable for both solicided an unsolicited mail.
>
> Or, does anyone think that unsubscribing spam is counter-productive
> still?
>
In short, yes, it is unproductive. The quasi-legitimate stuff does go
away, but the rest doesn't. This was confirmed just recently by Laura on
Word To The Wise, who posted about this just 5 days ago:
https://wordtothewise.com/2014/08/unsubscribing-spam-part-3/
TL;DR: Spam load went up. Unsubscribing from each of 312 messages in one
month resulted in 6 straight months of higher spam load.
I've had similar results on a Gmail spamtrap I've got (an address I've
never used and don't use, but happens to be a common firstname.lastname
combination, so it gets tons of typo'd mail seeding the trap)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: Opinions needed on what to consider spam
Posted by Steve Bergman <sb...@gmail.com>.
On 08/13/2014 09:37 AM, Axb wrote:
> the so called "legit" will set your addr flag as unsubbed
I see a significant amount of "spam" to my users from truly legitimate
sources. Where "truly legitimate" doesn't mean that they are
legitimately the USDA or Merrill Lynch. These can be fire arms ads from
small companies I've never heard of, going to people whom I could
already have guessed belonged to gun clubs and probably missed unticking
a checkbox somewhere during sign-up.
IMO, Bayes has enough attacks going on against it that we need to give
it all the help it can get. And that means that when we tell it
something is spam, that something really needs to be spam, by anyone's
definition. When a message can't be unsubscribed from, the DNSBL's miss
it, and the other rules miss it, I want a Bayes with maximum specificity.
I also up the bayes scores. I believe in Bayes. But "Garbage In, Garbage
Out" is particularly appropriate for Bayes' inputs and outputs.
Re: Opinions needed on what to consider spam
Posted by Axb <ax...@gmail.com>.
On 08/13/2014 04:14 PM, Matus UHLAR - fantomas wrote:
>>> Bowie Bailey wrote:
>>>> But you still have to consider point 1. If a user starts complaining
>>>> that he's getting spam from Amazon, I'm not going to mess with SA, I'm
>>>> going to tell him to click the unsubscribe link at the bottom of the
>>>> email. (Assuming that it actually is from Amazon, of course)
>
>> Alex wrote:
>>> I don't really like the per-user control. The challenge is to build a
>>> system that requires as little maintenance as possible - that's what
>>> we're supposed to be doing, IMHO.
>
> On 12.08.14 18:11, Kris Deugau wrote:
>> So... What do you do, when user A gets extremely mad to see
>> $legitimatenewsletter in their Inbox, and user B gets extremely mad to
>> see $legitimatenewsletter in their Spam folder? If you only have a
>> global policy with no way to adjust on a per-user basis, you're going to
>> have someone mad at you either way.
>
> call an unsubscribe-hook _and_ train as spam.
> Should be viable for both solicided an unsolicited mail.
>
> Or, does anyone think that unsubscribing spam is counter-productive still?
imo, whatever you do, it can only get better :)
the spammer has your addr and will persist - confirming you exist by
clicking on an unsub link won't change much of the end result.
the so called "legit" will set your addr flag as unsubbed - till next
marketing drone bypasses that and whatever happens, they all have
"valid" hi-gloss excuses...
Re: Opinions needed on what to consider spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>> Bowie Bailey wrote:
>>> But you still have to consider point 1. If a user starts complaining
>>> that he's getting spam from Amazon, I'm not going to mess with SA, I'm
>>> going to tell him to click the unsubscribe link at the bottom of the
>>> email. (Assuming that it actually is from Amazon, of course)
>Alex wrote:
>> I don't really like the per-user control. The challenge is to build a
>> system that requires as little maintenance as possible - that's what
>> we're supposed to be doing, IMHO.
On 12.08.14 18:11, Kris Deugau wrote:
>So... What do you do, when user A gets extremely mad to see
>$legitimatenewsletter in their Inbox, and user B gets extremely mad to
>see $legitimatenewsletter in their Spam folder? If you only have a
>global policy with no way to adjust on a per-user basis, you're going to
>have someone mad at you either way.
call an unsubscribe-hook _and_ train as spam.
Should be viable for both solicided an unsolicited mail.
Or, does anyone think that unsubscribing spam is counter-productive still?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.
Re: Opinions needed on what to consider spam
Posted by Steve Bergman <sb...@gmail.com>.
On 08/12/2014 05:11 PM, Kris Deugau wrote:
> So... What do you do, when user A gets extremely mad to see
> $legitimatenewsletter in their Inbox, and user B gets extremely mad to
> see $legitimatenewsletter in their Spam folder?
Tell user A to unsubscribe? And don't do anything to increase the
chances of legitimate mail being flagged?
If you only have a
> global policy with no way to adjust on a per-user basis, you're going to
> have someone mad at you either way.
If they are legitimately subscribed, even by an opt-out scheme, they can
unsubscribe.
> Sooner or later, once you scale beyond a very small number of users you
> *will* have a conflict between where any give pair of users expects to
> see a particular message.
I'd set that boundary at about 2.
> At that point you have to decide: Is this something most people want in
> their Inbox? And then make exceptions on a per-user basis for those who
> don't.
Spam filtering is an ugly last resort. Necessary in the world we live in
today, in 2014. But a world that didn't need SA would be a better one.
If there is any way to do away with unwanted email (like unsubscribing)
then that's the thing for the user to do. The trick is knowing if the
"unsubscribe" mechanism is likely to work for a particular email.
Re: Opinions needed on what to consider spam
Posted by Kris Deugau <kd...@vianet.ca>.
Alex wrote:
> Bowie Bailey wrote:
>> But you still have to consider point 1. If a user starts complaining
>> that he's getting spam from Amazon, I'm not going to mess with SA, I'm
>> going to tell him to click the unsubscribe link at the bottom of the
>> email. (Assuming that it actually is from Amazon, of course)
>
> I don't really like the per-user control. The challenge is to build a
> system that requires as little maintenance as possible - that's what
> we're supposed to be doing, IMHO.
So... What do you do, when user A gets extremely mad to see
$legitimatenewsletter in their Inbox, and user B gets extremely mad to
see $legitimatenewsletter in their Spam folder? If you only have a
global policy with no way to adjust on a per-user basis, you're going to
have someone mad at you either way.
Sooner or later, once you scale beyond a very small number of users, you
*will* have a conflict between where any give pair of users expects to
see a particular message.
At that point you have to decide: Is this something most people want in
their Inbox? And then make exceptions on a per-user basis for those who
don't.
-kgd
Re: Opinions needed on what to consider spam
Posted by Alex <my...@gmail.com>.
Hi,
>> I disagree with that. In my opinion, only two criteria are needed
>> to define spam:
>>
>> 1) An objective criterion: Was the message unsolicited?
>
> Unfortunately, that can be difficult to determine. People frequently put
themselves on mailing lists as a consequence of creating a free account on
a website or some such and then forget about it. A large, well known,
reputable company is unlikely to be sending spam. So if you're on their
list, you probably added yourself somehow. Also, their unsubscribe links
tend to work, so it is much less work to simply unsubscribe yourself than
to figure out how to get the emails marked as spam (which might affect
someone else who actually does want the emails).
And you'd never get the truth from either the sender or recipient, even if
you asked them. In my experience, end-users subscribe intentionally to very
little, and unsubscribe from even less.
They may sign up for something from a company, say, Kraft, not realizing
they'll receive mail from all of Kraft's companies and products, not
necessarily just the one they authorized.
>> 2) A subjective criterion: Is the message unwanted?
>>
>> How the message gets to you is beside the point.
>>
>>> Two of the three messages, although unwanted, weren't necessarily
>>> unsolicited. Ideally I'd like to stop these messages before the users
>>> sees them, but how are we to know whether an individual user wants a
>>> legitimate email or not?
>>
>> You ask them. You use an anti-spam system that allows per-user decisions
>> about spaminess.
>
> But you still have to consider point 1. If a user starts complaining
that he's getting spam from Amazon, I'm not going to mess with SA, I'm
going to tell him to click the unsubscribe link at the bottom of the email.
(Assuming that it actually is from Amazon, of course)
I don't really like the per-user control. The challenge is to build a
system that requires as little maintenance as possible - that's what we're
supposed to be doing, IMHO.
I'd like to be able to see each message a user considers to be spam. I'm
afraid they will just dump everything into that per-user folder, instead of
addressing each message individually, and have the false impression that
we're not doing their job, when really they don't realize it's something
they actually requested. Hopefully that sentence is clear, heh.
I've had clients set up a "Place Spam Here" common folder on their Exchange
system, then accessed it via IMAP regularly to analyze it for spam
patterns, but Exchange 2010 apparently no longer supports IMAP with public
folders. Ideas as a replacement would be greatly appreciated.
Thanks,
Alex
Re: Opinions needed on what to consider spam
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Tue, 12 Aug 2014 10:02:37 -0400
Bowie Bailey <Bo...@BUC.com> wrote:
> On 8/12/2014 9:48 AM, David F. Skoll wrote:
> > 1) An objective criterion: Was the message unsolicited?
> Unfortunately, that can be difficult to determine.
Yes, definitely. But in principle, a message is either solicited or
not, regardless of one's opinion.
> A large, well known, reputable company is unlikely to be sending
> spam.
I don't know. Large, well-known, reputable companies have
inappropriately put Roaring Penguin employees on marketing lists in
the past. I consider that to be spamming: Just because we do business
with a company doesn't necessarily imply consent to be marketed to.
It is true that they did remove us from their lists when we went through
the unsubscribe process, but it's also true that they were rather loose
with what they considered to be consent for the initial sign-up.
> But you still have to consider point 1. If a user starts complaining
> that he's getting spam from Amazon, I'm not going to mess with SA,
Absolutely.
Regards,
David.
Re: Opinions needed on what to consider spam
Posted by Bowie Bailey <Bo...@BUC.com>.
On 8/12/2014 9:48 AM, David F. Skoll wrote:
> On Tue, 12 Aug 2014 09:41:07 -0400
> Alex <my...@gmail.com> wrote:
>
>> I define "legitimate" as having been sent through a reputable
>> company's mail system. Chances are, Computer Associates aren't
>> spamming people.
> I disagree with that. In my opinion, only two criteria are needed
> to define spam:
>
> 1) An objective criterion: Was the message unsolicited?
Unfortunately, that can be difficult to determine. People frequently
put themselves on mailing lists as a consequence of creating a free
account on a website or some such and then forget about it. A large,
well known, reputable company is unlikely to be sending spam. So if
you're on their list, you probably added yourself somehow. Also, their
unsubscribe links tend to work, so it is much less work to simply
unsubscribe yourself than to figure out how to get the emails marked as
spam (which might affect someone else who actually does want the emails).
> 2) A subjective criterion: Is the message unwanted?
>
> How the message gets to you is beside the point.
>
>> Two of the three messages, although unwanted, weren't necessarily
>> unsolicited. Ideally I'd like to stop these messages before the users
>> sees them, but how are we to know whether an individual user wants a
>> legitimate email or not?
> You ask them. You use an anti-spam system that allows per-user decisions
> about spaminess.
But you still have to consider point 1. If a user starts complaining
that he's getting spam from Amazon, I'm not going to mess with SA, I'm
going to tell him to click the unsubscribe link at the bottom of the
email. (Assuming that it actually is from Amazon, of course)
--
Bowie
Re: Opinions needed on what to consider spam
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Tue, 12 Aug 2014 09:41:07 -0400
Alex <my...@gmail.com> wrote:
> I define "legitimate" as having been sent through a reputable
> company's mail system. Chances are, Computer Associates aren't
> spamming people.
I disagree with that. In my opinion, only two criteria are needed
to define spam:
1) An objective criterion: Was the message unsolicited?
2) A subjective criterion: Is the message unwanted?
How the message gets to you is beside the point.
> Two of the three messages, although unwanted, weren't necessarily
> unsolicited. Ideally I'd like to stop these messages before the users
> sees them, but how are we to know whether an individual user wants a
> legitimate email or not?
You ask them. You use an anti-spam system that allows per-user decisions
about spaminess.
Regards,
David.
Re: Opinions needed on what to consider spam
Posted by Alex <my...@gmail.com>.
Hi,
> > We periodically have users that complain about receiving email they
believe
> > to be spam, but it looks to be legitimate.
>
> What's your definition of "legitimate" :) ?
>
> My definition of spam is email which is:
>
> - unsolicited (ie: the user didn't sign up for some newsletter or mailing
> list and then just decide they don't want it any more)
>
> and
>
> - unwanted (which of course is a pretty vague and personal definition of
the
> recipient's in itself).
Yes, this is the perpetual question we're always asking. I realize it's so
subjective.
I define "legitimate" as having been sent through a reputable company's
mail system. Chances are, Computer Associates aren't spamming people.
Two of the three messages, although unwanted, weren't necessarily
unsolicited. Ideally I'd like to stop these messages before the users sees
them, but how are we to know whether an individual user wants a legitimate
email or not?
Should bayes be trained on this type of mail?
Anyway, thanks for everyone's input.
Thanks,
Alex
Re: Opinions needed on what to consider spam
Posted by Antony Stone <An...@spamassassin.open.source.it>.
On Monday 11 August 2014 at 21:02:38 (EU time), Alex wrote:
> We periodically have users that complain about receiving email they believe
> to be spam, but it looks to be legitimate.
What's your definition of "legitimate" :) ?
My definition of spam is email which is:
- unsolicited (ie: the user didn't sign up for some newsletter or mailing
list and then just decide they don't want it any more)
and
- unwanted (which of course is a pretty vague and personal definition of the
recipient's in itself).
Sometimes email from people you know personally can fall into the second
category (!), but I consider this to be solicited, because it's someone you
have a connection to.
Email from strangers, which you didn't ask for, and don't want, is spam.
Regards,
Antony.
--
"Linux is going to be part of the future. It's going to be like Unix was."
- Peter Moore, Asia-Pacific general manager, Microsoft
Please reply to the list;
please *don't* CC me.
Re: Opinions needed on what to consider spam
Posted by Steve Bergman <sb...@gmail.com>.
On 08/11/2014 02:02 PM, Alex wrote:
> Hi,
> Hopefully you'll consider this a related question, as I would really
> appreciate your input. We periodically have users that complain about
> receiving email they believe to be spam, but it looks to be legitimate.
I'm still pretty much a newbie after only 3 months of getting back into
administering a mail server. But I'm finding that it's best to consider
anything at all legit to be ham, where "anything at all legit" means
that it looks legit enough that the "unsubscribe" link would likely
work. Even if it's a sleazy "opt out" sender.
SA is sometimes smarter than I expect. And I've only recently discovered
the included DNS Whitelist rules. Personally, in my own account, I
sometimes get lazy and try to use SA's Bayesian training via
dovecot-antispam as a substitute for doing an unsubscribe. But if the
email is legit enough to be unsubscribed from, unsubscribing is the best
way to handle the situation. And that's what I'm telling my users. That
way, bayes can concentrate on real spam, and dns whitelist rules don't
work at odds with bayes.
My post may or may not be only be tangentially related to the topic. But
I figured I'd mention my recently formed definition of spam. There's a
lot of complexity embedded in the SA standard rule set. I try not to
make too many assumptions.
-Steve Bergman
Re: Opinions needed on what to consider spam
Posted by Robert Schetterer <rs...@sys4.de>.
Am 11.08.2014 um 21:02 schrieb Alex:
> We periodically have users that complain about receiving email they
> believe to be spam
you will never goal an universal opinion about "what is ham/spam" on
shared systems
if not tagged auto ( or by the admin after "human watch" etc ), users
may blacklist it by their own ( or their postmaster should do it for
them ) and/or upload to some autolearn script etc
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein