[ Again, just commenting on one point. ] On Thu, Oct 24, 2019 at 01:21:12PM -0700, Mark Milhollan wrote: > My experience says that: their system has learned that your system(s) > continued to send messages that their user (yes you, but they don't know > that) did not want, i.e., you left it marked as SPAM or deleted it without > reading the message, or at least not enough was noted as not SPAM *and* read > (aka displayed, and not for half a second either) so as to influence their > AI, which makes mistakes and will never correct them if not fed correcting > info.
[ Note that the proper term is "spam": it's not an acronym and should never be fully capitalized. ] It is a worst practice in mail systems engineering to allow input from putative users into any decision-making process *absent* manual review of each piece of data by very clueful humans, e.g., curated abuse reports. Consider: either that input is coming from the person who owns the account or it's not. If it's coming from a person, then there is an extremely high probability that it's coming from someone who doesn't have the slightest idea what they're doing. (If users, en masse, knew what they were doing and were even modestly diligent, then spam and phishing would not be serious problems. But they are; they flourish because users are careless, lazy, stupid, etc. They've been proving this daily by the hundreds of millions for decades.) Systems which do this are built on the laugable assumption that the aggregate opinions of a hundred million idiots are somehow magically more valid than the opinions of one. If it's not coming from a person, then it's coming from the new owner of the account. That new owner is hostile by definition, so allowing input from them is an even worse idea than allowing input from users, who may only be hostile most of the time. (Keep in mind that email accounts are compromised by the billions -- e.g., Yahoo -- and that systems are likewise so. And of course anyone who has compromised a system can avail themselves of any/all email credentials stored on or traversing that system. Those who doubt the scale on which both are happening are invited to peruse the darknet marketplace of their choice and observe that accounts/systems are for sale in bulk quantities from a wide variety of sellers.) ---rsk
