Spam will be the death of e-mail. Readers respond to Laura Miller's "When Spam Filters Go Bad."

By Salon Staff
June 23, 2003 11:30PM (UTC)
main article image

[Read the story.]

Kudos to Laura Miller for her cautionary tale of overaggressive spam filters. Her experience ably demonstrates the danger inherent in trying to filter out the flood of spam that threatens to overwhelm the Internet and render e-mail unusable. Many e-mail system administrators have been placed in the untenable position of having to answer their users' demands to stem the tide of spam while simultaneously ensuring that 100 percent of legitimate e-mail gets through. Unfortunately, overzealous spam fighters merely add to the problem by impeding the delivery of legitimate e-mail.


On the other hand, Road Runner is well known for its poor e-mail infrastructure, which is apparently laden with single points of failure that can keep e-mail from getting delivered for purely technical reason, so it's not entirely surprising that its spam filter implementation is counterproductive.

-- Tom Maddox

This is, unfortunately, an all-too-familiar story. In nearly two years at my company I'd received only occasional spam --until the company installed a new, more aggressive spam filter. Then, suddenly, a daily deluge of lusty babes and pills designed to enlarge only certain parts of the body. Meanwhile, the writers and clients on whom my work depends were calling me to follow up on e-mail that I hadn't replied to. It had been blocked by the spam filter -- and the senders didn't always receive an error message.


While the steps to unblocking addresses were nowhere near as complex as Ms. Miller's, apparently my daily requests to unblock addresses were enough of a pain in the ass that the system administrator removed the spam filter on my account only. Now messages suspected to be spam are redirected to a folder in my workspace, and every day there have been at least two e-mails that were not spam in that folder.

I told my co-workers about this, and now they're clamoring to have the filter removed from their addresses as well. I smirk at the thought of the entire company demanding to be excepted from the filter. What a waste of money.

-- Name withheld


I sure hope Road Runner security reads Laura Miller's article "When Spam Filters Go Bad." Critically important e-mail from (and to) some of my family members was being blocked a couple of months ago. The other ISP was a small "mom and pop" provider and all I got was a bunch of finger pointing and blaming some unreachable entity that keeps a list of "bad" ISPs that allow spammers to operate. The amazingly rude, ALL CAPS response from Road Runner was sufficient to send me looking for another provider, and I only wish I had real choices.

RR has earned praise from me for its customer service and I've recommended it to friends in the past. To not be able to get a straight answer ... to be told you're not "smart" enough to understand, so let the "experts" do their job ... to receive e-mails that could only be written by the Grinch himself is bound to hurt Road Runner. Now every single e-mail I send with an attachment (I love to share pictures) is automatically bounced and I have to "resend" them. Their technical support people tell me they only support Outlook Express and couldn't help since I use Outlook (the full-featured version) even though I had the exact error message I received. So now I've just lowered my expectations (something I find myself doing more and more often in these modern times) and send everything twice.


Oh, as to the spam? I never got spam until Road Runner made these changes. I keep a "spam" e-mail account to keep my real in box clean. Now I get spam on all four Road Runner accounts I have! My best guess is that maybe Time Warner, which owns Road Runner, caught something nasty from AOL when it acquired it.

-- Jon Barnett

I work for a technical department (not Road Runner) and I come across issues like hers and I think I may be able to clarify some of the items mentioned.


Now I'm not familiar enough with Road Runner to say whether its filters are overreaching, or simply necessary to make sure it will keep its service stable, but here are a few key clarifications:

-- Most spam filters don't look at content. A message that says "Low Mortgage Rates" isn't treated any differently than "We're printing your article."

-- The initial auto-response message sent by Road Runner, while both ugly and intimidating, lets people know to provide as much info as possible. I wouldn't be surprised if they receive a number of e-mails whose entire body is "My e-mail's not working!"


-- No matter how venerable the source of the e-mail is, if they (as Salon's tech suggests) have a relay issue then it needs to be fixed. An open relay is a way of configuring a machine that sends outbound mail to let anybody and everybody use that machine to send the mail. It doesn't care whether you're an employee or a spammer. In short, this is a security hole. Unlike what Ms. Miller suggests, open relays can't affect everyone, just those people who improperly set up their servers.

-- Excessive spam can cause a mail server to be overloaded and work slowly or even crash. Again, I don't know if this is the case with Road Runner.

There have been rumblings that spam will eventually be the death of e-mail, and it's not hard to see why.

-- Mike O'Leary


I don't work for Road Runner, but as the administrator of a small company network, I can sympathize with Road Runner's plight in dealing both with spammers and with users who, on the one hand, expect them to do something about spam, and on the other hand, complain about legitimate mail being blocked -- without providing any really useful information for correcting the situation.

Since I don't know the technical details of Laura Miller's ordeal with her ISP, it is difficult to assess her complaint. For example, just because someone works for the New York Times and has a NYT return address on their e-mail, that doesn't mean they're sending their mail through the New York Times mail system. They could be sending their mail from home using their personal ISP's mail server. Perhaps that server has been compromised by "relay spam," or the ISP has a habit of dragging its feet when it gets complaints about clients who send spam. So even though the New York Times is an unlikely "culprit of spam abuse," Ms. Miller's correspondent may be blocked. The prevalence of cases like this explains why mail administrators want to know the exact "bounce message" received by the sender.

Ms. Miller is also quite incorrect when she writes that innocent organizations like the New York Times "might seem to be [spammers], on account of something called relays used by crafty spam perps looking to cover their tracks." She continues, "So that meant that anybody -- anybody -- might have their domain name hijacked by spammers, then blocked by my service provider." First, spam relaying isn't the same thing as forging a domain name. (Domain name forgery on e-mail is so common, and so easy, that no mail administrator would use the domain name on spam to implicate a site.) Second, not "anybody" can be victimized by relaying -- only sites that, through ignorance or negligence, have failed to install and configure their mail servers so as to prevent "third-party relays." In this day and age, the problem of relaying is so well publicized among mail administrators, and so easy to fix, that there is really no excuse for running a vulnerable server.

Perhaps Road Runner could do a better job of communicating with its customers, and perhaps it could provide a more informative message to people whose mail bounces off its system. For example, bounces could contain a pointer to a Web page with instructions, perhaps even a form into which the bounced message could be pasted. However, in the age of spam, it is virtually impossible to avoid requiring the senders of e-mail to take some responsibility for correcting mistaken mail blocks.


-- Elliot Wilen

Although I certainly feel for Laura Miller's situation -- having legitimate e-mail blocked due to your own provider's spam filtering would be extremely frustrating -- she seems to want to place the blame on spam filtering in general, when it really should fall squarely on Road Runner.

There are as many types of spam filtering solutions as there are companies that implement them. My own cable provider, Comcast, has had a very effective spam blocking system in place as long as I've been on its network. Spam is a true rarity, and I've never, to my knowledge, had a legitimate e-mail blocked. The company I work for implements a spam-tagging solution that flags suspicious messages so that they can be shunted off to a "bulk" folder for review and/or deletion. This system is more tolerant and often lets spam through untagged. I've only seen one false positive address from this system, and it was easily caught and corrected. Both of these systems accomplish the goal of getting rid of spam e-mail without significant effects on legitimate e-mail.

What Laura Miller seems to leave out of her tirade are the real, compelling business reasons why an Internet provider would decide to implement a strong spam-blocking solution. They don't do it just to annoy Laura Miller or to amuse themselves by randomly blocking Laura Miller's legitimate e-mail. They do it because their networks are saturated to the point of collapse and without spam-blocking their abilities to provide quality service to their customers would be severely damaged. I've seen estimates of the costs incurred by large networks (AOL, etc.) dealing with spam to be in the range of hundreds of millions of dollars per year, when you take into account increased bandwidth, processor, and storage requirements, plus labor costs. A good blocking solution can greatly help to cut these costs and keep broadband connectivity a viable business. Without it, unchecked spam will eventually cripple the Internet, leaving behind nothing but a wasteland of herbal Viagra, penis pills and the "Banned CD."


-- Matt Wigdahl

Salon Staff

MORE FROM Salon Staff

Related Topics ------------------------------------------