Spam checking outgoing email...

robmueller · 31 Aug 2005, 07:29 PM

It finally got to me. Despite all the limitations (40 messages an hour), there was still a determined bunch of 419 scammers who were signing up FastMail accounts, sending 40 messages, then just throwing the account away. Clearly 419 scamming is still a lucrative business venture given the tenacity of these guys. Anyway we'd catch most of these accounts with various little checks, but by then it was too late, what we need is to proactively stop the email getting out, but we need to be quite accurate so we don't have any false positives being blocked.

So I've now finally setup spam scanning of outgoing email. Email caught is put in a hold queue and we're notified. We can then check to make sure that we've caught real spam, and release and false positives (so far very few, but glad I went with the "hold queue" idea rather than just discarding...)

I'm not going to go into all the details, just in case any of them happen to read the forum, but I'll be tuning over time to make sure we keep the hit rate up and the false positive rate down.

I think the effect has been pretty good already. In the first two days we caught more than I expected, but in the last 2 days it's only been 1 or 2 accounts a day (though the first 2 days was a weekend... maybe they're more active on weekends... we'll find out shorlty I guess). So I'm hoping they'll just give up pretty quickly, and we'll have one less thing to worry about. Yay.

Rob

Fenman · 31 Aug 2005, 07:48 PM

Brilliant, Rob! Thanks. Let's hope it lays that problem to rest.

Heartz · 1 Sep 2005, 12:26 AM

Wait, this worries me.

Does that mean that if somehow or another my message gets rated as spam, some Fastmail staff would be reading my email?

I think it would be only fair to know the criteria of mails and what is actually being done to ensure the privacy of emails being sent out. I know all the usual stuff about how emails are sent in plain text and all, but I am still a little uncomfortable with this fact of scanning my emails and it being viewed by a real human person who is not really authorised to read it.

More details please?

PenPen · 1 Sep 2005, 12:56 AM

Is it applied to paid users too?

injinuity · 1 Sep 2005, 01:04 AM

Quote:

Originally posted by PenPen
Is it applied to paid users too?

this is one question that is on the back of my mind as well.... I would hope that paid users are not subject to this outgoing spam check.

inVision · 1 Sep 2005, 01:08 AM

I remember one of the FastMail staff saying that a lot of spammers use a FastMail Enhanced account... so I think it's also for paying customers...

About the privacy issue... I don't mind... have nothing to hide, but I could understand why people are worried...

robmueller · 1 Sep 2005, 10:17 AM

We use an algorithm to work out who to apply the checking to. Obviously our aim is to minise the manual work we have to do, so the more accurate we can get the automatic checking so that it ONLY catches true spam, the better for us, and for all users

I really don't want to go into more details about the algorithm, but I will say that it appears to be working very well. As I mentioned above, there's only been a couple of false positives, and most of those have been 419 baiters (http://www.419eater.com/) replying to 419 scammers emails.

Rob

Jeremy Howard · 1 Sep 2005, 11:15 AM

In order to see whether a message is spam or not only requires looking at the 1st sentence or so - we can see a false positive without reading the whole email.

I would note however that if it's vitally important to you that no FastMail.FM admin ever sees your emails, that you really should use a different system, since our Terms of Service do specify that we may access your account as required to maintain the smooth running of the service. I think all email providers have a similar clause - since otherwise they can't do things like check accounts for spammers or fraud. People that need this level of privacy should either encrypt their emails (which is actually very easy to do) or run their own mail server.

injinuity · 1 Sep 2005, 01:38 PM

Jeremy, I don' think its about FM reading the mails... I have no issues with that... what I too am worried is that if I sent an important mail and if it gets tagged as spam, there will be a delay while someone reviews the mail and then approves it...

Would it be possible to notify the user that the mail he/she has send has been tagged as spam and will require approval from FM staff so that we know there will be a delay..

Jinu Johnson

Jeremy Howard · 1 Sep 2005, 03:18 PM

Quote:

Originally posted by injinuity
Jeremy, I don' think its about FM reading the mails... I have no issues with that... what I too am worried is that if I sent an important mail and if it gets tagged as spam, there will be a delay while someone reviews the mail and then approves it...

If that ever happens, we'll adjust the algorithm so it doesn't happen again. As Rob said, so far it's only been 419-baiting mails, which aren't really time-sensitive.

Quote:

Would it be possible to notify the user that the mail he/she has send has been tagged as spam and will require approval from FM staff so that we know there will be a delay..

No, we wouldn't want to let a spammer know we'd caught them, or they'll just try again with a modified email!

mlevin · 1 Sep 2005, 09:47 PM

I think this is a great idea, too -- I hope it keeps us off the blacklists -- but I am quite concerned about the remote chance that a legit outgoing message is held up until it is checked -- and I am not too crazy about FM reading the message, although I understand this is allowed under the TOS.

Any idea what other email providers do?

2 Sep 2005, 06:12 AM

Quote:

Originally posted by mlevin
I think this is a great idea, too -- I hope it keeps us off the blacklists -- but I am quite concerned about the remote chance that a legit outgoing message is held up until it is checked -- and I am not too crazy about FM reading the message, although I understand this is allowed under the TOS.

My question is, how remote is that chance? How likely is it that this change would cause delays in my outgoing emails? (Assuming, of course, that I don't write my messages in all caps

)

hadaso · 2 Sep 2005, 06:37 AM

One way to reduce (or eliminate) the chance of mail being delayed is to just hold a copy for review of suspected email. Or do it on two levels (higher level of suspicion gets delayed, lower level just co and let out).

robmueller · 2 Sep 2005, 09:02 AM

Quote:

Originally posted by hadaso
One way to reduce (or eliminate) the chance of mail being delayed is to just hold a copy for review of suspected email. Or do it on two levels (higher level of suspicion gets delayed, lower level just co and let out).

Currently this is actually what is happening.

To be honest, almost all users in the forum will be fine, because part of the trust metric at the moment is time since signup.

Rob

injinuity · 2 Sep 2005, 04:38 PM

Quote:

Originally posted by robmueller
Currently this is actually what is happening.

To be honest, almost all users in the forum will be fine, because part of the trust metric at the moment is time since signup.

Rob

that puts my paranoid mind to ease.. thanks J/R

31 Aug 2005, 07:29 PM	#1
robmueller Intergalactic Postmaster Join Date: Oct 2001 Location: Melbourne, Australia Posts: 6,102 Representative of: Fastmail.FM	Spam checking outgoing email... It finally got to me. Despite all the limitations (40 messages an hour), there was still a determined bunch of 419 scammers who were signing up FastMail accounts, sending 40 messages, then just throwing the account away. Clearly 419 scamming is still a lucrative business venture given the tenacity of these guys. Anyway we'd catch most of these accounts with various little checks, but by then it was too late, what we need is to proactively stop the email getting out, but we need to be quite accurate so we don't have any false positives being blocked. So I've now finally setup spam scanning of outgoing email. Email caught is put in a hold queue and we're notified. We can then check to make sure that we've caught real spam, and release and false positives (so far very few, but glad I went with the "hold queue" idea rather than just discarding...) I'm not going to go into all the details, just in case any of them happen to read the forum, but I'll be tuning over time to make sure we keep the hit rate up and the false positive rate down. I think the effect has been pretty good already. In the first two days we caught more than I expected, but in the last 2 days it's only been 1 or 2 accounts a day (though the first 2 days was a weekend... maybe they're more active on weekends... we'll find out shorlty I guess). So I'm hoping they'll just give up pretty quickly, and we'll have one less thing to worry about. Yay. Rob

31 Aug 2005, 07:48 PM	#2
Fenman Cornerstone of the Community Join Date: Feb 2003 Location: UK (East Anglia) Posts: 738	Brilliant, Rob! Thanks. Let's hope it lays that problem to rest.

1 Sep 2005, 12:26 AM	#3
Heartz Essential Contributor Join Date: Feb 2002 Location: Selangor, Malaysia Posts: 460	Wait, this worries me. Does that mean that if somehow or another my message gets rated as spam, some Fastmail staff would be reading my email? I think it would be only fair to know the criteria of mails and what is actually being done to ensure the privacy of emails being sent out. I know all the usual stuff about how emails are sent in plain text and all, but I am still a little uncomfortable with this fact of scanning my emails and it being viewed by a real human person who is not really authorised to read it. More details please?

1 Sep 2005, 12:56 AM	#4
PenPen Member Join Date: Mar 2004 Posts: 72	Is it applied to paid users too?

1 Sep 2005, 01:08 AM	#6
inVision Senior Member Join Date: Nov 2004 Location: fgfdg Posts: 158	I remember one of the FastMail staff saying that a lot of spammers use a FastMail Enhanced account... so I think it's also for paying customers... About the privacy issue... I don't mind... have nothing to hide, but I could understand why people are worried...

1 Sep 2005, 10:17 AM	#7
robmueller Intergalactic Postmaster Join Date: Oct 2001 Location: Melbourne, Australia Posts: 6,102 Representative of: Fastmail.FM	We use an algorithm to work out who to apply the checking to. Obviously our aim is to minise the manual work we have to do, so the more accurate we can get the automatic checking so that it ONLY catches true spam, the better for us, and for all users I really don't want to go into more details about the algorithm, but I will say that it appears to be working very well. As I mentioned above, there's only been a couple of false positives, and most of those have been 419 baiters (http://www.419eater.com/) replying to 419 scammers emails. Rob

1 Sep 2005, 11:15 AM	#8
Jeremy Howard Ultimate Contributor Join Date: Sep 2001 Location: Australia Posts: 11,501	In order to see whether a message is spam or not only requires looking at the 1st sentence or so - we can see a false positive without reading the whole email. I would note however that if it's vitally important to you that no FastMail.FM admin ever sees your emails, that you really should use a different system, since our Terms of Service do specify that we may access your account as required to maintain the smooth running of the service. I think all email providers have a similar clause - since otherwise they can't do things like check accounts for spammers or fraud. People that need this level of privacy should either encrypt their emails (which is actually very easy to do) or run their own mail server.

1 Sep 2005, 01:38 PM	#9
injinuity Cornerstone of the Community Join Date: Apr 2002 Posts: 803	Jeremy, I don' think its about FM reading the mails... I have no issues with that... what I too am worried is that if I sent an important mail and if it gets tagged as spam, there will be a delay while someone reviews the mail and then approves it... Would it be possible to notify the user that the mail he/she has send has been tagged as spam and will require approval from FM staff so that we know there will be a delay.. Jinu Johnson

1 Sep 2005, 09:47 PM	#11
mlevin Cornerstone of the Community Join Date: Oct 2001 Location: Somerville, MA, USA Posts: 656	I think this is a great idea, too -- I hope it keeps us off the blacklists -- but I am quite concerned about the remote chance that a legit outgoing message is held up until it is checked -- and I am not too crazy about FM reading the message, although I understand this is allowed under the TOS. Any idea what other email providers do?

2 Sep 2005, 06:37 AM	#13
hadaso The "e" in e-mail Join Date: Oct 2002 Location: Holon, Israel. Posts: 4,859	One way to reduce (or eliminate) the chance of mail being delayed is to just hold a copy for review of suspected email. Or do it on two levels (higher level of suspicion gets delayed, lower level just co and let out).