Internet and e-mail policy and practice
including Notes on Internet E-mail


2008
Months
Oct

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email


15 Oct 2008

Users don't like forwarded spam Email

A message on Dave Farber's Interesting People list complained that Comcast was blocking mail forwarded by Dyndns, a popular provider of DNS and related services for small-scale users.

... Wholesale blocking of all mail intended for customers from a particular intermediate distributor, merely because they route it through an external service that adds value.

In reponse, I opined:

Actually, they're blocking it because a lot of it is spam. This is a problem that every mail forwarder and every mail system encounter; the only unusual thing here is that Dyndns is whinging about it. It's yet another way that spammers have broken the mail for the rest of us.

Traditionally, like 10 or 20 years ago, systems that forwarded mail passed along everything that showed up for the forwarded address. But today, when upwards of 90% of all mail is spam, if you do that, most of what you're forwarding is spam. I can tell you from experience, since I run systems on both ends of forwards (I'm uucp@computer.org among other places) that no matter how clearly you explain to people that the forwarded spam is stuff they've asked for, they will still complain about it, and the automated systems that large ISPs have to use to maintain their spam filters will correctly mark the forwarding IP as a spam source.

The usual next suggestion is that the forwarder should put some sort of flag into the mail to mark it as forwarded so don't blame us. That doesn't work either since any mark your forwarder can make, spammers can also make. Manually maintained lists of known honest forwarders simply aren't practical at the scale of an ISP like Comcast. (For that matter, it's not very practical for my tiny 1000 user mail system, either.) I've adjusted my system so that if a user requests mail be forwarded elsewhere, it runs the mail through Spamassassin and only forwards stuff that isn't marked as spam. Yeah, you might lose some real mail that way. It's another reason that spam stinks.

The real way out of this is to realize that forwarding is a lot less useful than it used to be. These days, every popular MUA, including the big web mail systems, can easily be set up to collect mail from multiple inboxes so rather than doing forwards with SMTP, you collect mail with POP or IMAP, and as a free bonus, it's pre-sorted by inbox.


posted at: 05:09 :: permanent link to this entry :: 6 comments
posted at: 05:09 :: permanent link to this entry :: 6 comments

comments...        (Jump to the end to add your own comment)

Project leader dnswl.org
> any mark your forwarder can make, spammers can also make

Not necessarily. A whitelist like dnswl.org (like note the disclosure in the Title field) provides some clues whether you have a valid forwarder or not.

If interest is sufficient, we may add some data indicating actual forwarding servers (but this would take some time to build up).

(by Matthias Leisi 15 Oct 2008 05:27)



I agree with your conclusion. The era of multi-hop e-mail to the endpoint is over. Now we're in the era of multi-fetch from the endpoint, which is a smarter method anyway.

(by Rob Carlson 15 Oct 2008 12:08)



"The era of multi-hop e-mail to the endpoint is over. Now we're in the era of multi-fetch from the endpoint"

Except that requires multiple email accounts to maintain and control for each address you want to collect the mail from. So if you have 5 domains or mail addresses why would you want 5 different mail boxes to pull mail from, keeping track of the username, password and address for each, instead of it simply getting forwarded to the 1 account you need to maintain? You call that the smarter method? Really? My forwarding service lets me track _1_ account to handle 100,000 addresses if I wanted to by having all the mail forwarded to it.

(by Wofl 15 Oct 2008 13:54)



When Comcast started blocking forwarded mail from my site, the problem turned out to be spam originating from dynamic IPs belonging to Comcast. Comcast demanded that we stop accepting mail from Comcast dynamic IPs (which also gave us the ammunition we needed to convince our users that we had to block mail from dynamic IPs in general). I'm still irritated with Comcast though that they think they can block forwarded mail that is coming from their own network.

(by Pete Hanson 15 Oct 2008 14:26)



the only real advantage of fetching email via POP3 is that the "last known truthful" IP address isn't yours. Of course, that's a big advantage.

(by Russell Nelson 16 Oct 2008 15:08)



You are assuming the end users are capable of actually setting up their pop email. (Or setting up gmail or whatever to pick up those accounts.) I think you are forgetting that many of them would have no pop email at all if comcast/verizon or whoever had not set it up for them while setting up their internet. My company deals with that sort all the time. And what do you do if more than one person needs to get the email? Set it up so person a, b, and c leave it on the server and person d deletes it? And person d has to promise to always access last? I'm with Wofl on this one. Forwarding isn't going to go away.

(by Kathy K 17 Oct 2008 18:26)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
CSA recap: CAUCE discusses international email and security
80 days ago

A keen grasp of the obvious
My high security debit card
210 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.