Does the tech industry's own communications practices make it too hard to effectively filter spam? One reader who has been studying anti-spam solutions says the industry's communicators have to pay more attention to the spam-like characteristics of their own e-mail.
"This is a long-winded gripe about how industry email communications are making the job of preventing spam harder," the reader wrote. "I've been comparing anti-spam solutions. A primary method these products use is a point system to weigh well-known spam characteristics. If the sum of all points is greater than a threshold, the item is considered probable spam and several actions may be taken - reject it outright; quarantine it; or tag it in the subject, header or body and let it pass.
"Unfortunately, many of the spam characteristics tested are included in an increasing number of valid industry communications such as e-newsletters, seminar invitations, product price quotes and so on," the reader continues. "In some cases these communications fail miserably in comparison to other blatant examples of spam. Let's say a threshold may be 100 points with a good deal of spam only rating 120 or 130 points. A fair number of industry newsletters are coming in at much higher point values. One of the biggest offenders I've seen is eWeek's "eNews & Views" newsletter coming in at almost twice the threshold that stops 70%-80% of our spam. Some of the more spam-like characteristics identified are: 'Risk free' link included; Message claims you registered with a partner; HTML font color is same as background; Message-Id header line was added by a relay; Multipart message only has text/html MIME parts. There are several others."
In the spirit of impartiality, let me briefly interrupt the reader with another example that several other readers recently reported and that I saw for myself. In early April, InfoWorld marketing sent out an e-mail asking some subscribers to confirm their preferences on receiving e-mail messages with "special offers from our advertisers." The message was full of phrases characteristic of spam, so much so that a copy of the message sent to one of my old IW addresses was flagged by InfoWorld's own spam filter. ("Message claims to be in compliance with Can-Spam, so it must be spam," IW's spam filter program noted with quite reasonable logic.) In fact, at first I thought the message might be some bizarre type of phishing scam until InfoWorld confirmed it was for real.
When trusted sources send messages that read like spam, the reader noted, it makes effective spam fighting all the harder. "This leads to a high percentage of false positives," the reader wrote. "Anti-spam solution vendors point to host or address whitelisting as the workaround. Unfortunately, there are so many false positives now that the workaround may mean typing in potentially hundreds of whitelist entries. The burden of spam is then not lifted, but shifted to administration of whitelists. Consequently, if one rejects spam outright, valid email WILL BE lost. If one merely tags spam, then no relevant relief is gained for the end-user. So the only remaining answer is quarantining to allow the borderline industry communications and other badly constructed, legitimate email to be salvaged.
"A lot of anti-spam products produce convenient web pages which users may access to manually release or reject their quarantined email," the reader wrote. "For the most part, I find this a plus. But, with so many false positives happening, in some cases users may have to weed through dozens or hundreds of quarantined items to find legitimate messages. This also lets them release messages which don't comply with the company's acceptable use policies. In the end, I suspect many either release everything and still have a spam problem, or they reject everything and lose desirable messages. That's a no-win situation for everyone -- users, e-mail admins and industry alike.
"Whose fault is this?" the reader asked. "The anti-spam solution providers who aren't designing good enough engines and misidentifying messages, or those in the industry who aren't constructing messages which make their communications less spam-like? I believe the corporate bottom line drives anti-spam vendors to do everything they can to innovate competent solutions. Therefore, the onus of responsibility falls squarely on industry. I demand they stop contributing to the problem by making their communications more friendly to anti-spam engines at the expense of flashiness and expediency. Given time, the developers of these products will make steady gains against the surge, but in the meantime, we don't need marketing people blurring the line between what is good and what is trash."
Read or post comments about this story here.
1:57:45 AM 
|
|
