There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon This reminded me of that one Twitter thing where they tried to develop an automated system to combat hate posts from white supremacists, but had to shelf it because it would mark posts from official GOP politician accounts
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon I'd say legitimacy is created through active consent, opt-in only. Because when I absolutely *want* to receive 'product news' from the people whose stuff I enjoy using every day, I don't consider it spam at all.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon Honestly, the hardest thing in email anymore is getting your legitimate emails through to the big three when you aren't using their services. I do not regret leaving gSuite or whatever they call it this month, but managing one's MX reputation can be a pain in the ass.
-
@azonenberg @danslimmon most spam I get is badly formatted and gets rejected by postfix even before my spam filter gets to see it. The most common fail is no reverse DNS.
And my spam filters then rejects most of the rest, they don't even get into my spam folders.
So most of the marketing emails I get to see are from companies I have bought from in the past and I've decided I want to see when they are running sales: useful for items I regularly buy such as bike brake pads.@marjolica @azonenberg @danslimmon
If we blocked no reverse DNS, I'm not sure there would be anything left.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon From a legitimate mail (not even marketing) that I intentionally subscribed to:
X-Spam-Status: Yes, score=5.323
tests=[DIRECT_LOW_CONTRAST=2.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DMARC_PASS=-0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25,
HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1,
MISSING_HEADERS=1.021, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
REPLYTO_WITHOUT_TO_CC=1.552] -
@danslimmon This reminded me of that one Twitter thing where they tried to develop an automated system to combat hate posts from white supremacists, but had to shelf it because it would mark posts from official GOP politician accounts
-
@danslimmon Honestly, the hardest thing in email anymore is getting your legitimate emails through to the big three when you aren't using their services. I do not regret leaving gSuite or whatever they call it this month, but managing one's MX reputation can be a pain in the ass.
@nuintari
Try managing it when you move servers.
My current Algo:
- Get the new server
- Add the new server to SPF, and add it as low-prio MX (but don't run anything on port 25, yet)
- wait a month
- cross fingers
- pray to the gods of email. Like, *really* hard
- switch servers, but keep the old server around, just in case
- monitor results
- if problems occur: switch back and fix
@danslimmon -
@danslimmon There is no "legitimate marketing activity" in email. Any mail that's sent in mass of a commercial nature is spam.
@dalias
Hard to differentiate though. When Oracle's billing department produces mails that confuse spam filters..
@danslimmon -
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
A number of times, at a number of different organizations, I've asked *my employer* (and their partners) to please do a better job with their email requests for action so as *NOT* to "check off" a number of issues in their emails that are literally in their own required computer security training.
-
@marjolica @azonenberg @danslimmon
If we blocked no reverse DNS, I'm not sure there would be anything left.
@jrdepriest @azonenberg @danslimmon not my experience.
Over the last 4 weeks I rejected 16.3% of emails.
Of that 1.9% were replied 4.7.1 (try again later) and 0.4% were replied 5.7.1 (spam) and ended up in my spam folders to review.On the other hand 13.4% lacked a reverse hostname. The great majority of those were from China (.cn). Only one was from a (UK) site I have bought from.
-
@jrdepriest @azonenberg @danslimmon not my experience.
Over the last 4 weeks I rejected 16.3% of emails.
Of that 1.9% were replied 4.7.1 (try again later) and 0.4% were replied 5.7.1 (spam) and ended up in my spam folders to review.On the other hand 13.4% lacked a reverse hostname. The great majority of those were from China (.cn). Only one was from a (UK) site I have bought from.
@marjolica @azonenberg @danslimmon
I imagine if a business is only going to maintain a few reverse lookups anyway, they will prioritize their MX records over the A records. I am used to looking at all the DNS requests and responses, not just those for email.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon almost as thin as the difference between legitimate corporate emails and phishing emails
-
@azonenberg @danslimmon unfortunately, there are, for example, banks who will stop sending you transaction notices if you report their spam as spam
@ShadSterling @azonenberg @danslimmon then you just report them to your local BaFin* and they will solve that
- BaFin is the bank oversight ministry where I am.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon Doesn't help when third-party CRM providers for sources I want to hear from (my ophthalmologist for one) send emails that look far less legitimate than spam and phishing emails often do.
Including things like using the CRM's domain for the sender, often something I've never heard of before.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon having worked for an anti-spam outfit that got acquired by a network security company with researchers who thought machine learning count tackle this, the right distinction is signal vs noise and the line between those exists in the mind of the intended recipient
-
@danslimmon having worked for an anti-spam outfit that got acquired by a network security company with researchers who thought machine learning count tackle this, the right distinction is signal vs noise and the line between those exists in the mind of the intended recipient
@danslimmon s/count tackle/could tackle/
-
@ShadSterling @azonenberg @danslimmon then you just report them to your local BaFin* and they will solve that
- BaFin is the bank oversight ministry where I am.
@4censord @azonenberg @danslimmon ok, but first we would have to
1. Fix Congress so it can get anything done
2. Create the first thing ever referred to as a “ministry”
3. Make it possible to pass laws over the objections of lobbyists
4. Pass laws imposing punishments for sending spam and for cutting off useful communication in retaliation for reporting spam
5. Create an enforcement agency that actually works for the people and actually enforces those laws -
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon
If that's the major difficulty, they could just classify "legitimate" marketing email as spam, and the problem would be solved. -
@4censord @azonenberg @danslimmon ok, but first we would have to
1. Fix Congress so it can get anything done
2. Create the first thing ever referred to as a “ministry”
3. Make it possible to pass laws over the objections of lobbyists
4. Pass laws imposing punishments for sending spam and for cutting off useful communication in retaliation for reporting spam
5. Create an enforcement agency that actually works for the people and actually enforces those laws@ShadSterling @azonenberg @danslimmon I am very sorry for you, I hope you will figure it out.
-
A number of times, at a number of different organizations, I've asked *my employer* (and their partners) to please do a better job with their email requests for action so as *NOT* to "check off" a number of issues in their emails that are literally in their own required computer security training.
@JeffGrigg @danslimmon I felt no compunction about flagging a corporate email as a fishing attempt when it met every criterion of a fishing attempt.
