Spam Filtering and Your Duty to Your Users

The Internet Patrol - Patrolling the Internet for You
Follow Anne

Spam filtering has always been a hot topic around the IT water cooler. The question most frequently asked is “how”. But increasingly, a question which needs to be asked is “whether”, followed closely by “how not” in addition to “how”. (If you’re stilll back at “why?” then a) I want to know how you are reading this as you clearly don’t spend much time on the Internet, and b) I want to meet the person who administers your anti-spam system.)

The bottom line here is your duty to your users. Sure, users want to see less spam in their inbox. But they really don’t want to see legitimate mail end up in the spam folder, which is second only to their not wanting to see mail which they are expecting vanish into a black hole.


More than a passing whim, however, your users rely on you to make sure that their legitimate email gets delivered. To them. In their inbox. A legitimate email occasionally ending up in the spam folder is forgiveable; possibly even acceptable. But legitimate email completely vanishing is not.

Amazingly, many spam filters being used in a user environment today are configured to simply discard certain types email which the system determines to be spam. Not flags. Not filters. Discards. Aside from the issue of economics (and that really is a only a side issue here), that is not unlike the USPS deciding to throw away your Victoria Secrets catalog rather than letting you decide whether or not you want to read it (yes, there is also text in those catalogues). Worse, in the case of wanted, legitimate email which is erroneously discarded by overzealous spam filters, it is akin to the USPS throwing away your tax return because it comes in a windowed envelope, and everyone knows that only junk mail (and bills) comes in those envelopes.

The bottom line is, just as the USPS cannot choose to discard, rather than deliver, your mail, neither should you make such a decision for your users. If you must discard email addressed to your users before they ever see it, then at the very least you should – no, must – advise them up front as to what processes of elimination you are using.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

I am personally aware of a site which lost their domain due to their ISP’s overzealous spam blocking, which resulted in the domain registration renewal notice which their registrar sent them being tossed as spam. Such an outcome is completely unacceptable and, indeed, may be legally actionable. Your users expect you to protect, not interfere with, their mail.

So where does this leave the IT professional charged with maintaining their company’s mail servers on behalf of their users, other than between the proverbial rock and a hard place? Sticky a wicket as it is, these following steps can help you to avoid ethical, and even possibly legal, email delivery snafus.

First: Never ever discard incoming email which is addressed to one of your users. Filter, yes – delete, no.

 

Second: Do make liberal use of “spam folders”, a secondary inbox for your users into which email which your system identifies as likely to be spam can be deposited.

Third: Make sure that your users know what your spam filtering policies are, and that they know to check their spam folders regularly.

Fourth: Know the policies and practices of any third-party spam filtering, blocking, or identification solution to which you may subscribe. It doesn’t do you any good to keep a careful shop if the spam filter to which you are subscribing lists anyone and everyone every which way from Sunday.

Fifth: Post your email acceptance and delivery policies somewhere public on your website, so that not only will your users know what your spam-filtering policies are, but their correspondents (i.e. the people sending them email) will know how to play nice with your sytem to avoid erroenously triggering your spam filter.

Remember, there’s a fine line between the killer app, and killing the killer app. Make sure that in your efforts to keep your users’ inboxes usable you remain a part of the solution, and not a part of the problem.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

6 thoughts on “Spam Filtering and Your Duty to Your Users

  1. >Lets try that again without hitting return
    > to early

    It’s ok, dear, it happens to everyone.

    Aunty Spam

  2. Lets try that again without hitting return to earily… I have Norton Anti-Virus, and you are quite right they do have the option not to reply to the sender. It just takes some finding.

  3. I understand that it is the duty of ISP’s / hosts to at least inform the sender that a mail they sent did not arrive for some reason. However there are a lot of virii that we know “spoof” the senders email address, and such a large chunk of the email I receive now is from mailservers informing me that I sent a virus to their server just because the message contained my email as the From: address.
    As it seems that the aim of some of these virus writers is to bring the internet to its knees by the sheer volume of traffic, I just feel we are in some sense helping them with this. What I would suggest is that Mail Server anti-virus writers have a 2-level system where virii that are detected that are known spoofers are automatically deleted as there is no point replying. Then still have an option to “report to sender” for the rest.
    Just an idea.

  4. One practice we are considering is to release a spam specific email address which has several uses
    – people can use it to sign up for things (obvious)
    – any email that comes in addressed to the spam address and any other receipient as well is automatically flagged as spam.
    – Automated mail servers could check for the same sender, contents, title etc as the email coming through the spam account and flag them as well.

    Then you try and get the address registered with as many spam lists as you can.

  5. Sp*m is a big problem for ISPs and users alike these days. Filtering
    e-mail at the mail server, or running a free or fee program at the
    client end attempts to solve the problem, but the results are imperfect
    and cumbersome to correct. False positives and negatives continue to
    plague most approaches.

    My solution is simple and perhaps even obvious. But it’s worked for me
    in efficiently handling over 7000 e-mails, and it can work for anyone
    who uses an e-mail client capable of defining rules to route e-mail to a
    folder, such as Outlook Express.

    The key idea and goal is to use your Inbox exclusively for sp*m. All
    desired e-mail can be routed to e-mail folders you define based on rules
    that make sense to you. You start by creating a message rule from a
    displayed e-mail, not from a hypothetical concept. For example, an
    e-mail from your boss can be routed to a folder called Boss. A
    newsletter can be routed to a folder called Newsletter, based on
    whatever is common to that newsletter style, such as a Subject keyword
    that’s always there. I handle all my e-mail using 50 folders, but you
    may require fewer or more, depending on how granular you think you need
    to be.

    After a week or so, your Inbox only has sp*m, which is easy to eyeball
    scan and mass delete after ensuring no good e-mail lurks there needing
    to be read and rule-defined. So how do you tell where your good unread
    e-mail is? Just arrange your View so you can scan the unread count to
    the right of the folder name. For example, Newsletter (2) means you
    have two unread newsletter e-mails to review.

    If your email program can filter based on address book contents, you can make your last step put email from anyone in your address book into a 2Bread folder. Then email from contacts you didn’t specifically route to the Boss or other folder gets separated from the sp*m in your Inbox.

    Don’t try to block sp*am, but make it obvious and in one place – your
    Inbox!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.