When spam filters fail

Spam filters aren’t perfect. They sometimes catch mail they shouldn’t, although it happens less than some people think. They sometimes fail to catch mail they should.
One of the reason filters fail to catch mail they should is because some spammers invest a lot of time and energy in figuring out how to get past the filters. This is nothing new, 8 or 9 years ago I was in negotiations with a potential client. They told me they had people who started working at 5pm eastern. Their entire job was to craft mail that would get through Hotmail’s filters that day. As soon as they found a particular message that made it to the inbox, they’d blast to their list until the filters caught up. When the filters caught up, they’d start testing again. This went on all night or until the full list was sent.
Since then I’ve heard of a lot of other filter bypass techniques. Some spammers set up thousands of probe accounts at ISPs and would go through and “not spam” their mail to fool the filters (ISPs adapted). Some spammers set up thousands of IPs and rotate through them (ISPs adapted). Some spammers register new domains for every send (ISPs adapted). Some spammers used botnets (ISPs adapted)
I’m sure, even now, there are spammers who are creating new techniques to get through filters. And the ISPs will adapt.

Related Posts

You can't always get what you want

It’s a problem anyone who has done any delivery work has faced. There’s a client who is having blocklist problems or ISP delivery problems and they won’t pay any attention to what you say. They insist that you talk to the blocklist or the ISP or hand over contacts directly so they can “dialog with” someone internally. They don’t like what they’re hearing, and they hope that the answer will be different if they find a new person to talk to.
The reality is many of the people at ISPs and blocklists don’t want to talk to these types of senders. They may answer a friendly question from someone they know and trust, but sometimes not even then.
Some very large ISPs and major blocklists don’t even take sender questions. They won’t communicate with anyone about any delivery issues.
I’ve had to tell more than a few clients recently that various ISPs and blocklists weren’t interested in helping those clients with their delivery problems. There are two classes of reactions I get from clients. Some clients focus on moving forward. “OK, now what? How can we identify the issue, what data do we have and how can we figure out what the problem is?”
Other clients continue to look for ways to talk to whomever is blocking their mail. They’re convinced if they can just “explain their business model” or be told what they’re doing wrong, that all their delivery problems will magically disappear.
Needless to say those clients who focus on moving forward and looking at the information they do have have much better success resolving their delivery problems. What many senders don’t understand is the wealth of data they have that will help them resolve the issue. And even if they know it’s buried in their files, they don’t always know where to start looking or even what they’re looking for.
But that is, of course, why you hire someone like me who understands spamfiltering and email. I help senders understand how email filters work and identify what parts of their programs are likely to be responsible for delivery issues. I often find the most valuable service I provide to clients is a fresh set of eyes that can see the forest. With my help, they manage to stop obsessing unproductively about one particular symptom and focus on the underlying problems.
Senders who think the holy grail of problem resolution is speaking to the right person at an ISP or blocklist generally are disappointed, even when they hire someone who knows all the right people at the ISPs.  They can’t always get what they want. But I can often help them get what they need.
 
 
 

Read More

ISP filters are good for marketers

A throwback post from 2010 Attention is a limited resource.
Marketing is all about grabbing attention. You can’t run a successful marketing program without first grabbing attention. But attention is a limited resource. There are only so many things a person can remember, focus on or interact with at any one time.
In many marketing channels there is an outside limit on the amount of attention a marketer can grab. There are only so many minutes available for marketing in a TV or radio hour and they cost real dollars. There’s only so much page space available for press. Billboards cost real money and you can’t just put a billboard up anywhere. With email marketing, there are no such costs and thus a recipient can be trivially and easily overwhelmed by marketers trying to grab their attention.
Whether its unsolicited email or just sending overly frequent solicited email, an overly full mailbox overwhelms the recipient. When this happens, they’ll start blocking mail, or hitting “this is spam” or just abandoning that email address. Faced with an overflowing inbox recipients may take drastic action in order to focus on the stuff that is really important to them.
This is a reality that many marketers don’t get. They think that they can assume that if a person purchases from their company that person wants communication from that company.

Read More

ISPs speak at M3AAWG

Last week at M3AAWG representatives from AOL, Yahoo, Gmail and Outlook spoke about their anti-spam technologies and what the organizations were looking for in email.
This session was question and answers, with the moderator asking the majority of the questions. These answers are paraphrased from my notes or the MAAWG twitter stream from the session.
What are your biggest frustrations?
AOL: When senders complain they can’t get mail in and we go look at their stats and complaints are high. Users just don’t love that mail. If complaints are high look at what you may have done differently, content does have an effect on complaints.
Outlook: When we tightened down filters 8 years ago we had to do it. Half of the mail in our users inbox was spam and we were losing a steady number of customers. The filter changes disrupted a lot of senders and caused a lot of pain. But these days only 0.5% of mail in the inbox is spam.  Things happen so fast, though, that the stress can frustrate the team.
Gmail: Good senders do email badly sometimes and their mail gets bulked. Senders have to get the basic email hygiene practices right. Love your users and they’ll love you back.
What’s your philosophy and approach towards mail?
AOL: There is a balance that needs to be struck between good and bad mail. The postmaster team reminds the blocking team that not all mail is bad or malicious. They are the sender advocates inside AOL. But the blocking team deals with so much bad mail, they sometimes forget that some mail is good.
Yahoo: User experience. The user always comes first. We strive to protect them from malicious mail and provide them with the emails they want to see. Everything else is secondary.
Gmail: The faster we stop spam the less spam that gets sent overall. We have highly adaptive filters that can react extremely quickly to spam. This frustrates the spammers and they will give up.
Outlook: The core customer is the mailbox user and they are a priority. We think we have most of the hardcore spam under control, and now we’re focused on personalizing the inbox for each user. Everyone online should hold partners accountable and they should expect to be held accountable in turn. This isn’t just a sender / ESP thing, ISPs block each other if there are spam problems.
What are some of your most outrageous requests?
We’ve been threatened with lawsuits because senders just don’t want to do the work to fix things. Some senders try to extort us. Other senders go to the advertising execs and get the execs to yell at the filtering team.
Coming to MAAWG and getting cornered to talk about a particular sender problem. Some senders have even offered money just to get mail to the spam folder.
Senders who escalate through the wrong channels. We spent all this money and time creating channels where you can contact us, and then senders don’t use them.
Confusing business interests with product interests. These are separate things and we can’t change the product to match your business interest.
What are your recommendations for changing behaviors?
Outlook: We provide lots of tools to let you see what your recipients are doing. USE THE TOOLS. Pay attention to your recipient interaction with mail. Re-opt-in recipients periodically. Think about that mail that is never opened. Monitor how people interact with your mail. When you have a problem, use our webpages and our forms. Standard delivery problems have a play book. We’re going to follow that playbook and if you try to get personal attention it’s going to slow things down. If there’s a process problem, we are reachable and can handle them personally. But use the postmaster page for most things.
Gmail: Get your hygiene right. If you get your hygiene right, deliverability just works. If you’re seeing blocking, that’s because users are marking your mail as spam. Pay attention to what the major receivers publish on their postmaster pages. Don’t just follow the letter of the law, follow the spirit as well. Our responsibility, as an ISP, is to detect spam and not spam. Good mailers make that harder on us because they do thinks that look like spammers. This doesn’t get spammer mail in more, it gets legitimate mail in less. Use a real opt-in system, don’t just rely on an implied opt-in because someone made a purchase or something.
Yahoo: ESPs are pretty good about screening their customers, so pay attention to what your ESPs are saying. Send mail people want. Verify that the email addresses given to you actually belong to people who want your mail. Have better sender practices.
What do you think about seed accounts?
The panel wasn’t very happy about the use of seed accounts. Seeds are not that useful any longer, as the ISPs move to more and more personalized delivery. Too much time and too many cycles are used debugging seed accounts. The dynamic delivery works all ways.
When things go wrong what should we do?
AOL: Open a ticket. We know we’ve been lax recently, but have worked out of our backlog and are caught up to date. Using the ticketing system also justifies us getting more headcount and makes everyone’s experience better. Also, don’t continue what you’re doing. Pausing sending while you’re troubleshooting the issue. We won’t adjust a rep for you, but we may be able to help you.
Gmail: Do not jump the gun and open a ticket on the first mail to the spam folder. Our filters are so dynamic, they update every few minutes in some cases. Be sure there is a problem. If you are sure you’re following the spirit and letter of the sender guidelines you can submit a ticket. We don’t respond to tickets, but we work every single one. When you’re opening a ticket provide complete information and full headers, and use the headers from your own email address not headers from a seed account. Give us a clear and concise description of the problem. Also, use the gmail product forum, it is monitored by employees and it’s our preferred way of getting information to the anti-abuse team. Common issues lots of senders are having will get addressed faster.
Outlook: Dig in and do your own troubleshooting, don’t rely on us to tell you what to fix. The support teams don’t have a lot of resources so use our public information. If you make our job harder, then it takes longer to get things done. But tell us what changes you’ve made. If you’ve fixed something, and tell us, our process is different than if you’re just asking for a delisting or asking for information. When you’ve fixed things we will respond faster.
How fast should users expect filters to respond after making changes?
Filters update continually so they should start seeing delivery changes almost immediately. What we find is people tell us they’ve made changes, but they haven’t made enough or made the right ones. If the filters don’t update, then you’ve not fixed the problem.

Read More