Forum FAQ - Spam

This is another of those topics which comes up on all mailing lists from time to time - how to get rid of spam. There are plenty of detailed discussions elsewhere about how to avoid it or filter it out, so these are just the main points.

Definition:

spam n: any unwanted email sent to you by somebody you don't know and to whom you have not given explicit permission to send messages to you. Often, but not limited to, commercial advertising, invitations to pornographic web sites, or financial scams.

Incidently, please always ensure you do not write "spam" all in capitals when you are talking about junk mail. The trademark holder for the original meat product (Hormel Foods) is very happy to let the Internet community use the word (not that they had a lot of choice!), but have asked that the all-capitals spelling (SPAM) is reserved for their product. See their page here.

To avoid getting any spam in the first place, you need to ensure that your email address is never revealed to an unauthorised party or shown in a public place like a web page. Once your email address is in the public domain, it is only a matter of time before you get onto a spammer's distribution list, and once there it is impossible ever to get off. This is one of the reasons why the Forum privacy rules prohibit any form of public archive of Forum postings: if you do get spam, it's unlikely (though not impossible) to be because you posted to the Forum.

If you are getting spam, and you are willing and able to change your email address, that is an effective (if inconvenient) way of leaving the problem behind.

Otherwise, you have to rely on filtering the spam out so that, although it is still sent to you, you don't have to see it all in your inbox.

There are various ways of doing that, some good, some not so good:

• Getting your email provider to filter it for you. This can be very effective, as long as your provider operates a good filtering system (some are better than others).
• Use an anti-spam utility on your own computer. Can be effective, but badly-written utilities (and some of the best known are also among the worst!) can cause you to lose mail, or receive and/or send duplicates.
• Use any built-in spam protection offered by your email program. This can be effective too, and avoids the pitfalls of a separate anti-spam utility.

Wherever the anti-spam tool runs, there are some general points which you should take care to follow in order to avoid collateral damage:

• Never configure the system to reject or delete spam altogether, unless it originates from a known verified source of persistent spam and it fails content-based tests as well. Always arrange for suspected spam to be diverted into a separate mailbox, and periodically check it to ensure nothing has been trapped by mistake.
• Never be tempted to enable a rule that only accepts email from people in your address book. At least, only do this if you expect never to join any kind of mailing list, and never to take part in any discussion outside a small circle of existing friends! Most modern mailing lists (including all the Greenbelt lists) send out their emails with a slightly different sender each time: this is necessary in order to handle bounces reliably. A list owner may also occasionally need to contact you for administrative purposes, and if you don't see and reply to such emails, you are liable to find yourself removed from the list.
• Never subscribe to a service or install software which requires senders to "confirm" that they are legitimate. The same arguments about "only people in my address book" rules apply here, but more so. The vast majority of senders will not follow any click-through link, and in fact anybody with any sense will ignore this kind of thing for security reasons.
• Never deliberately add the addresses of legitimate mailing lists to your "reject" list, or click a "this is spam" button, just because you are too lazy to find out how to unsubscribe properly! Whilst you may successfully get yourself unsubscribed from that list, you may find yourself banned from several others too.
• If you do look at a piece of spam, never reply to it or use any provided "remove me" link: all that will achieve is to confirm to the spammer that your email address is active, and will guarantee you even more spam, not less.

Some spammers will use their own real email address. If they do so, it's probably because they are using a spam-friendly ISP who doesn't care about the legality or social acceptability of spamming.

Usually, though, all the email addresses in the spam's headers (and SMTP envelope, which is used for returning bounces) are faked. Nearly always these addresses don't exist at all, but occasionally they are deliberately set to be the address of an innocent third party. If you have ever received bounce messages relating to emails you've never sent, you'll know what a serious problem this can cause.

In either case, it's seldom worth trying to complain to anybody. Unless you are very experienced in tracing emails (by analysing the additional tracking information added by email servers), it's best just to delete any spam you receive.

The only exception is where you think the spam breaks the law in your own country, and the spammer appears to reside in the same country, and has provided a postal address or phone number: it may then be worth reporting it to your local police.

Whilst spam is undoubtedly a serious menace on today's Internet (some estimates put it as high as 80% of all emails sent and received being spam), the use of over-zealous spam filtering systems are frequently as much of a problem as the spam itself. The cure can be worse than the disease...

The main issue is the risk of losing legitimate email messages. Most filters err on the side of safety, reasoning that most people can cope with the occasional bit of spam, but that losing a real message is a serious problem which must be avoided at all costs. Typically, filters employ a scoring system, based on a large number of different criteria, no one of which can result in a classification of "spam" by itself, but in combination they give a good indication of which messages are junk and which are real. Messages which are clearly junk (ie. which fail multiple tests) might be deleted outright or rejected before they even reach your inbox; borderline questionable messages might be filed away in a separate folder, where you can still open them if they turn out to be OK.

Some large email providers, however, take a different approach. In a futile attempt to reduce the amount of spam to zero, they impose draconian rules on behalf of all of their customers. This inevitably results in significant amounts of lost email, but in practice only has a marginal effect on the amount of spam received. Typically there is little or no provision for individual customers to opt for a lighter touch.

The most risky systems are those which block entire mail servers or networks from being able to send any email to the provider in question. So-called "DNS Black Lists" (DNSBL) of servers which have been implicated in distributing spam do have a valuable place in the anti-spam armoury, but only in conjunction with other criteria, never by themselves. This is because such blacklists contain large numbers of "false positives" - ie. servers and networks which are not sources of spam, but which have been added to the list, accidently or maliciously. Any blacklist which is built automatically, based on end-users clicking a "this is spam" button, is particularly prone to this. The archetypal examples of this are the AOL in-house blacklists, but some other providers have similar policies.

Some providers take this a step further, and publish "rules" which they expect servers to follow in order to be "allowed" to send them email. At one extreme, the rules might be simple restatements of the Internet Society RFCs: this is quite reasonable, since systems which do not follow the basic principles do nobody any favours, and need to be encouraged to mend their ways. At the other extreme, however, some providers demand real cash, dressing it up as a "priority email" scheme. In between these extremes is a range of other hoops to jump through, which might include having to apply (with a varying amount of paperwork) to join a whitelist of some kind, or having to implement experimental technical measures like SRS or DKIM on which the jury is still out as to effectiveness. Such rules will in practice be ignored by the vast majority of server administrators around the world, and the end result is that the customers of these providers will simply not receive all the email they expect.

When a customer of one of these over-zealous providers notices that they are not receiving email, perhaps from a mailing list or from one or more regular correspondents, their first thought will often be that it's the sender which is at fault, especially if other email is still arriving. As you can see, however, this is a rash assumption. In fact, it is far more likely that the problem lies closer to home. If you find yourself in this situation, you should follow these steps:

1. Check your spam folder. If you find the missing emails there, see if you can adjust the settings of the spam filter so that future similar emails are not treated as junk. If the filter is run by your email provider, this may or may not be possible, though with some systems it can be as simple as clicking a "this is not spam" button.

   Some filters (particularly those run by large webmail providers) can be told to accept email from addresses in your address book. For individual correspondents, this can be a good solution, provided it doesn't go to the other extreme and treat all unknown addresses as junk. For mailing lists, it might not be possible to find a single email address to add (see the What not to do section above for the reasons).

2. Contact the sender of the missing email by some other method (eg. by phone, or using a different email provider if you can), just in case it is a problem at their end after all. In the case of a mailing list, contact the list manager (for the Forum, this is forum-owner@greenbelt-forum.org.uk). Do not send a "test" message to a mailing list just to see if it's still working.

3. If all else fails, raise a support ticket with your provider - or change provider to one with a more realistic filtering policy. It's unfortunately quite rare for email providers to take any notice at all of fault reports sent to them by non-customers. They might not take any notice of you either, but you've got a slightly better chance!

Please send comments on this page, or suggested updates, to me (not the list).

Back