Why I am not really interested in hearing blacklist appeals

October 27, 2007

From a comment on a previous entry:

There is considerable merit in allowing blacklisted sites to contact you to let you know that you've blacklisted them in error.

I'm not really convinced of this; especially I am not really convinced that it's at all useful to make it easy to do so from the outside, for example by never blocking email to postmaster. For a start, if a blocked site contacts me to say 'we are trying to mail your users but you are rejecting us', how am I supposed to know that they are not lying?

Really, the only people I want to listen to about this are my users, so I want my users themselves to tell me 'some email that I want is not getting through'. If an outside site wants to get un-blocked, they're best off by getting in touch with whichever of our users they're trying to mail and having that user ask us to fix the situation.

(Pragmatically, anyone who really wants to get through an email blocklist has lots of ways that don't even cost money, for example sending from Google Mail, so it should not be hard for such places to reach our users to let them know.)

Even if I was mandated to allow blacklisted sites to directly contact us, I do not think I would do it by email, and especially not by a well known common email address like postmaster, because well known email addresses invariably get hit by spam, so I would expect almost all email to postmaster to be spam, which is not a good recipe for spotting the one appeal email in five hundred spams. I think that a far better way is to use a web form or some other non-email method; if you have to use an email address, it should be specific to your site and probably change every so often. (Put the URL, or the email address, in the text of the SMTP error message.)


Comments on this page:

By Dan.Astoorian at 2007-10-29 11:03:36:

For a start, if a blocked site contacts me to say 'we are trying to mail your users but you are rejecting us', how am I supposed to know that they are not lying?

Firstly, because spammers don't typically bother to contact postmasters for that purpose; it's usually much easier for spammers just to find a host you're not blocking and send their spam from there.

Secondly, because such requests often include details that a typical spammer would not bother to dig up (e.g., "I am trying to reach Professor So-and-so in regards to a paper he published in Spring 2006...") Such requests aren't uncommon in my experience, and as far as I know they've been legitimate every single time.

Really, the only people I want to listen to about this are my users, so I want my users themselves to tell me 'some email that I want is not getting through'.

This presupposes a backchannel whereby your user can find out (in a timely manner) about the mail that isn't getting through, and a willingness of the correspondent to go to the trouble of using it.

IMHO, part of providing good IT service is fixing problems before your user is aware of them.

Also, unless you only use blacklists which you explicitly manage, you have delegated decisions about who you will accept mail from to one or more outside parties. How do you explain to a researcher that not only did you let someone else decide that the response to his grant application wasn't legitimate correspondence, but that you deliberately made it harder for the sender to bring the problem to your attention?

--Dan

From 128.117.8.11 at 2007-10-29 18:57:22:

I've received the occasional whinge from someone who was blocked for spamming, or thought they were because they were under the misapprehension that's the only thing that could cause mail to fail.

Most typically, the whinge is from an industrial spammer (Return Path, Roving Software, iContact.com, etc.) claiming that our users want their mail, and they don't spam. Ergo we should not block them. In those cases, however, their two claims are always lies. Our users don't want their mail, and the senders do spam. Usually, they spam incessantly and over-eagerly. Ergo, we keep the blocks in place.

In the rest of the cases, it's someone complaining that they're unable to reach someone who isn't even one of our users. Enh.

There's little utility in keeping postmaster@ unfiltered to get that. It's a waste of time. We want legitimate mail to postmaster@, but not the crap.

Still, for those that can't use an unblocked net or domain to reach us with their reports of potential errors, we offer a web form. It's accessible from a web page referred to in all our delivery refusal messages. It gets about 2 hits per year. All in all, a workable compromise.

Still, in practice we're at best going to tell the person reporting the "error" that they don't have standing, as they're not paying us for connectivity. Sometimes we'll quote their past spam back at them. Most of the time we won't.

Only our paying users can get results from unblocking requests. Moreover, those can be honored whether or not the sender is more generally a spammer.

So, in the end, there's little to no merit (for us) in allowing blacklisted sites to contact us about "errors". Those are all mistakes, or more often, clumsy social engineering attempts on the part of spammers. Instead, we'll listen to our users.

By cks at 2007-10-29 20:00:44:

Pump and run spammers don't bother doing anything, but mainstream professional spam outfits (and people who are operating dirty lists on their own) do every so often attempt to contact postmasters and persuade them to let the spam through. Of course they don't call it spam; they call it valuable email notices and so on.

If a correspondent is going to mail anyone after a bounce, I suspect that in this day and age, more people will try mailing their target again from a different email provider than will try emailing postmaster. People are not stupid and mailing a postmaster almost never does anything, whereas mailing again from a different place often does.

In the local environment, the answer to how to explain things to researchers was that we don't, because the mandate is to let all email through unless people explicitly opt in to other things. In the other environments I did this for, my answer would be 'all spam filtering is heuristics; this heuristic makes sense to us, for the following reasons, but if there is evidence otherwise we will re-evaluate it'.

Written on 27 October 2007.
« The Slashdot effect is not like regular load
The inconvenience of some DWiki design choices »

Page tools: View Source, View Normal.
Search:
Login: Password:

Last modified: Sat Oct 27 23:18:47 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.