<<< Date Index >>>     <<< Thread Index >>>

[IP] Spam Controls Imperil E-Mail Reliability



------ Forwarded Message
From: Thomas Leavitt <thomas@xxxxxxxxxxxxxxxxx>
Date: Sat, 26 Feb 2005 16:01:12 -0800 (PST)
To: <dave@xxxxxxxxxx>
Subject: Re: Spam Controls Imperil E-Mail Reliability

This has been obvious to me for years, ever since the spam problem got so
bad that people began using filters seriously. Someone I work with on a
regular basis tells me that the firewalls and email filters put in place
by the IT people at some of the firms she deals with make it almost
impossible to communicate effectively with their employees via email.
They've resorted to faxing, and using web based file sharing sites to
enable information to be exchanged. I recall one client telling me that it
takes a week on average for the IT department at a firm he deals with to
release email caught by their spam filter.

Bruce Schneier's "Crypto-Gram" newsletter was recently routed into my spam
folder by SpamAssassin, because it contained pointers to two URLs that
have been blacklisted. Imagine what would happen to a security or email
newsletter whose topic was spam itself.. I know that unless I check my
Hotmail junk mail folder religiously, I lose mail through it on a regular
basis. A client of mine loses way more than three or four desired messages
a week due to the spam filters he has enabled, and still receives lots of
nasty spam that alarms his employees.

Blacklisting is simply not working well enough. We need a system that,
without inviting abuse, can enable legitimate email newsletters (like
"Crypto-Gram") to bypass spam filters automatically... and preferably one
that can enable trusted individuals to do so as well. I would imagine that
with such a system, in short order, 99% of the folks sending you
legitimate email would be automatically whitelisted (based on being on
other folks whitelists) and that it would become rapidly apparent who was
a legitimate sender and not.

Regards,
Thomas Leavitt

From: David Farber <dave@xxxxxxxxxx>
Subject: Spam Controls Imperil E-Mail Reliability
Date: Fri, 25 Feb 2005 17:53:14 -0500


------ Forwarded Message
From: <GLIGOR1@xxxxxxx>
Date: Fri, 25 Feb 2005 17:47:26 -0500 (EST)
To: <dave@xxxxxxxxxx>
Subject: Spam Controls Imperil E-Mail Reliability

For IP, If You Wish...

Spam Controls Imperil E-Mail Reliability

By ANICK JESDANUN
.c The Associated Press

NEW YORK (AP) - Sometimes the only way to know whether an e-mail got through
is to call. Just ask Ashley Friedlein, who runs E-consultancy Ltd. in
London. He never heard back from a correspondent in the United States, a
subscriber of Verizon Online. So he phoned and learned his e-mail was never
received.

``I wouldn't have known anything about it had I not called to check'' he
said.

Blame the mishap on increasingly aggressive spam controls employed by
Verizon and other e-mail operators.

As spammers identify new tricks for sneaking their junk past software
sentinels, service providers' technical parries could put even more
legitimate mail at risk.

Spam and spam-fighting have ``in some cases eroded the reliability of the
mail system,'' said Eric Allman, chief technology officer of leading e-mail
software vendor Sendmail Inc. ``Now a lot of mail gets filtered out.''

A typical user might lose anywhere from a legitimate message every few
months to as many as five a week, estimates Richi Jennings of Ferris
Research.

A lot of spam simply ends up in junk folders that recipients never check.
But sometimes service providers reject such messages outright, meaning
recipients have no control even if they turn spam filters off. In such
cases, senders don't always get non-delivery error messages, even though
Internet standards encourage them.

Most of the recent complaints have been directed at Verizon.

Though the company denies it has changed its policies, leaked excerpts from
an internal memo that circulated late last year talked of new techniques
that might disrupt legitimate e-mail.

Verizon spokeswoman Bobbi Henson confirmed the memo's existence but said it
contained inaccuracies and had been retracted.

Henson denied assertions that Verizon had blocked entire countries in Europe
based on their Internet addresses, and she said decisions to block certain
service providers were limited to a few in Asia that were sending nothing
but spam. She insisted Verizon's anti-spam controls were standard industry
practices.

Still, complaints continue.

Joseph Gaila, a Lithuanian now retired in Ellicott City, Md., says he and
his wife missed several Christmas greetings from relatives abroad. He said
he used to get one or two messages a day from Lithuania but suddenly
received none for weeks.

Fabio Turone, a science journalist in Milan, Italy, says he tried
unsuccessfully from at least three different accounts to e-mail a Verizon
customer in Kingston, N.Y. Finally the pair created a Yahoo message group to
communicate.

Five Verizon customers have jointly filed a lawsuit in Los Angeles Superior
Court, alleging Verizon breached its contract by failing to provide a
dependable e-mail service. A Philadelphia-area law firm is seeking
arbitration, arguing that it lost potential clients.

``When you go to work every day, you expect e-mails to you will be gotten to
you on a regular basis,'' said Michael Boni, a Philadelphia attorney who
filed both cases.

Henson, who had no comment on the litigation, acknowledged that legitimate
mail could get lost or delayed, but said customers were demanding action,
because as much as 80 percent to 90 percent of all incoming e-mail is now
junk.

``If we didn't block we would have so much volume that our platform couldn't
even handle that,'' she said. ``Instead of just a small number of customers
not (getting legitimate mail), virtually everyone would not be getting
mail.''

Verizon offers a completely unfiltered e-mail account upon request but few
have opted for it, Henson said.

Although Verizon has been getting the recent attention, it is hardly alone
in misclassifying legitimate messages as spam.

In the industry, such mail are known as ``false positives.'' E-mail lists
and newsletters sent in bulk are often misclassified.

There's no good way to tell which service providers are better at handling
legitimate messages because they all tend to be secretive about their
specific techniques and change them regularly to keep spammers off guard.

Nonetheless, some service providers are becoming more aware of the risks.

``On a percentage basis, generally it's not a huge issue,'' said Kevin
Doerr, product unit manager for Microsoft Corp.'s Hotmail service. ``Of
course, for most human beings, one false positive is one too many.''

In response, Microsoft and Yahoo Inc. say they now have mechanisms for
quickly refining filters should users start reporting mail in spam folders
as ``not junk.''

E-mail providers are more willing to let legitimate senders prove their
worth and get themselves on ``always accept'' white lists, said Stephen
Currie, director of e-mail products at EarthLink Inc.

``Before, it was all, `Let's identify the bad,''' he said.

Microsoft, Yahoo and America Online Inc. also have been working on ways to
authenticate e-mail senders - to identify legitimate senders and bless their
messages before spam filters kick in.

But even as service providers get smarter, so have spammers.

They have new software that automatically routes junk messages through a
real user's Internet service provider so spam traffic gets mixed with
legitimate mail.

``We're going to start seeing more stories of desperate ISPs blocking all
mail from Comcast, Verizon, Cox and Road Runner,'' warned John Levine,
co-author of ``Fighting Spam for Dummies.''

Bruce Gingery, a security consultant in Cheyenne, Wyo., says users should
simply get used to losing mail.

``Even though people are relying more and more on e-mail, e-mail was never
designed as a guaranteed delivery medium,'' Gingery said.

Service providers, he said, are only required to make a ``best effort'' - a
term left open to wide interpretation among mail providers.

Anick Jesdanun can be reached at netwriter(at)ap.org



02/25/05 14:09 EST

Copyright 2003 The Associated Press.


------ End of Forwarded Message



------ End of Forwarded Message


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/