NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Yahoo's spam insanity

Lauren + list,

You're probably right about that. Perhaps I should have - or will -
try that approach. Although my first instinct was that putting
false/bad information into the forms (e.g. bad list URLs, or BS
answers to privacy policy/unsubscribe procedure questions) would have
set me up for immediate rejection, especially in light of the type of
people their abuse team is accustomed to dealing with. I suspect the
zeitgeist of these teams fosters the extreme suppression of empathy
and original thinking.

Also, since it seems extraordinarily easy to get on this list, and
impossible to get removed from it - I wonder how many people/SMTP
servers are on it and don't know (or deserve) it - and just assume
their Yahoo-using contacts are ignoring them. I doubt there's any
public way to check, other than the obvious (and arduous) process of
trial and error for each IP address. (Kafka, are you in on this?) ;)

I had a client a few years ago who offered a remailing service that
generated fairly foolproof read receipts (for 98% of the emailing
population, anyway.) The privacy outcry was loud, and valid, and
understandable. But I feel like we're long beyond the point where
legitimate email senders need a way to know assuredly that a message
was delivered and read. (Any marketer who sends an HTML newsletter has
this ability.) I hear very little outcry about the privacy
implications of message-tracking in the real world (FedEx, USPS, UPS,
etc.) and many community software packages allow you to see if and
when private messages have been read. (vBulletin, etc.) Along those
lines, I also think legitimate senders should be notified if their
message has been filtered to spam. I mean, based on all my
conversations with laypersons, I don't really know why spam folders
should even exist in light of how the average person uses (or, more
accurately, doesn't use) them. Just reject the message at the server,
I say.

Finally, I know this basic concept is old hat to you NN champions -
it's not even NN 101, so forgive me - but the idea that a company
handling the inboxes of millions can arbitrarily squelch me, and
provide no sane or rational way to get unsquelched - is ominous
indeed. What has me feeling a little dumb is that, until the off-list
emails between Lauren and I this morning, I hadn't really "zoomed out"
and considered this fully in a Net Neutrality context. So, thanks for


   [ A quick comment on Spam folders and spam handling.  In fact, I've
     long handled all e-mail into my servers in the manner that you
     suggest -- mail that is flagged as possible spam is rejected at
     the SMTP server level, along with a link in the error message
     that directs senders to an explanatory page with a bypass e-mail
     form (for reaching the postmaster directly to explain the


     On most systems these days, it's common for incorrectly flagged
     mail that isn't spam to end up in user spam folders that are
     rarely or never inspected, with zero indication to the sender
     that their message was never seen.  Not good, and a situation I
     would find unacceptable for my own inbound e-mail handling.

     There are a couple of downsides to the server-level reject approach.
     One is that since the thumbs-up/thumbs-down decision must be made
     in real-time during the SMTP transaction, there are loading and
     scaling issues that may make this difficult or impossible for
     some high volume sites.  

     The other downside is somewhat amusing.  I occasionally get calls
     or bypass notes from people indignant that my servers dared to
     suggest that their e-mail might be spam.  I respond that some
     false positives are inevitable in these systems.  Then I ask if
     they'd have preferred getting *no indication* that their message
     had been so flagged and was unread, as would be the case on most
     systems where the mail would have just been tossed into a spam or
     trash folder silently.  Usually upon reconsideration such senders
     do appreciate the benefits of the real-time approach!

       -- Lauren Weinstein
          NNSquad Moderator ]


From: Lauren Weinstein <lauren@vortex.com>
Subject: [ NNSquad ] Yahoo's spam insanity
Date: Fri, 18 Dec 2009 10:47:21 -0800

Speculation regarding the below.  Yahoo may have been using an
automated screening process on the submitted forms, preventing
incomplete forms from ever being really seen by a human in a position
to make decisions.  It's possible that submitting dummy information to
"complete" the form might have been enough to push the form along to
someone who could actually evaluate the situation fully.  I've run
into exactly this situation with automated forms input systems in the
past, and used this technique successfully.  Whether or not this
would really help with Yahoo is unclear of course.

NNSquad Moderator

----- Forwarded message from David Farber <dave@farber.net> -----

Date: Fri, 18 Dec 2009 13:32:25 -0500
From: David Farber <dave@farber.net>
Subject: [IP] Yahoo's spam insanity
Reply-To: dave@farber.net
To: ip <ip@v2.listbox.com>

Begin forwarded message:

From: Anthony Citrano <a@citrano.com>
Date: December 17, 2009 10:15:29 PM EST
To: dave@farber.net, ip <ip@v2.listbox.com>
Subject: Yahoo's spam insanity

Hi Dave & fellow IPers,

Based on my experience this week, a single email failing Yahoo's "bad
word" scanner will forever banish you - and everyone else who uses the
same server - to the spam folder of every Yahoo customer you write to.
Last week, a business proposal I e-mailed to a colleague landed in his
Gmail spam folder. We really couldn't ascertain exactly why, and a
gracious friend at Google helped me diagnose. We ended up concluding
(without much certainty) that it was probably a problem with the
receiver's remailer.

This didn't feel very comforting to me, though, since I'd had this
problem before. In the photography part of my life, for example, I
often trade emails with editors, agents, and publicists, and those
emails can contain several hyperlinks, celebrity names, and other
content that might cause a message to be flagged or to score poorly. A
number of my emails with this kind of content have fallen into one
spam trap or another.

Some friends suggested that since I have my own domain and server, I
should enable DomainKeys and Sender Policy Framework on it. Apparently
these help lift the legitimacy score of an inbound message on many
common spam algorithms. So, I did that. Once the SPF and DomainKeys
install had "taken", I did a test and emailed myself at my Yahoo
account to check the new headers and make sure they were working
properly and passing the checks OK. Once I saw that they were
operational, and curious if this new configuration did provide any
higher level of protection against false positives, I sent a *single*
deliberately spammy message (4-5 key words that I'll leave you all to
guess) along the same route (from my server to my Yahoo account.) That
message landed in the spam folder with a new, ominous header tacked
on: "X-YahooFilteredBulk:" followed by my server's IP address. I
emailed other friends with Yahoo! accounts (non-spammy messages) and
they each confirmed that my messages were all now going directly into
their spam folders.

My research brought me to the people in charge of "helping" in such
situations: the Bulk Mail people on the Abuse team. They have an
online "application" to fill out, but most of the questions are all
aimed at - you guessed it - bulk mailers. Many questions about opt-out
policies, bounce policies, links to your privacy pages, unsubscribe
pages, and so on. I left many of them blank because they simply don't
apply, and in the comments portion of the form I kindly and clearly
explained the situation: this is a private server, no spam nor
newsletters nor bulk mail originates here, never has and never will. I
even explained the single spammy email and my new SPF setup. I sent a
copy via e-mail to their abuse team's email address.

The responses were quick, but useless and empty-minded. I was scolded
for not supplying all the information on the form; I re-explained the
inapplicability of the questions, I was then sent another identical
form to fill out. I re-quoted myself, imploring them to grasp my
request. I was again chided for not completing the form - "since we
did not receive a completed application, we are unable to fully
evaluate your company's mailings for prioritized delivery."

I went around and around all week with these guys, them asking and
re-asking me to provide nonexistent information. I got to the point
today where I was begging "Eddie" to just please read what I had

This evening I received what I think is my sixth reply from them. Eddie said:

"Based on the information you have provided us, we cannot
systematically deliver your email to the Inbox at this time. We
suggest that you ask your users to set up a filter in Yahoo! Mail to
ensure that they get your email messages in their Inbox.
If you significantly change your policies, please feel free to contact
us again to submit a questionnaire in 6 months, and we will
re-evaluate your answers and mailing practices at that time."

So, I am effectively unable to contact anyone on Yahoo Mail if I'm
using my personal e-mail address. And their abuse team doesn't read --
and doesn't care.

This exercise in futility with Yahoo has me pondering the spam problem
overall. It seems to me that most current solutions/implementations
are woefully inadequate, either requiring action / education /
sophistication on the part of users (i.e. diligently checking their
spam folder or "teaching" their spam filter) or presenting massive
technical and/or social roadblocks to legitimate senders.

A couple years ago at a party in Austin I met a guy who told me he
couldn't use email. I found it really shocking and asked him why. He
told me he was a pharmaceutical rep, had never spammed and wasn't
blacklisted anywhere - yet he'd been unable to find a way into the
inboxes of *existing clients*. Say what you will about pharma sales
reps, but his is not a problem unique to peddlers of ED drugs.

Thanks for indulging my long rant - the Yahoo experience got me
thinking, and this felt right for IP.

Happy holidays,
anthony citrano
technologist | cultural analyst | photographer
venice, los angeles, ca, usa
+1 310.256.3730