Re: [Asrg] Adding a spam button to MUAs

Michael Thomas <> Thu, 17 December 2009 00:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D7C833A6824 for <>; Wed, 16 Dec 2009 16:00:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.836
X-Spam-Status: No, score=0.836 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, SARE_ADULT2=1.42, SUBJECT_FUZZY_TION=0.156]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id I-TMBCNL8+58 for <>; Wed, 16 Dec 2009 16:00:56 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 03A563A6A8F for <>; Wed, 16 Dec 2009 16:00:55 -0800 (PST)
Received: from ( []) (authenticated bits=0) by (8.14.3/8.14.3) with ESMTP id nBH00fPC019909 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <>; Wed, 16 Dec 2009 16:00:41 -0800
Message-ID: <>
Date: Wed, 16 Dec 2009 16:00:41 -0800
From: Michael Thomas <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv: Gecko/20090605 Thunderbird/ Mnenhy/
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <alpine.BSF.2.00.0912082138050.20682@simone.lan> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=6312; t=1261008042; x=1261872042; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;;; z=From:=20Michael=20Thomas=20<> |Subject:=20Re=3A=20[Asrg]=20Adding=20a=20spam=20button=20t o=20MUAs |Sender:=20 |To:=20Anti-Spam=20Research=20Group=20-=20IRTF=20<asrg@irtf .org> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=KhliETpL+ZszyrgKmY37xSJ2U1ur4zfzAF4WpSoBZdc=; b=VYK5QEIP0IJnqZ73VoWdvyjo3aB7jsx9AxWtI+dtz/c/mah75VzXSRjZXB cH5NaCN+3YpaQYSaYdWSS7Q/KrDVGP0Hsktya+7VNQSJeLIGq0gXuSGiuCEf B+meDYai/dpLiJC4KtADB4ivyXA/uE+4Jnsgczzk2Rh85lIIi/9Gs=;
Authentication-Results: ; v=0.1; dkim=pass ( sig from verified; ); dkim-asp=pass
Subject: Re: [Asrg] Adding a spam button to MUAs
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Dec 2009 00:00:57 -0000

I've thought much the same thing for years. To throw something else out, I think
that this is tied up with what I call "the alerting problem". That is, we are fed
many different streams of information these days (email, im, voice, news...) each of which
has their own filtering and prioritization -- if you're lucky. By alerting, I mean
the means that you become aware (or not) of a piece of communication vying for your

What I really want is to have the streams classified as is relevant to me, where
the alerting mechanism is tied to its *importance* to me, rather than the communication
channel. That is, there is nothing inherent with voice that should give it
preference to wake me from my sleep to hear an ad for the latest in garbage pail
liners. I want something to make sense of all of these things and raises things
to my conscious as makes sense for *me*.

Give me that, Nigerian scams and penis enhancement all pretty much take care
of themselves -- my classifier already knows that I could give a flying-f about those.


On 12/16/2009 03:20 PM, Nathaniel Borenstein wrote:
> I've tried hard to resist chiming in on this, but can't help myself.
> I suggest that the issue of defining or identifying spam is a red herring and a huge distraction from actual progress.  The real issue is identifying mail that a specific user does not want.  When defined this way, it subsumes the spam problem, but it also maps more directly onto the user's action with a spam/junk button.  In this view, if a user clicks the spam/junk button for messages that we email gurus don't consider "spam," that's just fine -- each user is the expert in defining "junk" for their own mailbox.
> As volumes continue to increase, I believe email streams need to be viewed more like intelligent news feeds -- we need to use sophisticated per-user information to choose which items to pass on to the user and which to block.  The spam/junk button can be very useful input to that process.  But there's more to it than that -- once we start doing our spam filtering with individual recipients in mind, we can do a lot of things right that we can't now.  For example, after twenty years of using spam filters, I still get spam in Chinese or Russian, languages I don't understand at all, because the spam filters know nothing about me as an individual.  Similarly, I'm sure that plenty of people in China get spam in English that seems obviously irrelevant to them.  This drives me nuts, because it would be so easy to fix if our filtering was done with even a minimal knowledge about the individual recipient.
> In short, the real need is for user-focused email filtering to subsume our current notion of spam filtering.  Viewed that way, I think a spam/junk button would be an obvious win.   But it should be part of a broader interface (yes, an authenticated one, most likely) by which individuals could interact with their email filters, e.g. to say which languages they do and don't understand, or even which topics they were and weren't interested in receiving unsolicited messages about.  (Who knows, maybe there's even someone out there who doesn't want most spam but is desperate to enlarge the size of their private body parts; shouldn't they be able to communicate that fact to their filters?)  -- Nathaniel
> On Dec 16, 2009, at 5:51 PM, Douglas Otis wrote:
>> On 12/16/09 10:59 AM, Seth wrote:
>>>> There's the zombie problem.  There is no way for anyone or anything
>>>> external to an end-user's system to know whether the button click
>>>> (or equivalent event) was generated by a user or by software working
>>>> at the behest of the new owner of the user's former system.  Given
>>>> that the zombie problem is epidemic and presently unstoppable,
>>>> widescale deployment of any such mechanism will lead to its use by
>>>> zombie-resident malware as soon as it's advantageous for abusers to
>>>> do so. Thus, anyone proposing such a "report as spam" mechanism on a
>>>> large scale must also include in their proposal a workable plan for
>>>> solving the zombie problem.
>>> How would it be advantageous for a zombie to report as spam?  Report
>>> as non-spam, sure, to game the filters.  But with the data being noisy
>>> to begin with, zombies adding noise don't have much effect; they might
>>> require tuning of the filters.
>> Users without 0wned systems might still attempt to unsubscribe from spoofed subscriptions and be asked for passwords they never set, and then attempt to guess it anyway. There are also risks related to browser vulnerabilities that would be avoided by offering a "this is junk" button that invokes an unsubscribe service, even for user who have initially confirmed the subscription.
>> To avoid complaints, a web page associated with an email account could allow users a means to confirm their desire to unsubscribe, or just have user authentication included in the "this is junk" transaction, which might simply mean placement into the "junk" folder.  As such, it would be in the interest of list administrators to unsubscribe "unwanted" email based upon this feedback.
>> This feedback should not be confused with "spam" email feedback. Recently, new developers within our company confused these two categories and caused a number of complaints.  It is important to understand the difference between "unwanted" and "spam-trap" as determined by the source of the feedback.
>> Spammers will surely abuse any control mechanism in an effort to cause user complaints.  User complaints will cause the mechanism to be abandoned as being too expensive.  Users that are 0wned will likely be detected with spam-trap feedback, as well as through other mal activity.
>> Any effort to utilize email feedback MUST understand the difference between a general category of "unwanted" and feedback from "spam-traps" that are able to differentiate between "auto-responses" and DSNs.
>> -Doug
>> _______________________________________________
>> Asrg mailing list
> _______________________________________________
> Asrg mailing list