The anti-spam implications of email being multiple things in one

June 10, 2012

One of the immediate corollaries of there being lots of different sorts of email and there being no reliable way of telling them apart is that different people can wind up basically using completely different flavours of email. For example, some people in your organization may basically never use email for real time conversations, at least not with outside people, while others may need to use it this way all the time. An important consequence of this is that at least some anti-spam precautions on incoming email are intrinsically dependent on the receiver; whether or not they're usable depends on what sort of 'email' the receiver actually uses out of all of the various options.

Let me elaborate on that. I used to feel that anti-spam precautions could be one size fits all, and the main reason to offer users options was because not all of them had been persuaded that our recommended set of options were fully trustworthy and the right answer. This is clearly wrong for at least some anti-spam options; the obvious example here is greylisting, which implicitly uses the heuristic that a new sender can't be sending real time email. This is more or less correct for many people but is also clearly incorrect for some people, who as a result intrinsically can't use greylisting.

(The argument that greylisting advocates might advance here is that someone sending you an email for the first time has no idea how fast you'll respond; only after you respond immediately do things become real-time. This is wrong because it ignores knowledge and expectations that the sender may have from stuff outside the email system.)

Thus our need to offer our users at least some options for anti-spam processing is essentially intrinsic and always going to be there. Because different people may well use email differently, there is no one size fits all set of anti-spam precautions (unless we can somehow find a lowest common denominator of precautions among everyone and then offer only that); different people need different options and we need to offer them the choice.

(This casts an interestingly different light on the question of what options we need to offer; it's not just how people think about spam filtering, it's what they need and want out of email from external people. Since I just came to this realization recently I don't have any answers, just something to think about.)

Written on 10 June 2012.
« Modern email is actually multiple things in one system (mailer timeouts edition)
Choosing how slowly your mailer should time out email »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jun 10 00:53:57 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.