« Mortgage/Diploma Spam | Main | Who Falls for This Crap? »

March 05, 2006

One of the worst things that happens in the spam wars is the false positive—that piece of good, desired email that silently gets filtered out or trashed before it ever pixelates before the eyes of the recipient. This kind of collateral damage can occur for a variety of reasons, which I discuss at length in Spam Wars.

As spam filters become more aggressive to fight off increasingly sneaky attacks by spammers and crackers, they catch plenty of good email. If the filtering mechanism in place at the incoming email server doesn't segregate suspect messages for a user to scrutinize manually, the message goes into the "bit bucket." Even if the message manages to get into a "suspects" folder, there may be so much in there that the recipient doesn't bother looking for the golden needle in the haystack, and sets the whole stack alight, sight unseen.

I know that some good mail occasionally gets trashed in my own email server. Even though I'm totally in charge of how suspects are handled, I simply don't have the time to look through thousands of otherwise deletable messages every day for the once-in-a-while good message. I let the server summarily delete those items tagged as spam. If some human whom I haven't already whitelisted really wants to reach me, I provide multiple ways to get past the filters. For example, using the contact form for this Web site guarantees your message will reach me (and won't be forwarded or copied anywhere, so those few jerks who try to hack the form handler can stop trying to see if it relays email). At my dannyg.com Web site, I provide instructions for a "secret string of characters" that you can copy into the message to guarantee its delivery. My primary email address was hosed years ago, so I don't bother trying to disguise it. I know that my address is repeatedly harvested from the site, and when I first implemented the "secret string" process a few years ago, I thought I'd have to change the string perhaps once a month to keep it off the spammers' lists. Surprisingly, I have not ever detected a spam message that exploited that string. Spamming humans never visit the page to read what's there, and the crawlers that have harvested the address from the page on the Web and in cached copies of the page in Trojaned PCs around the world haven't picked up on it, either.

What brought the false positive into view for me recently was a message I received from a reader of my Dashboard book (a Mac OS X technology). Buyers can request a username and password to use to download the companion files for the book from the publisher's Web site. This reader wrote directly to me to complain that although he had requested the username/password twice from the publisher, he had not received a reply. I thought this odd because in my experience, SpiderWorks is incredibly responsive to customer issues. A phone call and an email later, I learned that the publisher had not only received both requests, but had responded with the desired information promptly both times.

For whatever reason, the reader's Verizon email server was not passing SpiderWorks email to the recipient. I checked to see if SpiderWorks' email IP address might be in a range that is listed on a blocklist. Nope. The copy of the original email message I saw was a plain text message (not HTML), included no attachment, and doesn't contain ads for Viagra. So what's the deal?

We may never know. I forwarded a copy of SpiderWorks' message to the reader. I know he got an earlier email message from my email server, so we'll see if one sent by me with the SpiderWorks content will get through.

That we can no longer trust email is a cryin' shame. These days, if you want to send an email message to someone who hasn't previously whitelisted you, your rate of success is starting to approach your rate of success with a lottery ticket.