Media Net Link

Spam Law and Odor

Up against the wall! Spread Em!

Imagine your horror if these words were addressed in gruff tones as you find yourself being culled from the line at an airport security gate. "Hey, I‚m not a terrorist? Why are you picking on me? You'd be indignant at least, and maybe scared out of your wits, even though you know you are being falsely accused. Who knows how far this scene might play out as the authorities react to whatever profiling indicator set them in motion? And whoever was waiting to pick you up at your destination might be wondering what happened to you.

Eventually the fact that you aren't a terrorist would become evident. Apologies would be offered as you slip your shoes back on. You'd do your best to regain your composure as you prepare to resume your journey.

Now, imagine if the same thing, figuratively speaking, were to happen to email messages that you send and receive. You routinely send completely innocent personal and business writings. Did you know that they sometimes can wind up in email detention because they fit someone's idea of a spam profile? The same fate may befall innocent messages addressed to you, as well as from you. The email police are everywhere these days, and you never know exactly how they will react to your correspondence. Sooner or later some of your messages may be falsely accused of being spam, and they may end up locked in some digital dungeon, never again to see the light of day, unless someone intervenes on their behalf.

And who are those police? They are the spam filters, and they are showing up on more and more digital street corners, patrolling their beats 24 hours a day. Spam filters can operate on individual users‚ machines as well as on email server computers, automatically sensing and responding to the scent given off by junk mail. While that's good for people that get a lot of junk email, some filters can be too zealous in their search for spam. The results can be annoying and possibly dangerous. Email system operators call this problem false positive errors - meaning cases in which spam
filters mistakenly tag a legitimate message as spam.

I have a close-up view of this problem. At our firm, we collect examples of spam from ISPs in order to tune our particular spam filter. One of the ways some ISPs identify spam samples to send us is to use a conventional spam filter. Anything tagged as spam by their filter is automatically forwarded to us for review. We run those messages through our filter, which is based on comparing messages to each spam sample in our spam repository. If no match is detected, we then manually examine the new sample. Yep, we have a human being look at it to see whether it's really a new spam variant, or
just an innocent message. Most of the time the samples are really new spam, and we add those samples to our repository. However, quite often we find false positives - non-spam messages that the ISP‚s filter misclassified as spam. When we find these we send them back so they can reach their proper recipient.

In reviewing the false positive errors we've encountered the past few months, we find that the mistakes are often hard to fathom, and the elements that make up a spam profile can be complex. This makes it pretty tough for an innocent sender to know how to avoid the spam police. Let me give you a couple of examples and you'll see what I mean.

Can someone send the directions to me? I‚m coming from Oakland and I forgot how to get there.


Keith Olsen
Director of Marketing
(408) XXX-XXXX

Looks pretty innocent, right? This one was thrown in the spam slammer. Why? The author of the message used their email program's formatting feature to display his signature block in red. He also sent his message from his Hotmail address, and his address included a couple of numeric characters - you know, the kind you have to add after your name because someone else has your name for a Hotmail address. Oh, and poor Keith also added a little flourish to his red signature block by making it appear in a little-used font face. Any one of these factors would not have been enough to trip the
recipient's spam filter, but taken together the message ended up in email oblivion, at least until we spotted it in the spam heap.

Moral: fancy formatting and numbers in a From address can lead to email arrest.

Here‚s another one.

>Hello Sandy,
>Dear Dwayne,
>Did you send me the CD??? I really need it quick!!!!


Yes, I shipped it days ago. There must be some problem with your ISP, because I sent you the message below informing you that I sent the CD to you already.


Needless to say there's more to this message, but you get the idea. It‚s a one-way conversation because Sandy's spam filter is eating Dwayne‚s messages. Somehow they taste like spam to the spam filter. Here are the triggers that led to this error:

This case is interesting because the filter also tried to correct itself. Some leniency was given in the assessment of the message because the sender apparently had sent some acceptable correspondence to the recipient in the past. But the weight given to that factor was insufficient to overcome the spamicity of the other factors. Zap.

This sort of filtering mistake happens often because the filters aren't smart enough to always discern spam from non-spam messages. The rules that filters use to make their assessment are sometimes too rigid to avoid false positives. These errors can be annoying, at minimum, and possibly costly if business or personal relationship hinge on timely and effective communications. A survey of business email users recently revealed that 70% of workers would rather give up their telephones than their email if they could only have one of the two. With dependence on email being that high, it seems
like a good idea to be aware of the risks of collateral damage from filters, whether we are in sending or receiving mode.

Moreover, the false positive errors don't need to happen very often to have a significant negative impact. Let's suppose that in the example of Sandy and Dwayne above, the CD in question contained the files needed for a proposal to an important client of Sandy's company, or something really important like that. Dwayne hits the Send button, thinks everything is fine, and immediately heads out the door for a two-week vacation. Sandy is left in the lurch, wondering why Dwayne is so unresponsive.

Spam filters are supposed to save us time and aggravation. Spammers keep raising the bar, making their spam more difficult to detect. Spam filter users tighten down the filters to compensate, leading to some potentially devastating consequences. New and smarter filtering methods are needed to keep out the junk while greatly reducing the risk of throwing out innocent and potentially vital messages. Given the importance that people attach to email today, we need smarter spam police that can accurately emulate the human reasoning process. Check to see how your spam filter works, and get a
better one if it relies too much on knee-jerk rules that can lead to false imprisonment of your mail.

Jeff Glass

Jeff Glass is CEO of MiaVia, a company dedicated to helping organizations regain control over the costs and usefulness of their email systems. He can be reached at jeff [dot] glass [at] miavia [dot] com.