Re: [Asrg] Let's try something different

At 2:08 PM -0500 3/8/03, Chris Lewis wrote:
> Simple.  Do what we do. We blacklist the open proxies, and let the 
> people who hit the blacklist (if any do) report it. We provide 
> pretty boilerplate
A company, especially a small company, cannot afford to do that to a 
potential customer.  If someone sends my consulting company email 
asking for my business, and I bounce it and tell them they can't talk 
to me until they straighten it out with their ISP--I've just lost a 
potential client.
It also doesn't work for the prototypical end-user.  For a year I 
sent back a response to everyone who sent email to 
wormalert(_at_)somewhere(_dot_)com(_dot_)  It explained why they were getting the 
response, why they shouldn't send email to the address, why they 
should take it out of their address book.  Every day I'd get dozens 
of responses.  "Who are you?"  "How did you get my email?"  "You 
aren't in my address book!".  So I gave up and started bouncing the 
stuff with an extended bounce message explaining the message.  Now I 
just get 3-4 messages a day saying the same thing.  (That's about a 
1% "I'm confused" response rate.)  And then there are the people who 
completely ignore the bounces and keep sending mail over and over 
again.  When I finally get them to listen, I ask them why they 
ignored the bounce.  "I didn't know what it was."  "I thought it was 
spam."  "I thought it was a virus."  "My ISP told me never to respond 
to email from someone I didn't know." (E.g. MAILER-DAEMON).  And then 
there are people's address books.  wormalert tends to get email sent 
to everyone in the address book.  When people repeatedly do this, I 
would reply-all to their message.  So here's someone who has been 
sending email to everyone in his address book for days (at least). 
When I send to those addresses, I get a dozen bounces.  This guy has 
been getting dozens of bounces a day from bad addresses in his 
address book, and he has ignored them all.  And this is *common*.  We 
are talking of hundreds and thousands of people doing this.
These are the people who have been told over and over again that they 
shouldn't open mail from someone they don't know.  They get email 
from MAILER-DAEMON (pretty scary name if you think about it) and we 
expect them to open the message, read past the garbage, find the 
place where it says they were blocked because we thought they were 
sending spam, figure out that this isn't a permanent problem, and 
forward it to their ISP?
> > This is a common misconception.  "False positives aren't a problem, 
> > they just go into a queue that people can check."  Technically, 
> > it's true.  Practically, it doesn't work.
> I think you missed a step.  The sender sees the reject, and reports 
> the FP as instructed in the reject.
See above.  Try thinking like someone's grandmother.

> > I've got bad news for you.  People don't check the queues.
> Pardon my french: Like hell I don't!
You didn't read the next line did you.  Techies do.  But even techies 
get sloppy over time.
> In case you missed it, I'm the FP handler for the entire company.  When I say
And that makes you about the least qualified person in the world to 
consider what the average user will do with a false positive.  It's 
your *job* to read the things.
First rule of end-user false positives.  You don't call them false 
positives.  The end user has no clue what that means.  We call it 
"misidentified email", and I don't even like that.  We don't talk 
about spam (or, God forbid, "ham"!).  There's mail that was blocked, 
and mail that was approved.
I just got off the phone with my father last night.  I was getting 
his feedback on some new forms for dealing with misidentified email. 
He's one of our beta testers because he definitely fits into the 
"it's all magic to me" category. It took a while to explain the form 
because it turned out that he had gotten so complacent about the junk 
folder that he had stopped checking it at all.  He just deleted them. 
This had all been explained many times.  But this *isn't* his job. 
It's an annoyance.  And finding false positives was not something he 
had to do every day, but just occasionally, so he forgot.  And that's 
the real world.
> similar).  Send each user, according to whatever schedule they may 
> choose, a single email containing dates, froms and subject lines of 
> mail that's been filtered. Give them the opportunity (via a link to 
> your quarantine server) to view or discard the blocked emails.  Or 
> even provide a mechanism for selecting automatic forward (ie: based 
> on from) without having to adjust the front-end server-wide 
> filtering.
That is *exactly* what PureMessaging does.  Sending the spam through 
flagged is an option, but the normal behavior is to leave the mail on 
the server and send you a periodic summary.  You can have messages 
sent through to you, or you can 
whitelist/blacklist/unsubscribe/report-to-abuse--as appropriate for 
the given message.  It doesn't solve the problem.  They glance at the 
mail and delete it.
Now you can tell me that people are being stupid.  But that's kind of 
pointless.  You design a system for the users.  They know what they 
know.  Fundamentally when you are designing systems like this you are 
designing a user interface.  And like all good UI design, it needs to 
take into account how real users behave.  As people intimately 
involved in email systems for most of our lives, we are supremely 
unqualified to make that determination by examining our own behavior.
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg