Associated Press on Spam Filters

Associated Press article about IAP spam filters, specifically going after Verizon’s policies. There’s not really much new in this article, but it does give me a chance to make a few points about spam filters:

* any type of filtering mechanism, in any medium, will create Type I/Type II errors. It would be a mistake to overreact to the fact that spam filters block some wanted messages. This statement says it all: “Bruce Gingery, a security consultant in Cheyenne, Wyo., says users should simply get used to losing mail.” As much as we don’t like this, there is no perfectly reliable communications medium, and that includes email.

* there is no meaningful accountability for an IAP’s choice of spam filters. IAPs rarely or never disclose their filtering techniques, so subscribers have no idea what spam filter is being used, and IAPs may change these filters from day-to-day without any notice. We ran into this issue in the late 1990s with IAPs who subscribed to the Realtime Blackhole List, a very crude list that blocked lots of wanted emails based on suspect criteria. Despite this, I find it hard to believe that many subscribers really want IAPs to disclose their practices. I would imagine that such disclosures would be read and acted upon about as often as privacy policies or EULAs are.

* We as email users are schizophrenic about IAP server-level spam filtering. On the one hand, we want to make choices ourselves about what emails we get or don’t get. As a result, we’ll drop an IAP using overzealous filters. On the other hand, subscribers routinely complain about too much spam, so we reward IAPs for being more aggressive about spam filtering. Plus, IAPs simply have to do server-level filtering to manage their servers and keep prices competitive. It’s easy to see how IAPs get caught in the middle.

* Blocking emails from an entire country (like Verizon does, although IAPs have been doing this for years) overreacts to the spam problem.