This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Email Spam & Spam Abuse Definitions
- Previous message (by thread): [anti-abuse-wg] Email Spam & Spam Abuse Definitions
- Next message (by thread): [anti-abuse-wg] Email Spam & Spam Abuse Definitions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Mon Apr 29 12:32:23 CEST 2019
In message , ac <ac at main.me> writes > >Okay, so I am assuming then that my definitions of spam are accurate. They are out of date ... on the big platforms (where perhaps 90% of the world's mailboxes are now to be found) spam detection is entirely an automated process ("machine learning" systems, with some guidance from skilled humans as to what they should definitely reject) These machine learning systems do the learning part by observing how the users (the people whose mailboxes the systems are protecting) deal with their incoming email. If the email is rapidly deleted or "marked as spam" then the systems learn that the email was in fact spam. If the email is automatically placed into a "spam folder" but the user interacts with it and marks it "not spam" or moves it into their inbox so that they can reply then the system learns that it has made an error and that more email of a similar type should not be treated as spam As a result of this the working definition of spam for 90% of all mailboxes is "email that is not wanted in the inbox just at the moment" This definition is not directly based on "permission" or "bulk" or any statutory definition -- though emails that are sent with permission or that are not sent in bulk are less likely in practice to be classified as spam. >My point is that even "verify your email address" could be Spam Abuse. Yes I agree (and if enough of the people who receive such messages agree as well then such email will end up in the spam folder or will be rejected). Now of course the skilled humans may seek to override what the machine learning system decides (typically for example, emails from airlines containing boarding passes are deemed never to be spam) but this overriding depends entirely on the senders cooperating (an airline that sends marketing email from the same machines and with the same crypto identifiers as their boarding passes is going to rapidly find that their "deliverability" quickly declines. >Recently I received around 14 "verify your email address" emails in the >same 15 minutes... There are systems, used by criminals, who will deliver hundreds or even thousands of these within a short time period. They are used to flood mailboxes so as to hide account takeover and other wickedness. A short time spent with a search engine will find these :( >I would say that sending so many "verify" emails, in such a short time, >is Spam Abuse I would say that it was a pretty small attack ... but I could not say why it happened to you. If it happened to me I would look very carefully at the rest of my email that day. >Is anyone willing to venture a number and time period for what would be >considered 'fair' in terms of sending verification emails? Systems that fail to ensure that such emails cannot be automatically generated (by adding CAPTCHAs for example) need to be updated. This will benefit the system owner by ensuring that all signups are genuine. You might also usefully read ... https://www.m3aawg.org/rel-WebFormHeader ... though in practice take-up of the proposed header has been limited and if you are going to update your systems to generate it you might as well update the relevant web pages to add CAPTCHAs, randomise field names or whatever else you think will prevent automated list bombing. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 185 bytes Desc: not available URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190429/d694bf66/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] Email Spam & Spam Abuse Definitions
- Next message (by thread): [anti-abuse-wg] Email Spam & Spam Abuse Definitions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]