There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
-
@danslimmon Honestly, the hardest thing in email anymore is getting your legitimate emails through to the big three when you aren't using their services. I do not regret leaving gSuite or whatever they call it this month, but managing one's MX reputation can be a pain in the ass.
@nuintari
Try managing it when you move servers.
My current Algo:
- Get the new server
- Add the new server to SPF, and add it as low-prio MX (but don't run anything on port 25, yet)
- wait a month
- cross fingers
- pray to the gods of email. Like, *really* hard
- switch servers, but keep the old server around, just in case
- monitor results
- if problems occur: switch back and fix
@danslimmon -
@danslimmon There is no "legitimate marketing activity" in email. Any mail that's sent in mass of a commercial nature is spam.
@dalias
Hard to differentiate though. When Oracle's billing department produces mails that confuse spam filters..
@danslimmon -
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
A number of times, at a number of different organizations, I've asked *my employer* (and their partners) to please do a better job with their email requests for action so as *NOT* to "check off" a number of issues in their emails that are literally in their own required computer security training.
-
@marjolica @azonenberg @danslimmon
If we blocked no reverse DNS, I'm not sure there would be anything left.
@jrdepriest @azonenberg @danslimmon not my experience.
Over the last 4 weeks I rejected 16.3% of emails.
Of that 1.9% were replied 4.7.1 (try again later) and 0.4% were replied 5.7.1 (spam) and ended up in my spam folders to review.On the other hand 13.4% lacked a reverse hostname. The great majority of those were from China (.cn). Only one was from a (UK) site I have bought from.
-
@jrdepriest @azonenberg @danslimmon not my experience.
Over the last 4 weeks I rejected 16.3% of emails.
Of that 1.9% were replied 4.7.1 (try again later) and 0.4% were replied 5.7.1 (spam) and ended up in my spam folders to review.On the other hand 13.4% lacked a reverse hostname. The great majority of those were from China (.cn). Only one was from a (UK) site I have bought from.
@marjolica @azonenberg @danslimmon
I imagine if a business is only going to maintain a few reverse lookups anyway, they will prioritize their MX records over the A records. I am used to looking at all the DNS requests and responses, not just those for email.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon almost as thin as the difference between legitimate corporate emails and phishing emails
-
@azonenberg @danslimmon unfortunately, there are, for example, banks who will stop sending you transaction notices if you report their spam as spam
@ShadSterling @azonenberg @danslimmon then you just report them to your local BaFin* and they will solve that
- BaFin is the bank oversight ministry where I am.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon Doesn't help when third-party CRM providers for sources I want to hear from (my ophthalmologist for one) send emails that look far less legitimate than spam and phishing emails often do.
Including things like using the CRM's domain for the sender, often something I've never heard of before.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon having worked for an anti-spam outfit that got acquired by a network security company with researchers who thought machine learning count tackle this, the right distinction is signal vs noise and the line between those exists in the mind of the intended recipient
-
@danslimmon having worked for an anti-spam outfit that got acquired by a network security company with researchers who thought machine learning count tackle this, the right distinction is signal vs noise and the line between those exists in the mind of the intended recipient
@danslimmon s/count tackle/could tackle/
-
@ShadSterling @azonenberg @danslimmon then you just report them to your local BaFin* and they will solve that
- BaFin is the bank oversight ministry where I am.
@4censord @azonenberg @danslimmon ok, but first we would have to
1. Fix Congress so it can get anything done
2. Create the first thing ever referred to as a “ministry”
3. Make it possible to pass laws over the objections of lobbyists
4. Pass laws imposing punishments for sending spam and for cutting off useful communication in retaliation for reporting spam
5. Create an enforcement agency that actually works for the people and actually enforces those laws -
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon
If that's the major difficulty, they could just classify "legitimate" marketing email as spam, and the problem would be solved. -
@4censord @azonenberg @danslimmon ok, but first we would have to
1. Fix Congress so it can get anything done
2. Create the first thing ever referred to as a “ministry”
3. Make it possible to pass laws over the objections of lobbyists
4. Pass laws imposing punishments for sending spam and for cutting off useful communication in retaliation for reporting spam
5. Create an enforcement agency that actually works for the people and actually enforces those laws@ShadSterling @azonenberg @danslimmon I am very sorry for you, I hope you will figure it out.
-
A number of times, at a number of different organizations, I've asked *my employer* (and their partners) to please do a better job with their email requests for action so as *NOT* to "check off" a number of issues in their emails that are literally in their own required computer security training.
@JeffGrigg @danslimmon I felt no compunction about flagging a corporate email as a fishing attempt when it met every criterion of a fishing attempt.
-
There's this myth that automated spam detection is hard because spammers are all very clever masters of disguise.
No. Spammers are stupid as a shoe. They have dog shit for brains.
Automated spam detection is hard because the line between spam and "legitimate" marketing activity is a fiction.
@danslimmon @ielenia ah you see .. just block all "legitimate" marketing activity too
-
@jrdepriest @azonenberg @danslimmon not my experience.
Over the last 4 weeks I rejected 16.3% of emails.
Of that 1.9% were replied 4.7.1 (try again later) and 0.4% were replied 5.7.1 (spam) and ended up in my spam folders to review.On the other hand 13.4% lacked a reverse hostname. The great majority of those were from China (.cn). Only one was from a (UK) site I have bought from.
@marjolica howdy, how’s it going with you ?
-
@danslimmon I personally find that greylisting + greytrapping removes the obvious ones, and saves a lot of electricity plus wear and tear on the poor servers doing content and header filtering.
My greytrapping and misc retrospective is hopefully useful to others too: Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html - with references at the end.
@pitrh hello, how’s it going with you ?
-
A number of times, at a number of different organizations, I've asked *my employer* (and their partners) to please do a better job with their email requests for action so as *NOT* to "check off" a number of issues in their emails that are literally in their own required computer security training.
@JeffGrigg
This. The problem is not with distinguishing spam from "marketing activity", but that the line between spam and ANY business email activity is rapidly moving closer to fiction.
@danslimmon -
S simonjust@mstdn.dk shared this topic
