The Truth about Spam

Spam is a significant problem created by the Internet. The cost of spam is extremely high - not just in time, but in failed contacts - If you have an Anti-Spam system for your email, there are a few things you need to be aware of. Here's what we have picked up from our time with G-mail:

1. Never, never, never place an unobscured email address on your website. Never.

The typical spam process goes like this.

  • Computers are infected with software that will scan websites for text that looks like an email address
  • These viruses will also look through your computer (email, cached webpages, docs, etc) looking for addresses
  • The addresses are sent back to a central site where they are sorted [and optionally, sold]
  • Addresses are sent to other infected computers, and they send the spam to you.

myemailaddress [at] example [dot] com  is not obscured.  The bots can easily work out what it is. Using some javascript; or images, works well. 

Failure to hide email addresses from the bots can give you thousands of spam messages per day.

2. They won't tell you about the False Positive Detection Rate

This is where perfectly good email is directed to spam. You could be missing out on many opportunities if you're a business!  And if your provider uses data from a specific Blacklist (which I won't name), you won't even know about it.

Having mass Viagra emails, that all look the same, go directly to spam is a good thing... I have no complaints.  But having something that looks totally different to the mass-emailed messages should never go to spam - instead it should be delivered to your inbox with something that indicates that it is Suspicious

G-Mail has a very high false positive rate, and we have missed many an email because of this.  Also: forget the "Mark as Spam" option - Google has special arrangements with some companies to always deliver the spam to your inbox, despite it being in Japanese, and you have marked it as spam over 300 times.

3. While your account is being bombarded with Spam, Genuine email cannot get through

Here's something Google won't tell you - If you are receiving email at a high rate (4 or 5 per second?), the system will bounce email. Even good email. And you, as the receiver, won't even know it.

  450-4.2.1 The user you are trying to contact is receiving mail at a rate that
  450-4.2.1 prevents additional messages from being delivered. Please resend your
  450-4.2.1 message at a later time. If the user is able to receive mail at that
  450-4.2.1 time, your message will be delivered. For more information, please
  450 4.2.1 visit ...

With the millions of messages processed by google each hour, they know the ip addresses of infected machines.  Google's mail servers should be aware of these, and quickly reject any attempts by these machines. But it doesn't

By doing this, it would allow genuine email to get through without getting the "We're receiving email too fast" message. But if you're a gmail user, you'll probably never know this has happened, so this problem will never be fixed.

4. Most Email Services incorrectly use Blacklists

Black lists are lists of IP Addresses that are known to send spam. There are a number of companies that provide Blacklist data.  It sounds good in theory, but:

  • the email service often use a Blacklist to reject email instead of classifying it as Suspicious or Spam
  • a few Blacklists will quickly add an ip address (without evidence), but will take their time removing it (or even ignore your request, or not allow you to remove it at all) 

What this means is that someone may be trying to contact you, but because of the way the mail server is configured, the message will never be delivered.  And most times, neither party is informed.

The only way that spam can be stopped is to get a team together from all the major players to design a new secure system to deliver email. A system when the Sender cannot be faked and is held accountable for what they send.

And that is possible. My question:  Why hasn't it been done?

the microsoft has you