Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2021-02-09 14:47, Chris via mailop wrote: On 2021-02-08 21:09, Dave Warren via mailop wrote: \ You could always turn on + addressing on M365... https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online Admittedly it is fairly new, and opt-in for reasons described on the link above, but it should be straightforward for a client moving in from another that supported plus addressing. The convention has existed almost as long as there's been sendmail, and is available in postfix too. This is handy to direct incoming email into different boxes, and makes it possible to narrow down who leaked your email address. Absolutely. but in the context of the Microsoft 365 platform, it is less than 6 months since it was implemented as a checkbox administrators could enable. Before that it took custom aliasing or other hackery. Indeed: I use it for my subscription to mailop as you can see. I'm not sure how many years I have used plus addressing, but I first blogged about my experience with a product-specific implementation in mid-2008. UNFORTUNATELY, many web sites outright refuse to accept "+" as a valid character in an email LHS, despite the fact that the RFC's permit it. In fact, I've run into occasions where the "new user" function permits it, but logging in and/or password change *don't*. Worse was one that entirely disabled it long after I've been using it successfully, routinely. I've run into both of these a couple times. Sometimes in my favour, in one case it was the "update your profile" page that wouldn't work, I couldn't even change my e-mail address as the existing one was non-editable and invalid. Customer service shrugged and suggested I create a new account, so I did by referring myself, and got both sides of the referral bonuses and their slew of new-user bonuses. When I was running my own hosting service, I supported - as an alternate character (user-subaddress@domain = user+subaddress@domain) and for users that wanted, subaddress@user.domain too, although I only deployed the DNS records upon request. When I exited the market professionally and was looking for somewhere to refer customers, my discovery that FastMail supported the subdomain addressing by default brought them a decent number of mailboxes, eventually including my own personal address(es). It's useful, but be aware that some sites screw it up. Some relatively major ones. I haven't yet found anywhere that can't cope with at least one of my address format alternates. Another issue is that more and more companies are restricting addresses that contain their name. Uber doesn't (or at least didn't) allow uber@, dave+user@ or dave-uber@, but they were fine with u-morons-ber@ so that was good enough for me. I've seen this a bit in the health world, our local blood laboratory accepts my email address and sends account related information, but not appointment confirmations. I was able to discuss it with their technical staff and the addresses was blacklisted in their ESP's database, but they couldn't see why. I experimented with other addresses at the same domain, and the same username at another domain, it was definitely the username portion. Tossing a -morons- in the middle does the trick, but it means I have even more address formats to potentially use when trying to recall credentials or account details. Thank dog for password managers and searchable indefinite email retention being things. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2021-02-08 21:09, Dave Warren via mailop wrote: \ You could always turn on + addressing on M365... https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online Admittedly it is fairly new, and opt-in for reasons described on the link above, but it should be straightforward for a client moving in from another that supported plus addressing. The convention has existed almost as long as there's been sendmail, and is available in postfix too. This is handy to direct incoming email into different boxes, and makes it possible to narrow down who leaked your email address. Indeed: I use it for my subscription to mailop as you can see. UNFORTUNATELY, many web sites outright refuse to accept "+" as a valid character in an email LHS, despite the fact that the RFC's permit it. In fact, I've run into occasions where the "new user" function permits it, but logging in and/or password change *don't*. Worse was one that entirely disabled it long after I've been using it successfully, routinely. Sometimes significant ones with paid subscriptions/services. Pain in the ass they are. It's useful, but be aware that some sites screw it up. Some relatively major ones. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 8 Feb 2021, at 21:20, Dave Warren via mailop wrote: On 2021-02-08 16:14, Bill Cole via mailop wrote: [...] The "de-tagging" tactic that Al noted has existed, although I don't see much evidence of it in recent years. I think it may be that enough people who use tagged addresses give tagged addresses less scrutiny that senders who paid attention noticed that de-tagging hurts deliverability. There is also the possibility to give anything missing a tag extreme scrutiny Everything is relative :) (or outright reject it) if a user is careful to never give out untagged addresses. Yes. e.g.: I have a ridiculously strict local IP blocklist fed by automated mechanisms which sometimes list whole RIR allocations. It is used via scoring before SMTP and in content filtering, but for untagged addresses it is also used as an absolute ban if nothing else known at RCPT time (i.e. recipient address tagging or other stuff) exempts the message. Beyond that, many years ago I turned my nominally 'main' email address with which I use local-part tagging into a virtual address that is not an authentication identity on any system. OTOH, the "real" address to which my tagged addresses deliver (and which is used for authentication) is not actually mailable. That's an extremely useful secondary effect of intensive tagged-address usage, since the credential-stuffers all try tagged addresses or the de-tagged 'main address" and so are easy to identify without depending on rate or volume of attempts. No address that anyone knows legitimately is part of any credential set. By definition there is no consent given to a sender who just makes up their own addresses (by stripping or changing tags), which is significant to any sender trying to operate on an opt-in basis. Absolutely correct. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2021-02-08 16:14, Bill Cole via mailop wrote: On 8 Feb 2021, at 17:03, Richard Bewley via mailop wrote: The critical feature in '+' tagging (and equivalents using other characters or patterns) is the ability to create aliases on-the-fly in a namespace that the user controls such that the mail system handling delivery only needs to know the tagging pattern rather than every new tag. In a previous life I had an email system that would sort tagged messages into a subfolder, but only for folders that existed. If a folder didn't exist the message would get rejected at SMTP time. Not many users used it or grasped the concept of giving out a different address to each company, but the idea you could actually revoke a sender's ability to send to you just by deleting a folder was well received. Since some companies didn't accept tags, we allowed a - instead, and t...@mailbox.example.com would get aliased to mailbox+...@example.com. But of course now users have even more possible addresses they might have given out, which increases confusion significantly for those who didn't really get how tagged addresses worked but tried anyway. The "de-tagging" tactic that Al noted has existed, although I don't see much evidence of it in recent years. I think it may be that enough people who use tagged addresses give tagged addresses less scrutiny that senders who paid attention noticed that de-tagging hurts deliverability. There is also the possibility to give anything missing a tag extreme scrutiny (or outright reject it) if a user is careful to never give out untagged addresses. By definition there is no consent given to a sender who just makes up their own addresses (by stripping or changing tags), which is significant to any sender trying to operate on an opt-in basis. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2021-02-08 15:03, Richard Bewley via mailop wrote: Only this weekend I was trying to help an old colleague with a migration from Gsuite to M365. The #1 complaint... was some of his minions were seemingly crippled by the lack of this function.. and I was thinking err aliases? Aliases? You could always turn on + addressing on M365... https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online Admittedly it is fairly new, and opt-in for reasons described on the link above, but it should be straightforward for a client moving in from another that supported plus addressing. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 8 Feb 2021, at 17:03, Richard Bewley via mailop wrote: +1 to Al. (no pun intended for the '+'.) Only this weekend I was trying to help an old colleague with a migration from Gsuite to M365. The #1 complaint... was some of his minions were seemingly crippled by the lack of this function.. and I was thinking err aliases? Aliases? The critical feature in '+' tagging (and equivalents using other characters or patterns) is the ability to create aliases on-the-fly in a namespace that the user controls such that the mail system handling delivery only needs to know the tagging pattern rather than every new tag. The "de-tagging" tactic that Al noted has existed, although I don't see much evidence of it in recent years. I think it may be that enough people who use tagged addresses give tagged addresses less scrutiny that senders who paid attention noticed that de-tagging hurts deliverability. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
+1 to Al. (no pun intended for the '+'.) Only this weekend I was trying to help an old colleague with a migration from Gsuite to M365. The #1 complaint... was some of his minions were seemingly crippled by the lack of this function.. and I was thinking err aliases? Aliases? At least I am not alone ;o) Richard -Original Message- From: Al Iverson Sent: 08 February 2021 17:46 To: mailop Subject: Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam.. I'm going to go wide (and unpopular) on this one and say that this is just another reason address plussing is crappy. Even the desired use case is very easily exploited. Bad guys can just strip the +tag and then you lose your visibility into where they got the address from. I guess if it's all you've got, so be it. I'm a hypocrite, I guess. I use it sometimes. But I think individual aliases are a much better solution. Cheers, Al Iverson On Mon, Feb 8, 2021 at 10:01 AM Michael Peddemors via mailop wrote: > > Didn't take Google spammers long to figure out using + addressing to > try and get by spam filters.. or personal block lists.. > > > Return-Path: > > From: "Bitcoin Trader" > > Judging by volume, I am sure that there are no sane rate limiters in > place.. > > I would think that any use of a + address, usually is for a specific > purpose, and should have very tight outbound rate limiters in place. > > -- Michael -- > > > > > On 2021-02-05 10:12 a.m., Camille - Clean Mailbox via mailop wrote: > > Also, a trusted user can be hacked and his account hijacked to send spam. > > > >> Le 5 févr. 2021 à 18:25, Marcel Becker via mailop > >> a écrit : > >> > >> > >> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop > >> mailto:mailop@mailop.org>> wrote: > >> > >> > >> You can not trust users to identify spam. > >> > >> > >> This. A Thousand times this. A lot of us privileged with the > >> insight into how mail technically works (or so) have difficulties > >> grasping how real people use mail. And the available abuse reporting > >> channels. > >> > >> ___ > >> mailop mailing list > >> mailop@mailop.org > >> https://list.mailop.org/listinfo/mailop > > > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > > > > > > -- > "Catch the Magic of Linux..." > -- > -- Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company > - For More Info http://www.wizard.ca "LinuxMagic" a Registered > TradeMark of Wizard Tower TechnoServices Ltd. > -- > -- > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and > intended solely for the use of the individual or entity to which they are > addressed. > Please note that any views or opinions presented in this email are > solely those of the author and are not intended to represent those of the > company. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com This email may be proprietary or confidential and may constitute a business secret protected by law. If you’re not the intended recipient, notify me by email and erase all copies and attachments, and do not forward nor disclose its contents to anyone. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
I'm going to go wide (and unpopular) on this one and say that this is just another reason address plussing is crappy. Even the desired use case is very easily exploited. Bad guys can just strip the +tag and then you lose your visibility into where they got the address from. I guess if it's all you've got, so be it. I'm a hypocrite, I guess. I use it sometimes. But I think individual aliases are a much better solution. Cheers, Al Iverson On Mon, Feb 8, 2021 at 10:01 AM Michael Peddemors via mailop wrote: > > Didn't take Google spammers long to figure out using + addressing to try > and get by spam filters.. or personal block lists.. > > > Return-Path: > > From: "Bitcoin Trader" > > Judging by volume, I am sure that there are no sane rate limiters in > place.. > > I would think that any use of a + address, usually is for a specific > purpose, and should have very tight outbound rate limiters in place. > > -- Michael -- > > > > > On 2021-02-05 10:12 a.m., Camille - Clean Mailbox via mailop wrote: > > Also, a trusted user can be hacked and his account hijacked to send spam. > > > >> Le 5 févr. 2021 à 18:25, Marcel Becker via mailop > >> a écrit : > >> > >> > >> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop > >> mailto:mailop@mailop.org>> wrote: > >> > >> > >> You can not trust users to identify spam. > >> > >> > >> This. A Thousand times this. A lot of us privileged with the insight > >> into how mail technically works (or so) have difficulties grasping how > >> real people use mail. And the available abuse reporting channels. > >> > >> ___ > >> mailop mailing list > >> mailop@mailop.org > >> https://list.mailop.org/listinfo/mailop > > > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > > > > > > -- > "Catch the Magic of Linux..." > > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Didn't take Google spammers long to figure out using + addressing to try and get by spam filters.. or personal block lists.. Return-Path: From: "Bitcoin Trader" Judging by volume, I am sure that there are no sane rate limiters in place.. I would think that any use of a + address, usually is for a specific purpose, and should have very tight outbound rate limiters in place. -- Michael -- On 2021-02-05 10:12 a.m., Camille - Clean Mailbox via mailop wrote: Also, a trusted user can be hacked and his account hijacked to send spam. Le 5 févr. 2021 à 18:25, Marcel Becker via mailop a écrit : On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop mailto:mailop@mailop.org>> wrote: You can not trust users to identify spam. This. A Thousand times this. A lot of us privileged with the insight into how mail technically works (or so) have difficulties grasping how real people use mail. And the available abuse reporting channels. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
I did talk to an individual some years back – yes, at a bar, believe it or not – who sincerely believed that the “junk” folder was a place where he could archive all his email that he wanted to keep but didn’t want to clutter his inbox. From: mailop on behalf of Zack Aab via mailop Date: Saturday, 6 February 2021 at 4:58 AM To: mailop@mailop.org Subject: Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam.. Although I'm not terribly qualified to comment on Gmail's policies or design decisions, I thought I'd throw in an anecdote about the "Report Spam" user experience: A random guy I talked to in a bar (it was a work trip, he asked why I was in town, etc) told me that he used the "Report Phishing" function in Gmail as a (his words) "Super Spam Report" for when he was particularly annoyed at a marketing email or sender. I think he is an example that even with clear and simple labels like "Report Phishing" vs "Report Spam," if the user can't _see_ what happens when they click a button, they're going to decide for themselves what that button does...or something like that... :-) Zack Aab On Fri, Feb 5, 2021 at 5:24 PM Marcel Becker via mailop mailto:mailop@mailop.org>> wrote: On Fri, Feb 5, 2021 at 12:58 Jay Hennigan via mailop mailto:mailop@mailop.org>> wrote: Simply changing "Junk" to "Report as spam" would help a lot. Unfortunately no, it would not. - Marcel ___ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Although I'm not terribly qualified to comment on Gmail's policies or design decisions, I thought I'd throw in an anecdote about the "Report Spam" user experience: A random guy I talked to in a bar (it was a work trip, he asked why I was in town, etc) told me that he used the "Report Phishing" function in Gmail as a (his words) "Super Spam Report" for when he was particularly annoyed at a marketing email or sender. I think he is an example that even with clear and simple labels like "Report Phishing" vs "Report Spam," if the user can't _see_ what happens when they click a button, they're going to decide for themselves what that button does...or something like that... :-) Zack Aab On Fri, Feb 5, 2021 at 5:24 PM Marcel Becker via mailop wrote: > On Fri, Feb 5, 2021 at 12:58 Jay Hennigan via mailop > wrote: > >> Simply changing "Junk" to "Report as >> spam" would help a lot. > > > Unfortunately no, it would not. > > - Marcel > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Dnia 5.02.2021 o godz. 15:03:01 Grant Taylor via mailop pisze: > Changing the effort involved /might/ make a difference. E.g. have > delete be a one click action and report be a two click action vi a > confirmation (blocking modal) dialog box. > > Aside: The confirmation dialog box might also provide an > opportunity to provide other options like "This message appears to > be from a mailing list, would you like to unsubscribe? [Yes, > unsubscribe] / [No, report...]". I know at least one quite big (at least in my country) webmail provider that does exactly that. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, 5 Feb 2021, Grant Taylor via mailop wrote: On 2/5/21 1:44 PM, Jay Hennigan via mailop wrote: I blame the big webmail providers for this. The "Delete" and "Junk" buttons are too similar in the UI. Simply changing "Junk" to "Report as spam" would help a lot. I don't think the label will make much difference. Changing the effort involved /might/ make a difference. E.g. have delete be a one click action and report be a two click action vi a confirmation (blocking modal) dialog box. On my tablet, the wastebin/trash icon shows beside a menu (burger?) which opens to include the "Report spam" option. I think GMail have employed some competent user experience designers, we should see what they do before speculating. Aside: The confirmation dialog box might also provide an opportunity to provide other options like "This message appears to be from a mailing list, would you like to unsubscribe? [Yes, unsubscribe] / [No, report...]". Incentivize the more proper operation, delete. De-incentivize the less proper operation, report. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, Feb 5, 2021 at 12:58 Jay Hennigan via mailop wrote: > Simply changing "Junk" to "Report as > spam" would help a lot. Unfortunately no, it would not. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2/5/21 1:44 PM, Jay Hennigan via mailop wrote: I blame the big webmail providers for this. The "Delete" and "Junk" buttons are too similar in the UI. Simply changing "Junk" to "Report as spam" would help a lot. I don't think the label will make much difference. Changing the effort involved /might/ make a difference. E.g. have delete be a one click action and report be a two click action vi a confirmation (blocking modal) dialog box. Aside: The confirmation dialog box might also provide an opportunity to provide other options like "This message appears to be from a mailing list, would you like to unsubscribe? [Yes, unsubscribe] / [No, report...]". Incentivize the more proper operation, delete. De-incentivize the less proper operation, report. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, 5 Feb 2021, Jay Hennigan via mailop wrote: On 2/5/21 09:41, Anne P. Mitchell, Esq. via mailop wrote: On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop wrote: You can not trust users to identify spam. Sure you can. You can trust them to identify what *they* consider to be spam. It just doesn't jive with what we consider to be spam. I blame the big webmail providers for this. The "Delete" and "Junk" buttons are too similar in the UI. Simply changing "Junk" to "Report as spam" would help a lot. As I quoted in an earlier message, at least GMail already did that - OK, the label says "Report spam" with no "as" :-) -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2/5/21 09:41, Anne P. Mitchell, Esq. via mailop wrote: On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop wrote: You can not trust users to identify spam. Sure you can. You can trust them to identify what *they* consider to be spam. It just doesn't jive with what we consider to be spam. I blame the big webmail providers for this. The "Delete" and "Junk" buttons are too similar in the UI. Simply changing "Junk" to "Report as spam" would help a lot. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Also, a trusted user can be hacked and his account hijacked to send spam. > Le 5 févr. 2021 à 18:25, Marcel Becker via mailop a écrit > : > > >> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop >> wrote: > >> >> You can not trust users to identify spam. > > This. A Thousand times this. A lot of us privileged with the insight into how > mail technically works (or so) have difficulties grasping how real people use > mail. And the available abuse reporting channels. > > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop > wrote: > > You can not trust users to identify spam. Sure you can. You can trust them to identify what *they* consider to be spam. It just doesn't jive with what we consider to be spam. That is, always has been, and always will be part of the problem. Anne -- Anne P. Mitchell, Attorney at Law Dean of Cyberlaw & Cybersecurity, Lincoln Law School CEO, SuretyMail Email Reputation Certification Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Board of Directors, Denver Internet Exchange Chair Emeritus, Asilomar Microcomputer Workshop Former Counsel: Mail Abuse Prevention System (MAPS) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop wrote: > > You can not trust users to identify spam. > This. A Thousand times this. A lot of us privileged with the insight into how mail technically works (or so) have difficulties grasping how real people use mail. And the available abuse reporting channels. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Hello, On 05.02.21 17:23, Andrew C Aitchison via mailop wrote: > Would it be useful to include a link in each email header, similar to > List-Unsubscribe: and relatives, but unique to each message sent, > so that recipients could give similar feedback to the sending service ? You can not trust users to identify spam. "I don't want emails from my aunt twice a week.", "I don't want to receive this subscribed newsletter anymore, but I don't bother to unsubscribe", ... all these are "SPAM!" these days. Also receiving multiple abuse emails per week from Microsoft because users can not differentiate between "Junk" and "Trash" (if only because of language issues) really made me mistrust that system. Regards, Thomas Walter -- Thomas Walter Datenverarbeitungszentrale FH Münster - University of Applied Sciences - Corrensstr. 25, Raum B 112 48149 Münster Tel: +49 251 83 64 908 Fax: +49 251 83 64 910 www.fh-muenster.de/dvz/ smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, 2021-02-05 at 08:32 -0800, Marcel Becker via mailop wrote: > > > I don't see ignoring spam to decrease expenses > > > > I see you actually didn’t read Brandon’s mail. > On the contrary. Each starts from the position of having gotten rich giving guns to children, and proceeds to discuss the technical difficulties involved with keeping everyone from shooting each other in the face. If you're not willing to not be an asshole, it is indeed a difficult problem. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, Feb 5, 2021 at 08:07 Michael Orlitzky via mailop wrote: > > Abuse reports for non-abuse also scale linearly. No. > I don't see ignoring spam to decrease expenses > I see you actually didn’t read Brandon’s mail. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, 5 Feb 2021, Camille - Clean Mailbox via mailop wrote: Not an easy to determine what is a justified abuse report and what is not... On Fri, Feb 5, 2021 at 4:38 AM Michael Orlitzky via mailop < mailop@mailop.org> wrote: Pay more and more people to do it, until the number of unhandled abuse reports at the end of the day is zero. It scales linearly. So you would gladly pay thousands of people to deal with abuse reports which are, well, not actually abuse reports. And a lot of them. I wouldn't. For the sake of the sanity of those people alone. I agree that this is a job that requires judgement but that may not be good for the person's well-being. I cannot comment on the long-term effects on an AI. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Inspired by the two exchanges quoted below: GMail (and presumably other ESPs wit web frontends and mail apps) has a "report spam" button for human's to ... report individual messages as spam, which I belive is fed back into the spam-classifier. Would it be useful to include a link in each email header, similar to List-Unsubscribe: and relatives, but unique to each message sent, so that recipients could give similar feedback to the sending service ? Sure, it will be gamed, but I'd hope that was easier for an AI to spot in volume than for it to classify spam/not-spam. On Fri, 5 Feb 2021, Hal Murray via mailop wrote: Brandon Long said: If you received say... a million ab...@gmail.com emails a day, how would you handle that? How much would it help if there was a machine readable format for spam reports? What would you want in such a report? Are comments like "sent to a spamtrap" or "harvested from usenet" or "repurposed from xxx" helpful? How often do you need more than just a copy of of the spam? For example, if the spammer rotates his server address, it may have moved between when I looked it up and when you look it up. and On Fri, 5 Feb 2021, Marcel Becker via mailop wrote: On Fri, Feb 5, 2021 at 4:38 AM Michael Orlitzky via mailop < mailop@mailop.org> wrote: Pay more and more people to do it, until the number of unhandled abuse reports at the end of the day is zero. It scales linearly. So you would gladly pay thousands of people to deal with abuse reports which are, well, not actually abuse reports. And a lot of them. I wouldn't. For the sake of the sanity of those people alone. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, 2021-02-05 at 07:26 -0800, Marcel Becker via mailop wrote: > > So you would gladly pay thousands of people to deal with abuse > reports > which are, well, not actually abuse reports. And a lot of them. I > wouldn't. > For the sake of the sanity of those people alone. > Abuse reports for non-abuse also scale linearly. I don't see ignoring spam to decrease expenses are morally superior to sending spam to increase revenue, but feel free to think that the negative signs make you a better person. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Not an easy to determine what is a justified abuse report and what is not... > On Fri, Feb 5, 2021 at 4:38 AM Michael Orlitzky via mailop < > mailop@mailop.org> wrote: > >> Pay more and more people to do it, until the number of unhandled abuse >> reports at the end of the day is zero. It scales linearly. >> > So you would gladly pay thousands of people to deal with abuse reports > which are, well, not actually abuse reports. And a lot of them. I wouldn't. > For the sake of the sanity of those people alone. > > - Marcel > > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Thu, Feb 4, 2021 at 7:58 PM Brandon Long via mailop wrote: > > We can always do better. When people start to complain, it probably means > we're missing something new or have let the low level things grow too much. > Thanks. > I really admire you. That you took that time to explain the actual problems at scale -- something some people have trouble grasping, when they look at their own hosted mail server on their linux box. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On Fri, Feb 5, 2021 at 4:38 AM Michael Orlitzky via mailop < mailop@mailop.org> wrote: > > Pay more and more people to do it, until the number of unhandled abuse > reports at the end of the day is zero. It scales linearly. > So you would gladly pay thousands of people to deal with abuse reports which are, well, not actually abuse reports. And a lot of them. I wouldn't. For the sake of the sanity of those people alone. - Marcel ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
