2011-05-21
One of my irritations: outgoing email that was scored as spam
When I was setting up our mail system, one of the questions I asked myself was whether we should run our outgoing mail through our spam scoring system. Then I came to my senses.
You see, one of the things that I find really irritating is getting a spam message that has been thoughtfully scored as spam by the sending mail system. It adds that little extra bit of smug salt to the wound; sure, the sending system knew it was spam (and therefor bad) but so what, they decided to deliver it anyways. It's bad enough to unknowingly deliver a bad message, especially in today's world, but it's actively antisocial to knowingly do so.
(I'm not talking here about systems that are forwarding email for me; this is about outside machines that originate or at least relay spam to me.)
Of course, I understand that this is not malicious (one could quibble about whether it qualified as 'deliberate'). Generally I expect that one of three things is happening: either the people involved have never thought about this (perhaps they did not expect their webmail system to get compromised), or they are using software that gives them no option to block the messages, or there has been a political decision made that outgoing messages simply can't be blocked regardless of what the spam scoring system thinks about them.
From the outside, none of that matters to me. What matters is that they clearly and visibly had a chance to stop me getting spammed and they chose not to do so.
This is why I consciously chose not to run outgoing mail here through our spam tagging system; I expected that in our environment there was essentially no chance that we could get approval to block outgoing email that the black box of our spam tagging system didn't like.
(I suspect that this is especially so because, like so many other places, outgoing spam is simply not supposed to happen; protecting against something that's basically a once every ten years event at the expense of some non-zero level of false positives is, well, a hard sell to many people.)
2011-05-07
Email has two faces today
I've recently realized something about email. In the modern world, email has become at least two applications in one. Email has become both an internal communication system and an external communication system, where 'internal' and 'external' are not necessarily based on organizational boundaries but are also a matter of a trusted circle of regular correspondents.
(I'd argue that this split exists even if your job involves dealing with the outside world. Email from your boss is still at least somewhat different from email from customers and would-be customers.)
This split matters because the two have very different reliability requirements. The internal system needs its messages to get through all of the time; to put it one way, it's not acceptable to miss an email from your boss because your spam filter ate it. At the same time, this doesn't mean that the external communication system should have only minimal spam filtering. If it needs to have minimal filtering to make sure you never miss email from your boss, that's a bug that needs fixing.
(The two different systems also have quite different spam levels. In most environments the internal system has no spam at all, while for typical people the external system is basically all spam because they almost never get email from real people who are outside their regular circle.)
I suspect that many email systems already embody some form of this realization. Certainly ours treats email from inside machines somewhat differently than it does email from outside machines, although at the time that I configured it I was only thinking 'let's avoid a bad explosion if any of our machines ever get listed on a DNS blocklist'. (Answering the question of why it would be bad to block an internal machine in that situation leads to my realization.)
There are obvious corollaries for spam filtering techniques, although the more I think about the issue the harder it is to do anything simple. Perhaps the easiest thing to do is to relax spam filtering rules based on the extent that you're truly sure something is internal communication, but that probably needs a bunch of site-specific and person-specific rules.
(The general challenge is being able to reliably tell internal communication apart from external communication in the face of spammers trying to fake the system and people using outside email systems like GMail. How do you tell apart a spammer using GMail from one of your users sending from their GMail address?)