Spam Arrest and Anything Like it Should be Banned from the Tubes
A few years ago I was involved in a project to develop an anti-spam email appliance. This was right before Barracuda came out with their spam firewall, and the market was ripe for such a device. Kinda goes without saying that it never went anywhere, woe is the company with little funding.
During that time we spent a LOT of time discussing the myriad of options you have when you’re filtering spam. Should we throw away known spam? What about false positives? Should we implement a sender-verification system? What do we do with foreign language spam? The list of design decisions with such a device is long and painful. If you’ve ever had the age-old discussion of where to price a new product, think that times 1000.
One of the things we talked about at the time was sender verification. I vehemently (and sometimes violently) protested against this. I won. Unfortunately the rest of the world doesn’t follow my lead. Sender verification works by holding a questionable message in a queue and firing off an email to the sender. The email requests that you take some action like replying or clicking a link to verify that you are human and the message is real.
I have always hated this system for spam prevention but I hadn’t realized the 2 biggest reasons why it is a completely broken system. As of the launch of AuctionAds I’ve been keeping my eye on the tech support bucket. When you sign up for the service, we send you a welcome email. Guess what stupid spam-arrest does? Yup, sends a verification email requesting a click. Fortunately its a monitored account, so we’re not losing any users to their stupid email filtering system. Remember, the user signed up at our site. We’re not spamming them. A legit email is getting blocked with NO way for the user to know about it. SYSTEM BROKEN. So this is enough reason to drop it for me, but today I came across the ultimate reason not to use this garbage:
Assunto: Your AuctionAds account is now activated!
Para que sua mensagem seja liberada em nosso sistema antispam e encaminhada ao
destinatario, apenas responda a essa confirmacao (sem alterar o campo assunto).Obs.: Essa confirmacao somente sera necessaria uma unica vez.
Do you know what action to take to confirm that email? I only have a vague idea because I speak Italian fluently and I can piece together the Portugese.
This is a broken system. If you’re using something like this, please, please stop. I don’t use any of this sillyness and I only get 2-3 spams a day that make it into my inbox with 0 false positives. All I’m using is SpamAssassin with SARE rules and FuzzyOCR for the stock/image spam.
If you like what’s here, please follow me on twitter here.
Sounds like a decent solution you’ve got going there. I wonder how it would work for an e-commerce site. We may have to give it a shot and see what happens.
I have been a loyal “paying” member of Spamarrest for a while and the last few months their service has gone down in reliability. They have lost emails and the service has gone down.
Today I canceled my recently renewed account with them and asked for a refund of the unused portion of my service. Here is their reply!
“Hi David,
Thanks once again.
David, I am very sorry to tell you that we are not able to offer you a refund for your account. You may continue to use your Spam Arrest account till 2008-10-01 by reactivating the account.
I truly apologize for your inconvenience, David. Please do let me know if you need anything else.
Best Regards,
Peter
Technical Support Specialist
Spam Arrest”