Join 3,422 readers in helping fund MetaFilter (Hide)


Maybe We Love Spam and Viruses
April 15, 2010 2:50 PM   Subscribe

Why aren't we furious about email's dysfunction? Spam just keeps getting worse. And it's been bad for a long time. The spam/virus anti-spam/anti-virus arms-race continues to generate profits for spammers and anti-spammers at everyone else's expense. Attachments maybe weren't a good idea. And neither was the reply-all button. Attempts at "fixing" email are the subject of ridicule, and perhaps deservedly so. Google Wave was released as an alternative to email; few seem to care. What gives? Are we really stuck with this crap?
posted by fartknocker (130 comments total) 8 users marked this as a favorite

 
I have a limited amount of fury. There are other, more infuriating, things I need to be furious about.
posted by killdevil at 2:52 PM on April 15, 2010 [22 favorites]


IMHO gmail has solved the spam problem completely.
posted by Perplexity at 2:53 PM on April 15, 2010 [67 favorites]


E-mail is still new enough in the world that it seems like a miracle.
posted by amtho at 2:53 PM on April 15, 2010 [3 favorites]


I agree - gmail seems to have solved the Spam problem almost completely.

For a few years I'd go into the Spam box and occasionally find real email - but always stuff from mailing lists. Today I happened to go for the first time in months - and my usual searches that find non-spam found ONE false positive.

Total time spent on Spam - less than an hour a year. In fact, I spend more time in my Spam box thinking that some site has sent me confirmation email that got into Spam when they were in fact very slow than anything else.
posted by lupus_yonderboy at 2:57 PM on April 15, 2010 [1 favorite]



I have two email accounts (Gmail and university) and I deal with spam maybe 0.01% of the time (which is as easy as clicking "Report spam").
posted by bukharin at 2:57 PM on April 15, 2010


I don't really spend that much time dealing with spam.
posted by infinitywaltz at 2:57 PM on April 15, 2010 [1 favorite]


Since Google Wave was mentioned: Things Easier To Understand Than Google Wave
posted by killdevil at 2:58 PM on April 15, 2010 [3 favorites]


IMHO gmail has solved the spam problem completely.

Yeah. I rarely see spam in my inbox. And GMails filters work really well for removing 'psudo-spam' too.
posted by delmoi at 2:58 PM on April 15, 2010


Yes, I find it quaint rather than annoying when once a month a piece of spam gets through Gmail's filter: "Oh, Gmail. They tricked you!"
posted by milestogo at 2:59 PM on April 15, 2010 [13 favorites]


I know it would be a blow to civil liberties in general, but I would love to see spammers publicly flogged with a cat-o-nine-tails. I think it could even be a hit reality tv show.
posted by mullingitover at 2:59 PM on April 15, 2010 [3 favorites]


My feeling is that spam filters simply dust the problem under the carpet. Don't you think that the cost of the bandwidth is getting back to all of us somehow? I empty between 50 and 100 spams from my trash each day. I suspect that google (or whichever service) is deleting many more besides. Compared to the numbers of legit emails it's daunting to consider how much of the available bandwidth is devoted to spam.

Well, maybe, fury is inappropriate. But satisfaction also seems wrong. And sad. No? We should be cool with this?
posted by fartknocker at 2:59 PM on April 15, 2010 [2 favorites]


The amount of overhead that goes into managing email in a business/work environment is email's big problem these days, not spam. We need better tools, tools built on top of email that increase it's utility for communication and collaboration. #realtalk
posted by wemayfreeze at 3:00 PM on April 15, 2010


In regards to email, I tend to adjust my communication style to the intended recipient. I try to avoid sending email, and if I do send email I use the subject header to relay the most important information, including for example a call to action. Since many people cannot respond to every email, I often promise (in the email) that I will follow-up over the phone or in person.

If I really need to get ahold of someone, there is alway Twitter direct messages, Facebook mail, or LinkedIn messages - the majority of people who have signed on these networks have not tweaked their email notification settings for these services, so it will show up in their inbox, and it will be novel and fresh enough so that they will respond.

That's my way around it. If everyone used Google Wave (or Sharepoint) it would be even better, but they don't, so I have to be flexible.
posted by KokuRyu at 3:00 PM on April 15, 2010


I have a limited amount of fury. There are other, more infuriating, things I need to be furious about.

Yeah, Star Trek: Nemesis soaked up most of mine. It's hard to get worked up about spam when there's an article about THE FUCKING REMANS on Memory Alpha.
posted by Greg Nog at 3:01 PM on April 15, 2010 [15 favorites]


fucking dune buggy.
posted by furiousxgeorge at 3:05 PM on April 15, 2010 [9 favorites]


one more for have gmail have not spam. I mean never, I don't even bother checking my spam folder anymore except to delete it all 'Hooray, no spam here!'.

I've noticed a lot of people switching recently. this might be a factor.
posted by rog at 3:06 PM on April 15, 2010


Ummmm, I don't know. Maybe because compared to the bygone atrocity of ACTUAL SPAM PAPER MAIL spam email is a minor nuisance and you're all just whining spoiled entitled brats.
posted by HTuttle at 3:07 PM on April 15, 2010 [2 favorites]


Why aren't we furious about the demands of a phone call? You have 20 seconds to answer the phone, often can't tell who it is even with caller ID, and then have to listen to whatever crazy fool found your 7 digit number. By comparison email is the best thing to ever happen to communication.
posted by 2bucksplus at 3:08 PM on April 15, 2010 [26 favorites]


Meh. As far as I can tell, spam is an emergent property of email, given the definition in the various RFCs. Free + Lousy Authentication = Spammer Attractant. It's as simple as that. Why is Craigslist covered with spammers and scammers? Free to use and lousy authentication. Why is Yahoo! full of spammers and scammers? Yahoo! does not verify much and they do not charge for their services.

Imagine Solution X. I am sure it would end up ticking some of the boxes in the "Your advocates a ..." form. Tough. Doing the same thing over and over again but expecting different results will lead to disappointment and insanity. Something will have to change. Yes, we would have to change all of our email clients. Maybe call it imail instead. Boo hoo.

Collectively, we lack the courage to do anything about it. That's all.
posted by adipocere at 3:09 PM on April 15, 2010 [1 favorite]


What I do is run my own domain, and issue unique, per-sender addresses as I need them. With a whole domain, the email address becomes who it's FROM instead of who it's TO. This lets me track usage of an address, and if someone sells my address (Greatflowers and MacHeist both appear to have sold me out, for instance), I can simply remove that address from my whitelist and cease communication with them. My actual final target address is never given out. Everything is an alias pointing to that destination.

I typically see about 300 spam attempts per day, and a spam actually hits my inbox once every two or three months. They have a success rate of maybe 1 in 20,000 trying to bother me, and each individual address only works one time. Further, that successful spam generally terminates a business relationship; I get valuable information about who's worth dealing with on the Net.

The biggest downside is that I have to manually issue new aliases for new companies or people. I've never bothered to web-ify it or anything, I just edit my Postfix "virtual" file. It takes about a minute to make one. A one minute investment in starting a new online relationship isn't a big deal, and in exchange, I'm almost entirely spam-free. My mailbox works exactly as it should, giving me only stuff I'm interested in. Since I started doing this, email has returned to the usefulness it had in the early days, and I'm not dependent on any other company to do it for me, like with Google and GMail.

If you get past the idea that an email address describes only the recipient, you can do a lot of interesting stuff.
posted by Malor at 3:10 PM on April 15, 2010 [29 favorites]


Not to make this gmail blue, but in the past year I've had maybe two emails I've had to mark as spam, and maybe one that was inappropriately flagged as spam. (I check the spam folder maybe once a month.)
posted by CheeseDigestsAll at 3:11 PM on April 15, 2010


I work in IT in a big company that you have heard of, and the anti-spam devices catch enormous amounts of spam - hundreds of millions per day. It ends up being not really annoying to an end user.

Between all the wasted bandwidth, the cost of purchasing, operating (including electricity), and maintaining the anti-spam devices, it is a LOT OF MONEY to not annoy end users. In these days of massive budget cuts, it'd be really neat to be able to cut budget on things like this, instead of having to lay off tons of people.

Google probably spends a ton of money on this too, but they print their own.
posted by Threeway Handshake at 3:12 PM on April 15, 2010 [4 favorites]


Don't you think that the cost of the bandwidth is getting back to all of us somehow?

Bulk bandwidth is surprisingly inexpensive, delivered to a colocation facility. You can often get very good 100MBps connections for a few hundred bucks a month, and the cost per byte drops very, very quickly as your order size increases. It's not free, but it's really remarkably cheap when you're buying huge quantities of the stuff in a central location.

The expensive part is delivering it outside of the colo.
posted by Malor at 3:14 PM on April 15, 2010


I spend far more time dealing with physical junk mail than spam. Doesn't make me want to take down my mailbox.
posted by l33tpolicywonk at 3:15 PM on April 15, 2010 [2 favorites]


My feeling is that spam filters simply dust the problem under the carpet. Don't you think that the cost of the bandwidth is getting back to all of us somehow?

That's a really good point. It's still screwing us, but we're just less aware of how. I admit I'm not much bothered by it (it takes like a minute or so out of my day to delete spam, and that's because I'm really careful about not accidentally deleting legitimate e-mail), but I hadn't thought of how the cost of dealing with spam might be affecting me in other ways.
posted by infinitywaltz at 3:17 PM on April 15, 2010


My feeling is that spam filters simply dust the problem under the carpet. Don't you think that the cost of the bandwidth is getting back to all of us somehow?

This is but a step along the path. Having a near-infallible spam filter means less spam gets read, means fewer spam products get sold, means spam becomes less profitable. Already as it is, the only things that make spamming profitable are the extremely low cost of sending compared to the small number of people out there who actually W@NT VI@GRRA NOW!!! Both of these figures are very low. If enough people get access to really good spam filters, then spam will eventually either naturally wither and die, or metamorphose into a targeted email marketing system to those few idiots who buy things they get spammed about, and those people will probably eventually fall prey to Nigerian scammers and self-select themselves off the internet anyway.

Ummmm, I don't know. Maybe because compared to the bygone atrocity of ACTUAL SPAM PAPER MAIL spam email is a minor nuisance and you're all just whining spoiled entitled brats.

ACTUAL SPAM PAPER MAIL, that is to say junk mail, costs a hell of a lot more to send than spam, and is thus miles less ubiquitous, and thus has never been nearly this much of a problem, so your argument is invalid.
posted by JHarris at 3:20 PM on April 15, 2010 [1 favorite]


If you get past the idea that an email address describes only the recipient, you can do a lot of interesting stuff.

Yes! and while having your own domain is a good way to implement this, I just learned today that there is a wonderful way to do this in gmail as well: If I own milestogo@gmail.com, then any email sent to milestogo+XXXXXXXX@gmail.com will come to me. I can signup for YouTube with milestogo+YouTube@gmail, and then I can see who sends email to that address, and figure out what YouTube is doing with my email.

Although, now that I think about it, perhaps an intelligent spammer could strip out whatever comes after the +.
posted by milestogo at 3:24 PM on April 15, 2010 [21 favorites]


Funny, I don't have these problems with email. I hardly ever find spam in my spam folder, either.
posted by dunkadunc at 3:25 PM on April 15, 2010


I demand a refund from the Google.
posted by vapidave at 3:27 PM on April 15, 2010


Call me crazy, but the volume of spam making its way to me seems to have gone down.

I'm using Google Apps for my domain. I just checked the spam box, and there were 16 spam messages caught yesterday, a similar number the day before that. Only 3 so far today.

When I was doing local filtering (using SpamSieve, which is pretty good but not as good as Google), I recall getting in the range of 60-100 spam messages per day.

I still feel that spam is a real problem, and would like to see its perpetrators punished, but something is up. Maybe the fact that spam filtering has become so widespread and so effective that spammers are looking for other ways to scam us. Or perhaps even getting real jobs.
posted by adamrice at 3:31 PM on April 15, 2010


Introducing Alice (who has been making fake Viagra pills in some warehosue), Bob (Botnet Master and Spam Lord), and Craig (the woeful recipient of spam).

Spam doesn't have to be read to be sent. All that is required is that Alice believe that spam is useful for her to pay Bob. Alice approaches Bob, because she just knows that she can make it rich selling fake Viagra. It costs Bob nothing but time to have his botnet send out a million emails. Bob does not care if the spam is read or not, since Bob does not profit from it. And so Craig continually gets hit with spam.

The problem with assuming that spam filters are going to kill off the phenomenon of spam is that Bob doesn't have to pay any money, and there are always suckers who think they'll get rich quick. After Alice comes Abby, Anne, Ashley, Ascha, Audrey, and so on. They think they'll make it big. They don't, but Bob takes their money anyway.

It will take a very, very long time for people to stop believing spam is the way to get the word about your product out. It's too close to the semi-successful concept of sending postal mail advertising Product Z for people to think about it as being all that different.
posted by adipocere at 3:32 PM on April 15, 2010 [2 favorites]


on that note, the big question: Does Spam Work?

has $1 changed hands because of spam in 2010?
posted by milestogo at 3:34 PM on April 15, 2010 [1 favorite]


obviously, i mean has someone purchased a product advertised to them over spam?
posted by milestogo at 3:35 PM on April 15, 2010


The biggest downside is that I have to manually issue new aliases for new companies or people.

I also have my own domain, and you can set up Gmail to manage your domain's email. The nice thing is that there's a Gmail domain setting that does exactly what you're talking about, except automagically. For instance, if I have bob@blah.com as my main address, I can have all mail sent to XXX@blah.com forwarded to bob@, and for each site I need to register on I just put sitename@blah.com. If one of those addresses becomes a problem, I set up a shitchan filter in Thunderbird.
posted by Evilspork at 3:35 PM on April 15, 2010 [4 favorites]


I run my domain like Malor described above, with unique email addresses for every service on the internet. I also receive anything sent to @mydomain (since I'm too lazy to make new 'accounts' when I sign up for stuff). What's perhaps most shocking is that it's an extremely small minority of sites that will sell your email address. After almost 10 years of doing this, only a poker chips and sword website seems to have actually sold my email address, and my credit union, First Tech, seems to have had their email list compromised (they have terrible security practices so this doesn't surprise me).

The vast majority of spam I get is to standard addresses like sales@ or info@, or to auto-generated ones like Bobby1983@. I've blacklisted a few places that seem to not persist your unsubscription settings, but instead of 20% of sites causing 80% of the spam, it's more like 1% / 99%
posted by 0xFCAF at 3:44 PM on April 15, 2010


Agreed that Gmail makes spam mostly invisible. But at what cost?

In June 2009, Microsoft reported that 97% of incoming messages were blocked as spam by Forefront for Exchange. So that suggests there's about 35 spam for every legitimate email delivered. It's not just the bandwidth the spam consumes, it's the CPU time. My old mail server spends about 50% of its CPU just running spamassassin. I'm the only user receiving mail. There's also the hidden cost of false positives, greylisting, etc that disrupts normal email.

I remember a time before spam. Email was good then. I miss it.
posted by Nelson at 3:46 PM on April 15, 2010 [1 favorite]


has $1 changed hands because of spam in 2010?

I can guarantee it has.

Fax me ten bucks and I will provide hard evidence.

Fifty bucks if you want that evidence extra hard and longer-lasting.
posted by turgid dahlia at 3:47 PM on April 15, 2010 [14 favorites]


Although, now that I think about it, perhaps an intelligent spammer could strip out whatever comes after the +.

The funny thing about spam, though, is just how lazy spammers are. I run a mail server for a small non-profit organization - something like 200 legit messages in and out every business day.

There are basically three kinds of spam that we get. Spam from known spammers on published blocklists makes up about half of it, and that stuff doesn't even make it to the spam scanner before my system rejects it.

The other half is almost entirely so badly formed that it is barely recognizable as email - that is, it fails to implement really obvious parts of the email RFC standards. Stuff that would only be slightly more work to forge plausibly than to just implement wrong. Like return addresses that aren't formatted as email addresses, or claiming to be sent from a server identified with a random alphanumeric string instead of an IP address or a domain name. That stuff also gets blocked out before it even gets to my spam scanner.

The active scanner only winds up having to block around a dozen messages per day. The percentage of spam that passes the laugh test is absurdly low.
posted by zjacreman at 3:48 PM on April 15, 2010 [2 favorites]


Wait, what's wrong with attachments now? How else am I supposed to deliver work product to people in different areas of the world, instantly? I'm not returning to the bygone era of faded, scratchy, barely-legible faxes.
posted by bunnycup at 3:52 PM on April 15, 2010


Malor: What I do is run my own domain, and issue unique, per-sender addresses as I need them. With a whole domain, the email address becomes who it's FROM instead of who it's TO. This lets me track usage of an address, and if someone sells my address (Greatflowers and MacHeist both appear to have sold me out, for instance), I can simply remove that address from my whitelist and cease communication with them. My actual final target address is never given out. Everything is an alias pointing to that destination.

This may be the best idea I have ever seen on Metafilter. You should put the information up on who's selling their address lists to spammers on a website or something. The revelation about MacHeist alone should be broadcast far and wide.
posted by JHarris at 3:53 PM on April 15, 2010 [3 favorites]


on that note, the big question: Does Spam Work?

Yes. A typical spam operator needs very few paid responses to make a profit, less than one in a million. Also, most spam is selling on the black market or is a straight up con.
posted by krinklyfig at 3:57 PM on April 15, 2010


fartknocker: “Why aren't we furious about email's dysfunction? ... Are we really stuck with this crap?”

I agree completely, if by 'email' you mean 'Outlook on Microsoft Server.'
posted by koeselitz at 4:04 PM on April 15, 2010


Stuff that would only be slightly more work to forge plausibly than to just implement wrong. Like return addresses that aren't formatted as email addresses, or claiming to be sent from a server identified with a random alphanumeric string instead of an IP address or a domain name.

Those messages are the neurotransmitters of the Eschaton, or the Watchmakers. You can delete them anyway; their real purpose is server to server and datacenter to datacenter; actually arriving in your inbox is incidental.
posted by ROU_Xenophobe at 4:04 PM on April 15, 2010 [3 favorites]


Agreed that Gmail makes spam mostly invisible.

So is there some sort of blocking going on so that only dubious spam makes it to the "Spam" folder, with the obvious spam just getting blocked outright?
posted by dunkadunc at 4:14 PM on April 15, 2010


has $1 changed hands because of spam in 2010?

of course it has. there are still people using Google to try to log into Facebook, ffs.
posted by desjardins at 4:16 PM on April 15, 2010 [3 favorites]


milestogo, that's the greatest feature I've seen yet for gmail. I tested it and was pleasantly surprised when it worked as you advertised.

Any idea what the feature is called?
posted by talkingmuffin at 4:17 PM on April 15, 2010


> The nice thing is that there's a Gmail domain setting that does exactly what you're talking about, except automagically

In your postfix virtual file, you can add "@yourdomain.com emailusername" and it will do the same catch all. The problem with the catch all is that spammers will also try bob@yourdomain, etc. as part of a dictionary attack. So sales, marketing, etc. will get hit just as well. So you end up opening up a huge flood of messages to your inbox that you then have to sort through again.

And of course, this works only if you have one user per domain, you could do "blah@mom.yourdomain.com" and the mom indicates to send the email to your mom, etc. Since you own the domain, you can issue as many subdomains as you feel like it, if you want to dick around with your mailfilter.

I haven't played around with it, but what I would really like is on the fly alias and mailbox generation for per user aliases. So you signup with amazon as mrzarquon-amazon@yourdomain.com, and as soon as the first message hits your mailserver, it creates an amazon folder in your inbox and dumps all amazon mail into that folder. Or with gmail, it would create a label called amazon, and let you sort that way. The problem with this solution is if everyone uses it, then the spammers know that not only can they send you email, they will try variations (and create tons of labels / folders automagically on your server). so you get sent mrzarquon-BUYVIAGRA email, and it nicely creates a BUYVIAGRA folder in your inbox and puts messages in it. granted you could blacklist it immediately, but then they could do BUYVIAG@, etc.
posted by mrzarquon at 4:24 PM on April 15, 2010 [2 favorites]


> Any idea what the feature is called?

It's just email aliases, gmail does it automatically if you append + to your username, but I would love it it would alias and create a label for it at the same time. The feature has been around forever, but you had to create the aliases first for it to work, gmail really has just modified it's smtp system to accept username+* for messages to username.
posted by mrzarquon at 4:27 PM on April 15, 2010


perhaps an intelligent spammer

Thank god that species has never been spotted in the wild.
posted by Horace Rumpole at 4:28 PM on April 15, 2010


IMHO gmail has solved the spam problem completely.

Gmail has, for me at least, resulted in a different problem. They have some kind of wildcard system going for email addresses, so if my official address is

j.bob@gmail.com

Mail sent to j_bob@gmail.com or jbob@gmail .com etc. also gets to me. This acts as a multiplying factor for misaddressed emails. About 50% of the mail I get in my Gmail account is not actually intended for me. About half of it is for some republican in Utah (I get lots of mail outs from US senators, and also this guy's phone bills), the rest is split between some guy who's really into fishing, judging by the number of invitations I get to come out to the lake on the weekend, and a law student who's trying to get a paper published on differences between the US and Latin American court systems.
posted by Jimbob at 4:28 PM on April 15, 2010 [3 favorites]


(I should also say, historically, the mail administrator could create any aliases for a domain, so foo@bar.com goes to blargh@bar.com, etc. the username_whatever or username+whatever is a result of letting users create their own aliases, on some unix systems it would be as easy as modifying the .mailrc folder in your home folder to add aliases for your unix account)
posted by mrzarquon at 4:30 PM on April 15, 2010


I empty between 50 and 100 spams from my trash each day.

Why would you even do that? I can't remember the last time I manually emptied the trash in my email client (or the trash on my computer, for that matter). It was probably more than ten years ago. Computers are great at automating menial tasks like that!

Sure, spam is a problem, in that it's wasting resources; but if it's bothering you as a user of email, you're doing it wrong.
posted by a little headband I put around my throat at 4:32 PM on April 15, 2010


nthing gmail

I current have 4 email accounts that I manage via Thunderbird at home. Two accounts on own domains, 1 Yahoo account and 1 Gmail account.
I've yet to get a single spam email via my gmail account. The other accounts deliver tons of spam daily (about 80% spam vs real email) even though I keep training the Thunderbird spam filter.

I'm now considering using gmail with my domain names to address this problem.
posted by Hairy Lobster at 4:34 PM on April 15, 2010


Bunnycup, attachments in email are a bad idea, even if sometimes useful. The protocol (SMTP) wasn't designed for transferring files. Imagine one attachment plus the reply-all button and you can easily see how it becomes very wasteful. FTP was the original "correct" way to transfer a file. Try hosting the file somewhere (many services exist for this) and just email a link to your clients.
posted by fartknocker at 4:35 PM on April 15, 2010


> I have a limited amount of fury. There are other, more infuriating, things I need to be furious about.

I'm much madder about what spammers did to usenet. Like metafilter, stackoverflow, overclock.net, and 4chan all wrapped up in one supremely useful, amusing, abhorrent location it was--pre-AOL, pre-Green Card.
posted by jfuller at 4:36 PM on April 15, 2010 [4 favorites]


So is there some sort of blocking going on so that only dubious spam makes it to the "Spam" folder, with the obvious spam just getting blocked outright?

I don't know about that, but I'd be surprised if Google weren't doing some blocking at the edge routers.
posted by krinklyfig at 4:37 PM on April 15, 2010


About the "+" type addresses - there are many badly written web apps out there that reject email addresses with + in them. We even have people in AskMe wrongly suggesting that rejecting email addresses with + (or - or ' or any of a number of other valid if unusual characters) in the local part of the address is ok.

Now, of course, I'm wondering if some of those sites weren't written by incompetent people, but by people who don't want you to filter mail from them.
posted by i_am_joe's_spleen at 4:37 PM on April 15, 2010 [3 favorites]


Gmail handles my spam pretty well and I never give it a second thought. But on nights like these, when mrs. ouke is stuck on an airport in some godforsaken country, I love to open my spam folder and try to imagine what they would look like: Lilliana Criselda, Laura Sasha, Martha Louanna, Vernetta Jesenia, Tova Anjelica, Shelia Dana, Laticia Tisa, Nana Elmira. All those bot generated names ending with -a, they have this certain ring to it.

Martha Louanna, the fierce redhead. Tova Anjelica, who loves to cook me some amuses while I watch Sports Night. Laura Sasha, she is cleaning the house and she does the windows too. Vernetta Jesenia, the mennonite nymphomaniac (nuff said) Laticia Tisa clips my toenails, nose hairs and that stuff that hangs from your ear and Nana Elmira makes me a continental breakfast (she's an albino and prefers to work in the dark).
I would be a wreck without my spam.
posted by ouke at 4:41 PM on April 15, 2010 [5 favorites]


attachments in email are a bad idea, even if sometimes useful

I have given up telling people this, though I had been trying since the mid-late-'90s. In the business world, they will think you're an alien from another planet if you suggest email without attachments. It's no longer the giant security risk it used to be now that Outlook doesn't automatically launch attachments, though there are still risks and plenty of arguments against it, though with very few dialup users those arguments aren't meaningful to most people anymore. I still find it annoying, but there is no way to stem the tide at this point. It's a bit like trying to educate "newbies" on "netiquette." Remember when we used to do that?
posted by krinklyfig at 4:41 PM on April 15, 2010 [1 favorite]


The problem with the username+extratext@gmail.com feature is that 50% of websites I sign up to have badly-designed email validation which think that email addresses can't have +s in them.
posted by EndsOfInvention at 4:44 PM on April 15, 2010 [1 favorite]


+ in email addresses as alias is nothing new: sendmail has implemented it for at least 15 years. Joe's Spleen is sadly correct, that many sites assume + makes an invalid address. Also sad: the main spam I've caught this way is to nelson+obama@... Apparently donating once to the Obama campaign implied my consent for every nearby Democrat to spam me.

The protocol (SMTP) wasn't designed for transferring files.

The hell it wasn't. Every email transmitted via SMTP is a file. You can argue that SMTP isn't the best choice for transferring large files, but in practice it works remarkably well. (Except for PDFs with viruses in them, but you can't blame SMTP for that snafu).
posted by Nelson at 4:46 PM on April 15, 2010 [1 favorite]


I did the unique-address for everyone trick myself for a while. And once you've been joe-jobbed a couple times, I guarantee you'll never leave your domain wide open like that again. But as 0xFCAF found, it revealed very few online entities were actually selling my address to spammers, and ultimately it's a lot of work to keep them straight. (Hmm... what address did I use to open this account?)
posted by fartknocker at 4:47 PM on April 15, 2010


The hell it wasn't.

Well, maybe you're right. But why didn't they call it the Clever Mail Transfer Protocol, then?
posted by fartknocker at 4:49 PM on April 15, 2010


I appreciate those that think attachments are wasteful, but remember they are a step up creating an electronic document, printing it, faxing it to someone else, where it prints again.

When you say that they are wasteful, my sincere question is - "Of What?" Space on a computer or a server would be irrelevant to my clients (and to me), compared with the time sink involved in teaching them what FTP is, especially considering I work with large scale international corporate clients who are not in a million years going to change track for me. It's certainly incredibly useful and time saving for me to have the ability to save attachments in my email, using it as an archivable file notes system. I receive sometimes as many as 200 emails a day, and having the emails and files in one place saves me, literally, hours of work in file noting, importing and organizing. This is coming from someone who has used FTP, and is certainly not scared of the term. But unless someone's got a system that incorporates the documents so that I automatically have the April 15 request for contract revisions stored with the April 15 document in a searchable system, it would be an enormous efficiency loss and step backwards for me. And that is what I would call wasteful.

I'd love to be sold on it; I try always to be open to a better way of doing things, but it has to be better in practice, not theory. So by all means, teach me...
posted by bunnycup at 4:53 PM on April 15, 2010 [1 favorite]


Between Comcast and Gmail, I rarely get spam. Rail against Comcast all you want (and I do), their spam filtering is top-notch.
posted by Thorzdad at 4:56 PM on April 15, 2010


It's too close to the semi-successful concept of sending postal mail advertising Product Z for people to think about it as being all that different.

Pretty soon the people that remember postal mail will all be dead.
posted by Meatbomb at 4:59 PM on April 15, 2010


In other email news: Yahoo, Feds Battle Over E-Mail Privacy
posted by homunculus at 5:07 PM on April 15, 2010


I had spam for breakfast, I didn't see it as a problem at all. It wasn't bacon, but it was pretty good!
posted by HuronBob at 5:08 PM on April 15, 2010


I did the unique-address for everyone trick myself for a while. And once you've been joe-jobbed a couple times, I guarantee you'll never leave your domain wide open like that again.

Yeah, it's important not to issue any kind of catch-all aimed at your main mailbox, or you'll end up with a flood of crap. A catch-all on a domain will suck in a huge amount of spam.

What I did, as a failsafe, was to route the catchall to a separate username, so that I could log in and check if I'd missed anything. I caught a few mistakes early on that way, but at this point, I haven't checked that account in months. I should probably just trash the mail instead. Outright refusing it lets intelligent spammers fish for correct email addresses, but accepting anything and tossing it if it's not recognized gives them nothing. And it causes you no extra hassle.

As far as knowing what email address I used for a particular website.... if I don't recall, I just grep my virtual file, takes ten seconds. :)
posted by Malor at 5:10 PM on April 15, 2010


the only spam that really makes it through my gmail filter is from websites that I once signed up with and can't get to stop marketing to me.
posted by krautland at 5:17 PM on April 15, 2010


Macheist leaked my address too. But I don't think they sold it - I think they were hacked. I also get spam from addresses I associated with the well-known blogs Boing Boing, Making Light and a bunch of other ones - surely you don't think they sold my address too?

I can't see that Macheist would have thought it in their interests to make a (very) few dollars selling email addresses, when they actually make money by selling software. I contacted them about it and they were plausibly surprised. But they really should have made some sort of public announcement about it.
posted by Joe in Australia at 5:23 PM on April 15, 2010


I use Yahoo for my general email. Yeah, I know it's not as good as Gmail, but it's still pretty good. I get a few spams a day in my inbox, easily deleted without reading, and I've had like one false positive in four years.
posted by localroger at 5:24 PM on April 15, 2010


Why aren't we outraged about the superflous comments on metafilter? You're going through a thread with cogent on topic arguments and some halfwit posts some long boring drawn out comment that wastes your time when you should really be working. Meanwhile you've got some goof rambling on and on. You've heard it said that this is an age of moral crisis and that Man's sins are destroying the world. But your chief virtue has been sacrifice, and you've demanded more sacrifices at every disaster. You've sacrificed justice to mercy and happiness to duty. So why should you be afraid of the world around you? If you have a milkshake, and I have a milkshake, and I have a straw. There it is, that's the straw, you see? Now my straw reaches across the room, and starts to drink your milkshake. I drink your milkshake. I drink it up. Yet they stare now across the plain at 10,000 Spartans commanding 30,000 free Greeks. The enemy outnumber us a paltry 3 to 1, good odds for any Greek. This day, we rescue a world from mysticism and tyranny and usher in a future brighter than anything we can imagine. Give thanks, men, to Leonidas and the brave 300. You call yourself general because you spent years at the academy where you only learned to use knife and fork. For years, the military obstructed me. All you ever did is thwart me. I should have had all the high officers executed. Like Stalin did. I never went to the academy. But I conquered all of Europe on my own. Traitors. I've been betrayed and deceived from the start. Such enormous betrayal of the German people. But all these traitors will pay. With their own blood. They will drown in their own blood. All my orders have been ignored. How can I be a leader under these circumstances? It's over. The war is lost. Forget the top of Mount Everest, forget the bottom of the sea, the moon, the stars, there is no place nowhere that has been the object of more ambitions, more battles than the sweet sacred mystery between a woman's legs that I am proud to call my pussy. Tonight, let us shake this cave. Tonight, let us tremble these halls of earth, steel, and stone. Let us be heard from red core to black sky. Tonight, let us make them remember: This is Zion and we are not afraid. If you can't find that stuff in life, then you, my friend, don't know crap about life. And why the fuck are you wasting my two precious minutes with your comment? I don't have any use for it.But didn't I mention? The ongoing WOW is happening right now. We are all co-authors of this dancing exuberance, for even our inabilities are having a roast. We are the authors of ourselves, co-authoring a gigantic Dostoevsky novel starring clowns. An assumption developed that you cannot understand life and live life simultaneously. I do not agree entirely, which is to say, I do not exactly disagree. I would say that life understood is life lived. But, the paradoxes bug me, and I can learn to love and make love to the paradoxes that bug me, and on really romantic evenings of self, I go salsa dancing with my confusion. Before you drift off, don't forget, which is to say remember, because remembering is so much more a psychotic activity than forgetting: Lorca, in that same poem, said that the Iguana will bite those who do not dream, and as one realizes that one is a dream figure in another person's dream... that is metafilter.
posted by Smedleyman at 5:25 PM on April 15, 2010 [4 favorites]


bunnycup: When you say that they are wasteful, my sincere question is - "Of What?" Space on a computer or a server would be irrelevant to my clients[....]

This is one of those cases where what you say makes absolutely perfect sense for an individual or a small organization. Being able to email attachments and have them right there is very handy. It's a nice way to organize yourself, and it makes it easy to find files quickly. From an individual perspective, this is a very smart thing to do.

The problem is that it doesn't scale very well. When you get to the level of hundreds of users, having all those attachments in emails means that mailbox sizes balloon. And when you're running through a central service of some kind, Exchange being the most common option, the IT team ends up with a gigantic database, just enormous. And this becomes a big management problem, because the size of the database will rapidly outstrip cheap storage methods, requiring things like abstracted storage and a storage fabric. Further, it gets very expensive and difficult to scale machines up high enough to deal with the sheer volume of information required. And as the size of the database increases, the chances of errors in that database also increase, and it's possible for YOU to lose data because another section of the database has gone wonky. And backups become a problem, because the OS sees the database as a single monolithic file, and can't easily back up only what has changed. There are backup programs that partially fix this problem, but they're not as good as simple file-based backup.

Providing this service on a large scale can certainly be done, but there's a very expensive spot between outstripping the capabilities of simple machines to handle the problem, and finally scaling to enough users to make it cost effective again. The expense jumps by orders of magnitude, and then you have to catch the size of your userbase up to the new physical architecture.

Further, you run into 'who has the information?' problems, when a client sends you a file. What if someone else needs it, but you're not there? You're typically the only person with access. By putting things like this in a defined storage pool of some kind (local fileserver), all the information can be automatically made available to your workgroup or larger organization, as business rules dictate, without you having to be involved.

There's a fundamental impedance mismatch between the way Exchange works and the way file sharing typically works, and making a scalable solution is much, much more painful than it should be. Exchange can store files, but it's not good at it.

Very small organizations can just use it that way without running into scaling problems, and very large organizations can invest the resources to build a system to provide the same advantages while working around the problems, but medium-sized organizations really feel the pinch. And that's why people tell you that attachments are bad... because providing an email service that can handle them well rapidly gets frighteningly expensive for mid-sized companies.
posted by Malor at 5:40 PM on April 15, 2010 [2 favorites]


Between my Gmail accounts and my BlackBerry, email works spectacularly well for me.

I even enjoy transferring sensitive confidential documents using S/MIME (as long all parties involved are using OS X Mail)
posted by i_have_a_computer at 5:45 PM on April 15, 2010


Malor, that makes complete sense, in a way that manages to comprehend what I see with my eyes and experience, but also explain how that fits into a bigger picture. Thanks for taking the time to respond! Believe it or not I am, even with my own very painfully obvious limitations, one of the more savvy non-IT side people among my colleagues. Quite clearly I don't know much, but I'm always trying to keep my ears open and figure out better ways to do things. So I appreciate understanding it.
posted by bunnycup at 5:48 PM on April 15, 2010


We run our own domain, and spam filtering got to be such a pain that I forward all the mail from my address on the domain to Gmail. I have no trouble believing that Gmail and corporate email providers are spending a lot of staff time and effort on the spam problem.
posted by immlass at 5:53 PM on April 15, 2010


I run a small ISP and we've got two full-time admins working on spam and email. I think we do a pretty good job at it, plus we don't read your email to market advertisements to you. There are reasonably priced, capable alternatives to Google.

I've had the same email address for 16 years, so I eat my own dogfood.
posted by pashdown at 6:03 PM on April 15, 2010


> "Of What?" Space on a computer or a server would be irrelevant to my clients (and to me)

I've worked with small businesses that every client had a secondary mailbox setup on their workstation, called "office" which all essential office documents were emailed to and sorted in. The problem happened is the folders were imap (so they could synchronize updates) which also meant major latency issues if Bob decided to store his 200 meg powerpoint document in the 2010 projects imap folder at the same time Susan who was on the road checked her email (since it would check both accounts). This worked fine with four people in the office, but when it became 20, the system just wouldn't scale.

One solution was to migrate them to Kerio (my mailserver of choice, mail stored as flat files, easy to backup, easy to restore, does activesync, etc.) which had a great web interface, and then they could grab files from there. That way it wasn't until they clicked "download this attachment" that they would actually grab them. But this was too complicated (the business practices had to be understandable by the 'owner' a semi retired artist who spent most of her time painting), so back to imap mail folders it was.

The real problem was that they pushed their business practices way past the breaking point, and kept finding ways to keep doing things exactly the same, instead of reevaluating why they were doing that in the first place. Which was because when they started using the file server, they didn't have any metadata search support, or any way to track changes or append notes to a document. What they really needed now an asset management system, instead of a "search your mail folder, if it was synced properly." I don't even want to know the wasted amount of space that all the identical copies of their 200 meg powerpoint presentations are taking up on their mailserver (which is the other thing, you send a file to 6 other people in your office, you've just made 7 copies, not only to the 6 other people, so that it can be accessible in their own mail folders, but the copy that resides in your Sent Mail folder as well).
posted by mrzarquon at 6:03 PM on April 15, 2010


pashdown wrote:
... we don't read your email to market advertisements to you.
In other words, they only read your email to check it for spam.
posted by i_have_a_computer at 6:12 PM on April 15, 2010


Count me amongst those who see very little spam these days. I have a variety of email accounts hosted at different places and for various reasons some of my email addresses are posted in full on public web sites. All I can guess is that the folks running the filters are doing a great job.

I also do the unique address per site thing (and have also noted that my MacHeist address has been spammed) on my personal email. I use a commercial email provider who do the plus-addresses noted above, but also turn your email address into a unique domain. So if your email is user@example.com, you can use whatever@user.example.com, without having to set up anything for each address. It's very handy, and gets around the web forms that don't like a + in an address.

And correct me if I'm wrong, but isn't the story these days that most of the spam is being sent from botnets? This suggests that spam is just the more visible symptom of pervasively-bad computer security, particularly in old operating systems. Knowing that, however, doesn't necessarily make the problem any easier to fix, I guess.
posted by damonism at 6:13 PM on April 15, 2010


So since it is universally thought of as something annoying and something nobody wants at all, how the hell is Spam® still in business? Why are they even making the stuff? Who eats that?
posted by cashman at 6:16 PM on April 15, 2010


My Gmail account still lets Spam through; this morning alone I had to eliminate 7 junk messages from my inbox (mind you Gmail caught the other 8 messages that were Spam).

My only complaint with Gmail: its filter system will not let me send messages that I consider Spam to the spam folder, eg. I get a lot of "PR" messages for some reason, and I could eliminate them easily with a 'public relations' filter. Currently the filter only allows me to send those messages to the Trash, where Google's Spam tracking doesn't work, so forwarding them there doesn't help Google eliminate Spam, it simply masks the problem.

This is a gaping hole in Google's attempt to eliminate Spam, so at the moment I still have to tick all the messages that are spammy and manually send them to the Spam folder. Granted it doesn't take that much time as there are usually less than 10 per day, but it's still an annoyance.
posted by bwg at 6:36 PM on April 15, 2010


FWIW, I love me some gmail like a man loves another man in prison when he has no choice but damnit it's gonna be a long five years...

Um, what?

Oh yeah. I've caught exactly one legit email in my gmail spam. My hand to god, it was a legit job offer...almost a month old. So YMMV [add additional acronyms as necessary].
posted by digitalprimate at 7:11 PM on April 15, 2010 [2 favorites]


Gmail's "filter messages like this" has allowed me not only to keep my inbox spam free but also noise free. I've built up around 200 filters that make sure only the truly important stuff makes my inbox ( and more importantly, pushed to my mobile device) and all other non-spam is tagged as "noise" that gets infrequently reviewed. The second a friend starts spewing cc's to me they become noise.

My only wish is that gmail would intelligently combine all my many different "skip inbox, label as noise" filters into one massive badass filter, but then it would likely become sentient and eat all the food in the fridge.
posted by jlowen at 7:22 PM on April 15, 2010


bwg: Isn't that what the "Report Spam" button is for?
posted by Aizkolari at 7:25 PM on April 15, 2010


Am I the only person who still doesn't use GMail as their primary account just because I don't want Google to have archives of all my mail? Have I crossed over into tinfoil asshattery?
posted by chrominance at 7:27 PM on April 15, 2010 [1 favorite]


chrominance: “Am I the only person who still doesn't use GMail as their primary account just because I don't want Google to have archives of all my mail? Have I crossed over into tinfoil asshattery?”

Well, chrominance, considering this niggling little factor:

pashdown: “I think we do a pretty good job at it, plus we don't read your email to market advertisements to you.”

i_have_a_computer: “In other words, they only read your email to check it for spam.”

... I guess some people figure, better the devil I don't have to talk to on the phone. (Chances are somebody is reading your email.)
posted by koeselitz at 7:33 PM on April 15, 2010


bwg: Create a label for these messages. Call it "PR". Set up a filter to label all those messages as "PR". Then click on that label in your side bar each day, click on "Report as Spam". Done.
posted by Joe in Australia at 7:34 PM on April 15, 2010


I love gmail. Then again I am not a member of any subversive or transgressive affinity groups. I imagine it would truly suck to want to use the internet and e-mail burdened by persecution fantasies.
posted by bukvich at 7:40 PM on April 15, 2010


Have I crossed over into tinfoil asshattery?
...That depends, what do you have to hide?

More seriously, I do the same, but more because I'm still proud of my domain name. I may start using Postini to filter spam in a forum/mailing list I administrate. ... Postini is owned by google.

I avoid services and operating systems that put me in a service relationship with my data, or, more importantly, a service relationship with my software or hardware.
posted by sebastienbailard at 7:45 PM on April 15, 2010


Email is stil the killer app for the internet age. It has zero barrier to entry and is incredibly robust.

It would be hard to replace it, warts and all.
posted by clvrmnky at 7:45 PM on April 15, 2010


Malor wrote: "I just edit my Postfix "virtual" file"

It's ridiculously easy to have postfix read virtual or whatever other table from an SQL database.

I use DBMail (with DBMA as a web configurator) since I can't be bothered to move old emails into folders and Maildir and MBOX both suck for super-large mailboxes. This lets me easily add aliases (and real email accounts) at the click of a button. I only have 40 or so aliases at the moment, all pointing to my main email account. (my user profile email is one of those aliases, obviously)

Malor wrote: "The expensive part is delivering it outside of the colo."

The expensive part is the hardware to handle hundreds of thousands of spams a day. It's not too bad if you can catch them early with an RBL, but once you get past that point, calling Spamassassin or whatever is rather expensive.

Being an administrator of mail servers for several relatively small businesses (but large enough that outsourcing the email ends up being more expensive), I could go on forever about my fights with spam. And we still don't catch it all, just the vast majority. Most of my users end up seeing between one spam a week and a couple a day, depending on how many stupid lists they've gotten themselves on. If I could get them to click the "this is spam" button, the bayesian filtering would do a lot better, though.

fartknocker wrote: "Try hosting the file somewhere (many services exist for this) and just email a link to your clients."

That's what my webmail package does, but nobody uses it except to access their email from home.

Malor wrote: "There's a fundamental impedance mismatch between the way Exchange works and the way file sharing typically works, and making a scalable solution is much, much more painful than it should be. Exchange can store files, but it's not good at it. "

Better email servers/programs can do things like IMAP shared namespaces, which allow multiple users access to the same mailbox, that eliminate most of the problems. The latest version of DBMail even consolidates multiple identical attachments and stores them only once in the database. That alone will cut at least 25% off my database size.

For backups, a text dump of the database through gzip using the rsyncable flag cuts the amount of data to be transferred offsite each night to a very reasonable amount.

That Microsoft has chosen to make as little progress as possible on the email front is Microsoft's problem. Thankfully, there are other solutions. The only unfortunate part is that the open source solutions tend not to do as well with the other things Exchange/Outlook do, like calendaring.
posted by wierdo at 7:49 PM on April 15, 2010


Another satisfied Gmail customer. I use a university email as a primary address, and keep everything archived to a Gmail account. My uni account is heavily spammed (it's a widely available address, and I've had it 13 years). But the archive copies that forward to Gmail always exclude the spams. I wish my university's outward facing spam filtering was a lot better. Even so, I have Apple Mail's junk filter pretty well trained by now.

To me, the bigger problem isn't mass-market spam, but the amount of PR email I get from people intentionally target me because of my job and interests. I'm sick of people acting like my email address is an open box for them to dump shit into and expect a reply or for me to forward or promote their stupid concert or band or event. Take it to fucking facebook. Email is for business.
posted by fourcheesemac at 7:54 PM on April 15, 2010


The worst SPAM I get is some memo or other from some other department at the university, which the chair then forwards to me. An hour later, the secretary does the same. The next day, the other secretary is catching up and then sends it again. Seriously I get at least three copies of almost every fucking piece of bureaucratic drivel out there and the forwarders just don't get it -- they are covering their ass I guess and also don't want to sort out their mutual workflows, but argh. Meanwhile, I get about 10% real SPAM on my regular university account and nothing on gmail.
posted by Rumple at 8:05 PM on April 15, 2010


Being an administrator of mail servers for several relatively small businesses (but large enough that outsourcing the email ends up being more expensive),

$50 per user per year is expensive? I don't see any reason for a small or medium sized business to be on anything but Gmail. I know that sounds far-reaching, but it really is the bee's knees. The API is wonderful and if Gmail doesn't do something natively, it is a breeze to write a script that calls up their API and does it for you.
posted by geoff. at 8:15 PM on April 15, 2010


i_have_a_computer writes,

"In other words, they only read your email to check it for spam."

There is a distinct difference between an automated process scanning email and spam scoring it, or cleaning out attached viruses, and databasing your email content and who you exchange email with so you can be fed advertising. By policy we don't open and visually read email without customer permission. Instead we rely on submitted spam and a variety of other non-intrusive techniques for modifying our scoring and filters. If scanning for spam/virii is "reading" then SMTP must be as well because it scans for protocol and delivery information.

"The Gmail service includes relevant advertising and related links based on the IP address, content of messages and other information related to your use of Gmail.
Google's computers process the information in your messages for various purposes, including formatting and displaying the information to you, delivering advertisements and related links, preventing unsolicited bulk email (spam), backing up your messages, and other purposes relating to offering you Gmail."


Maybe you're comfortable with that, I'm not. Our customers seem to agree.
posted by pashdown at 8:17 PM on April 15, 2010


Yet another Gmail advocate here. I get about one piece of spam a week, and that's someone whose email address is plastered promiscuously all over the web. It long ceased to be an issue for me. Just forward everything to a catch-all Gmail addy and you're done.

I've also noticed that Facebook is being used as a sort of Tier-1 email alternative these days since Facebook friending is (for most people) a sort of de facto whitelist.
posted by unSane at 8:21 PM on April 15, 2010


(and, yes, anything that goes through Gmail is being monetized in some way. You know what? I don't care. Every node that email passes through can read and exploit it. Email is inherently insecure unless you take explicit steps to secure it).
posted by unSane at 8:24 PM on April 15, 2010


My main gmail account, which I got early enough on that it's a simple English word (not hard to guess), is overrun with shit people have signed me up for. Let's see, the latest one is that it seems someone named OLFASHIONMALE has used my email address to sign up for BLACKpeoplemeet.com. I am not male, I am not black, and I am certainly not interested in the five Georgia-dwelling ladies in their 40s that this email is giving me details about. Imagine this times a thousand. It never ends. And gmail doesn't mark them as spam because it looks like something I legitimately signed up for. This mailbox is unusable for regular mail.

I get all sorts of random crap, and my inbox has 2400+ messages in it, and I have set up tons of filters for the stuff I saw coming through repeatedly from the same business.

I mostly just can't be bothered with it anymore, and years ago I set up another gmail account that is not a guessable word, that I only give out to friends and family. I still use the spammy one for sites I sign up for, since most of them send me all sorts of bullshit mail I don't want, even if I check (or leave unchecked) the appropriate option at signup that I don't want any of their mail unless it involves a transaction I initiated with them. But hey, it keeps my emailed product key codes and password resets, and stuff like that, all nice and searchable, while leaving my secret email address blissfully clean.

I feel sorry for the other people with simple English words or simple names as their gmail address. I bet they get a lot of the same thing.

Somewhat related: anyone else getting pissed at all these sites I sign up for that want me to give them my gmail password so they can spam everyone in my address book? That shit infuriates me. And they always make the "skip this" link tiny and unobtrusive and far down the page and almost invisible. Bastards.
posted by marble at 8:24 PM on April 15, 2010 [2 favorites]


We drink from a contaminated spigot, but as long as the filter gets out most of the garbage, most are unconcerned about looking for a cleaner source. Seems to be the message here.

Although I completely agree with clvrmnky, it will be very hard to replace, no matter how poorly it works. Maybe I was just trying to get folks to think about it. And I will continue to dream about a long-form communication protocol that is both easy to use and hard to spoof.
posted by fartknocker at 8:33 PM on April 15, 2010


And while I'm dreaming, I will also dream about all the cool things engineers currently working on anti-spam and anti-virus filters for email (a truly grand legion, I think) might be working on if they didn't have all that junk taking up their time.
posted by fartknocker at 8:39 PM on April 15, 2010


Gmail hasn't eliminated spam, but as the victim of an insidious list-linking attack, I'm surprised how well it copes. Perfect it is not, but far better than the "solution" my employer uses. Also, if your listserv doesn't send email confirmation, you deserve time in productivity jail. If your listserv also sets a password without confirmation, you deserve a productivity death sentence.
posted by pwnguin at 8:40 PM on April 15, 2010


I'd agree with most people that "true" spam is mostly under control these days. But I don't know that this covers the whole problem of "unwanted email". Over the last few years I've started to find my inbox filled with "pseudo" spam: an never-ending torrent of officially-endorsed work emails addressed to "all staff" or "all members of professional society X" or some such, informing me of irrelevant details, requiring me to pretend to have read them, or engage in some minor task that only takes 5 minutes, but needs to be done now. I get so many of these emails, unwanted and unsolicited, of which 99% have no bearing on my job. It's easy enough to filter all of them out (most of them even have "allstaff" tags), but I've never found any algorithm that can pick out the 1% of pseudo-spam that I really *do* need to read. So I'm stuck reading 10-20 inexplicably long, poorly written emails every day instead of doing my damn job (this is in addition to real emails from people I actually work with, of course). About once a month one of these emails turns out to be massively important, even though it *looks* almost identical to the 100 or so irrelevant ones that preceded it.

At an abstract level, the problem is the same one that produces true-spam -- it costs nothing for the sender to spam the whole university, because they belong to the administrative branch that is explicitly authorised to do so. But since the vast majority of potential recipients are interested only in a tiny proportion of such emails, everyone ends up with a horrendously low signal-to-noise ratio in their inbox. It's spam in almost every meaningful respect: I don't count the fact that the email pertains to the "grains research council" rather than "cheap drugs" to be meaningful, since I don't want to hear about either one. The only difference is that the sender is necessarily whitelisted. Ideally, there should be some way to force the sender to bear the real costs of those emails, in terms of frustration, lost productivity etc., but it doesn't seem very likely.
posted by mixing at 8:51 PM on April 15, 2010


$50 per user per year is expensive? I don't see any reason for a small or medium sized business to be on anything but Gmail.

Exactly. You simply can't beat that cost proposition, especially for small/medium businesses. Plus, Google Apps Premier Edition comes with Postini, which provides much more robust spam and virus filtering than Gmail itself.

"The Gmail service includes relevant advertising and related links based on the IP address, content of messages and other information related to your use of Gmail.
Google's computers process the information in your messages for various purposes, including formatting and displaying the information to you, delivering advertisements and related links, preventing unsolicited bulk email (spam), backing up your messages, and other purposes relating to offering you Gmail."


Maybe you're comfortable with that, I'm not. Our customers seem to agree.


This is only for free, public Gmail accounts. Google Apps Premier and Education Editions do not include advertising, and the only processing they do with your mail is the same thing you're doing - spam and virus filtering, formatting and archiving. In fact, many ISPs are now offering Google Apps rather than hosting mail themselves.
posted by me & my monkey at 8:54 PM on April 15, 2010 [1 favorite]


me & my monkey writes:

"In fact, many ISPs are now offering Google Apps rather than hosting mail themselves."

Do they answer the phone? Because I'd like a word with their Usenet (ie: Google Groups) administrators. Gmail spam filtering may be excellent, but Google has long been known as the most serious offender for Usenet spam. Yes, some people still use it.
posted by pashdown at 9:03 PM on April 15, 2010


About the "+" type addresses - there are many badly written web apps out there that reject email addresses with + in them.

I used to use this method. There's an even bigger problem with it than web apps that reject e-mail addresses with "+" in them—apps where they initially accept them, but later change their software to reject them. Whoops, you can't log in anymore!

Now I use Sneakemail.
posted by grouse at 9:04 PM on April 15, 2010


geoff. wrote: "$50 per user per year is expensive?"

Compared with the cost of setting up a mail server and looking at it every once in a while when something goes wrong, yeah. Especially when you consider that you have a lot more control over who has access to your data, you know you have good backups, you have the ability to have essentially unlimited mailbox sizes, and you have the desire to not have to pay Google $50 every time you decide you want to add a role account.

A decent mail server for a hundred folks or so only runs a couple grand, and only very rarely would something go wrong enough to cost more than the cost of Google in maintenance. I suppose if you were running Exchange or Domino, the calculus would be quite different thanks to the exorbitant cost of licensing.

Granted, you do get better webmail out of the deal, plus all of the other Google Apps that nobody who is already paying for Office licenses wants.

Now, a truly small office of 5 or 10 people? That's hosted territory right there, even though I've had enough bad experiences with hosts with supposed backups losing my data, I don't really trust anybody to get it right.
posted by wierdo at 9:04 PM on April 15, 2010


Oh, and the spam solution form critique history is laid out in this AskMe.

Disclaimer: I'm the asker.
posted by pwnguin at 9:08 PM on April 15, 2010


That's pretty neat, pwnguin. I wasn't aware of its provenance when I linked to the slashdot post.
posted by fartknocker at 9:21 PM on April 15, 2010


In the interest of full disclosure, I should note that I work with Google Apps deployment and training pretty often. But I used to be an Exchange admin for a while.

Do they answer the phone? Because I'd like a word with their Usenet (ie: Google Groups) administrators.

If you're paying them money, yeah, they're pretty good at answering the phone.

Especially when you consider that you have a lot more control over who has access to your data, you know you have good backups, you have the ability to have essentially unlimited mailbox sizes, and you have the desire to not have to pay Google $50 every time you decide you want to add a role account.

Do you vet the guy who sweeps the server room floor? For that matter, do you do background checks on the guy you hired to admin your servers? (I have some very entertaining stories in that vein.) Do you want to bet your job on your ability to restore an Exchange mailbox or an entire information store? Do most Exchange shops support 25GB per user?

As for role accounts, you really don't need separate ones for multiple roles. You can simply create one, assign aliases, then create filters to redirect mail. Or, you can just create distribution lists - you have no limits on that. A bit of a kludge, but not that big a deal.

A decent mail server for a hundred folks or so only runs a couple grand, and only very rarely would something go wrong enough to cost more than the cost of Google in maintenance.

What about ... archiving? compliance requirements? support for mobile devices? that rare occasion where you have a serious hardware failure - because presumably you're not building significant redundancy into that solution.

To me, the SMB market is really the sweet spot for Google - companies big enough that they need reliable mail, but not big enough to have the infrastructure and resources to deal with it. Right now, most of these companies run Exchange, and everything is ok except for those occasional periods where it's REALLY NOT ok, and they don't have full-time staff dedicated to supporting Exchange, and they need a separate solution for archiving, compliance, spam and virus filtering, etc. And they'll need to pay for upgrades, or face wacky situations like the last Exchange 5.5 holdouts did when the 2007 DST changes happened - upgrade, or pay $5k for a support license to get a damn patch!

Now of course, you can avoid a lot of that by not using Exchange, but all of the good mail/calendaring solutions seem to be non-free: Exchange, Groupwise, Notes.
posted by me & my monkey at 9:42 PM on April 15, 2010


Joe in Australia: "bwg: Create a label for these messages. Call it "PR". Set up a filter to label all those messages as "PR". Then click on that label in your side bar each day, click on "Report as Spam". Done."

Thanks, I'll give that a try. Still an extra step, but it will save me having to tick the individual boxes and just report them in one go.
posted by bwg at 9:56 PM on April 15, 2010


According to the mail server I manage, 100% of our inbound email is spam. What that actually means is that less than 1/2 percent of inbound email is legit.

Even with that much filtering, the users still complain about it.

Something needs to be done. SMTP isn't up to the task.
posted by MikeWarot at 11:32 PM on April 15, 2010


me & my monkey wrote: "What about ... archiving? compliance requirements? support for mobile devices? that rare occasion where you have a serious hardware failure - because presumably you're not building significant redundancy into that solution."

Archiving is cheap, not that my clients would be interested in keeping emails around any longer than necessary. Compliance is essentially a subset of archiving, not that I have to deal with that with my particular set of clients. Mobile devices? There are plenty of solutions, not the least of which is the ability for just about any device to grab email over IMAP or POP. Good ones even have instant notification through IDLE.

Redundancy? That would be the spare machine in the closet, which is sufficient (but not optimal, performance-wise) to keep yourself going until the new hardware arrives. Either that, or my current preference, which is to oversize a couple of different servers that normally perform separate functions and virtualize, such that either server is capable of handling the load of all the services.

Let's put it this way. I'll use one of my clients as an example. Google would cost them five grand a year. The mail server they use cost around $3000 including my time to set it up (I've gotten good at this over the years, but if I'm slow, say $4000) and will last 2-3 years, with $500-$1000 a year in maintenance at most. Not only that, but the server could easily scale to double the (pitifully small, by just about any standard) users with a relatively small amount of money in disks, leaving even more savings to be had.

My clients are the sort who would rather have ten grand in their pocket.

I think a lot of folks think they understand the small business market, but really don't. Their requirements are not large business scaled down as 1000 person enterprises would be.

I think hosted services are great for both the very small (less than about 20 or 30 people) and moderately large. On the low end, there's just no money to build a reliable solution on your own. When you get bigger than that, you need more than basic redundancy, because there is a lot more money being wasted by downtime, yet, as with the tiny companies, there's usually not enough money in the budget to build a proper solution. I work in the in between. What works for my current clients would not be appropriate for a thousand person shop.

And I 100% agree that doing something like that is in no way cost-effective if you're using Exchange or Domino. The licensing cost and beefier hardware required would more than eat up the savings. One can get reasonably decent calendaring with open source applications, but I'll be the first in line to say that they're not as slick as the commercial solutions.
posted by wierdo at 12:04 AM on April 16, 2010


A lot of the problems with email stem from adding HTML support a few years back. HTML has given us hot-linked graphics, hidden web-bug tracking links, and javascript exploits - all things we don't need.

Why HTML is inappropriate for email

Also with HTML the sender gets to choose the font size, surely it would be more sensible for the recipient to choose how they read incoming messages. Can you imagine if metafilter displayed every comment with the font settings of the user making the comment?

Thats something I would love gmail to add, you can apply a theme which covers the screen in bunny rabbits or beach pebbles but theres still no way to display all emails in 10 point Helvetica.
posted by Lanark at 7:04 AM on April 16, 2010 [2 favorites]


Can we also do away with users of Outlook who append a request for a delivery confirmation and read confirmation to every. single. email? Important, time-sensitive emails, I get it. But every one as a matter of course? Also who include pictures and dippy quote signatures that my side shows as an attachment. Annoying. Actually, let's just do away with Outlook. My hate knows no bounds.
posted by bunnycup at 7:09 AM on April 16, 2010


You're right, Lanark, HTML is entirely inappropriate for email. It's inappropriate for Metafilter comments, too. Why should you be allowed to put a hyperlink right here in a message we all read? It opens security holes and creates interoperability problems. Plain text was good enough for beardy guys wearing hiking boots in the 1980s, it should be good enough for us now.
posted by Nelson at 7:38 AM on April 16, 2010


It's inappropriate for Metafilter comments, too
which is why most of it gets stripped out
posted by Lanark at 7:53 AM on April 16, 2010 [4 favorites]


Thats something I would love gmail to add, you can apply a theme which covers the screen in bunny rabbits or beach pebbles but theres still no way to display all emails in 10 point Helvetica.

Gmail doesn't do view as plain text?

I've never put javascipt in an email but I have written text, inserted a figure, commented on that figure, added another image, commented on it. I do computer graphics for a living and Mr. Adam's 8 year old arguments have not quite convinced me that I should just stop using the features that I've been using.
posted by Wood at 9:09 AM on April 16, 2010


Wow, this just in from slashdot: if you've been using your own email domain email for registering accounts online, attackers can take over that domain and use the "Lose your password?" button at any site you've registered and have the new password sent to them. But as long as those spam filters are working...
posted by fartknocker at 10:16 AM on April 16, 2010 [1 favorite]


I swear I read that in preview three times without seeing the duplicate word. Also, I should emphasize the immediate message here is never, ever lose control of your domain.
posted by fartknocker at 10:19 AM on April 16, 2010


> Wow, this just in from slashdot: if you've been using your own email domain email for registering accounts online, attackers can take over that domain and use the "Lose your password?" button at any site you've registered and have the new password sent to them. But as long as those spam filters are working...

That has always been a risk, regardless of if your email was hosted by gmail or your own domain. Now if you let your domain regards be transferred or out of your control, then it would be easy for someone to just modify your domains MX records so that all mail sent to you@yourdomain.com first goes through their relay server, and then gets sent to your actual destination server.

But then, if they wanted to pickup your paypal "please send me my password email" and your email address was hosted on gmail, they could have focused on attacking the DNS servers used by paypal's mail systems, and inserted their malicious mail collector as gmail's MX server, of course with the amount of mail going from paypal to gmail accounts, i would assume it would have to be a big setup and might be noticed pretty soon. However, they could offset this by triggering a few hundred "send me my password" notifications, or just scan all the mail going through for those password notification emails.
posted by mrzarquon at 10:54 AM on April 16, 2010


> What about ... archiving? compliance requirements? support for mobile devices? that rare occasion where you have a serious hardware failure - because presumably you're not building significant redundancy into that solution.

He added that Google was not willing to provide ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent.

I think gmail is pretty damn neat and all that, and i've seen some small-medium companies implement it successfully and be able to save on the long term costs of it, but stuff like this make it very difficult for larger organizations, or institutions with archival policies. You can host all that data internally, or with your own offsite facilities in a colocation facility in the next state over, and chances are you are going to be pretty confident that relations between California and Nevada are not going to sour, leaving your sensitive medical or research information (since it could all be passed through email, as shown in this thread on how people actually work) possibly in jeopardy as it is stored somewhere else.

Granted there are tons of layers of obscurity, encryption, and whatever else going on with googles special sauce that make it pretty much so only goggle could read those emails, but for some organizations that is too big of a risk.

Also don't be surprised about the technical gains of just having your primary mailserver (if it is your primary system for a workflow) be in the office building where 90% of the email is being generated. The downside with gmail is that while you don't have to have an in house server to host all your email, you may all of a sudden be really wanting to drop 2-3x the amount you are paying right now on a faster internet connection to make it so you can keep working at the pace you are used to, since now an email to the person next to you has to go out to the cloud and back.

I do like the services model for most businesses, since it doesn't surprise them with growth. You pay $X per employee per month, that cost is absorbed as a pre-tax operational expense vs cash expense, and it just folds into the employee cost overhead. Each employee costs a company Y dollars for health insurance, Z dollars for other benefits, X dollars for their email account, etc. etc. You hire 20 more employees, and you already know what that cost is going to be. Paying for a server and having it configured and managed by someone else makes those easy breakdowns of cost disappear, instead its "crap, we need to drop $6k on a new mailserver this month because we've hit the limit of the old one and it just isn't scaling." Using a cloud model or other hosted services system makes those spikes in purchases level out to a constant run rate, which is easier to adapter to and get accostumed to, vs the emergency spending to buy $20,000 worth of equipment at the same time you are hiring 20 new employees, etc.
posted by mrzarquon at 11:11 AM on April 16, 2010


Thanks mrzarquon, all good points. The bit about the MX records doesn't exactly make me feel better, but I already hated email, so, no biggie. And I guess I've always known about how insecure it is to have a password emailed to you, just blocked it out. Kind of like how some companies will ask you to sign a form and then fax it to them as a legally binding signature. Ha! As if that couldn't be forged!
posted by fartknocker at 12:05 PM on April 16, 2010


Since March 2008 the black list servers for my work domain have rejected 59,143,548 e-mails. 94% of all e-mail addressed to us during this time. These are rejected based on the originating IP or because of the content of the headers without even looking at the contents. Mostly we don't even accept the connection.

We check the contents of the remaining 6%. Historically 59% of this is blocked as spam and a further 3% is blocked as malicious code. So, just under 2.3% of all e-mail addressed to my company gets to the end user. Some, but not much, of this is still spam, more usually junk that the user has opted in to, but doesn't remember.

Initial setup of these systems was around $60,000 for hardware and software. Around 60 hours of labor. Ongoing maintenance is about $10k a year for the fixed costs. Add Power and cooling for 2 servers and 2 appliances and no more than 50 or 60 hours per year of labor maintenance. Maybe the same again tracking down false positives.

I'd love to see spam destroyed at source so that these connections didn't use any of my bandwidth and I could save the money we're currently spending on this, but overall, it's not a terribly significant cost for us to work around the problem by sticking these servers in our DMZ and hiding the issue from our end users.
posted by IanMorr at 1:12 PM on April 16, 2010 [1 favorite]


Yahoo Beats Feds in E-Mail Privacy Battle
posted by homunculus at 2:57 PM on April 16, 2010


IanMorr, don't you think hiding the issue from your end users works against ever destroying spam? My feeling is that public awareness of the problem is essential to making any progress at all. As long as so few even understand the real dimensions of the problem, we'll be stuck with it for a very long time.

And, granted, much bigger problems exist in the world today. It just seems like it's really only public acceptance that keeps spam viable. If that one factor were to change, spam would shrivel up and blow away like so much dessicated excrement.
posted by fartknocker at 4:15 PM on April 16, 2010


Judging by the outcry whenever one of the servers isn't working properly, allowing all spam through would very quickly raise awareness of the issue, right to the CEO, who would fire my ass.

We publish the statistics above on the company Intranet. At first people were fascinated and appalled at the numbers, but I suspect no-one outside of IT really looks at them any more. People know this problem exists and the solution we have in place solves it, for them. Any other kind of solution is going to take government intervention
posted by IanMorr at 7:05 AM on April 17, 2010


I'm days late to this thread but I actually know the answer to this question: We don't care because email is becoming less important over time. Younger generations are using IM or SMS to communicate with each other, relegating email to business to consumer communications and older people.

Email will fix itself because as its popularity dwindles, the value of email as a tool for marketing or phishing will also dwindle.
posted by chairface at 12:11 PM on April 18, 2010


chairface: "We don't care because email is becoming less important over time. Younger generations are using IM or SMS to communicate with each other, relegating email to business to consumer communications and older people."

Except the spam problem is a lot less solved in IM and SMS. I get IM spam constantly, and most phone software isn't equipped to handle it. Even the programs that do prevent some spam IM fall victim to 'add me to your contact list' attention grabs. And I seem to remember a great deal of SMS and automated calls about car warrantys that stopped only when the FTC sued people responsible.

Worse, systems like Twitter are trying to monetize that attention. Promoted Tweets is the first step, and will probably be followed by advertisements inserted into your feed automatically. And I hear facebook is pretty dismal as well.
posted by pwnguin at 8:48 AM on April 19, 2010


« Older For a little welcome diversion from your political...  |  Dazzling new 3D buildings for ... Newer »


This thread has been archived and is closed to new comments