Gmail and the PBL

Yesterday I wrote about the underlying philosophy of spam filtering and how different places have different philosophies that drive their filtering decisions. That post was actually triggered by a blog post I read where the author was asking why Gmail was using the PBL but instead of rejecting mail from PBL listed hosts they instead accepted and bulkfoldered the mail.
The blog post ends with a question:

For those readers that know Gmail uses Spamhaus, I’d love to hear why Gmail couldn’t be transparent about its use.

I tried to post a comment, but it seems to have been eaten and never showed up on the post.
I don’t think this has anything to do with Gmail attempting to hide their use of outside blocklists. Rather, their technology is simply better suited to accepting and filtering after the SMTP transaction. Setting up a MTA to reject with different bounce codes for different reasons and notifying the sender of why can be a challenge for some.
Gmail’s philosophy is to accept all mail they can then filter it at the mailbox level. This philosophy drives both technology and system architecture. Trying to shoehorn in a different kind of filtering may be difficult or impossible without major changes. Then there’s the issue of maintaining a filter that is non-standard for the business. It makes perfect sense that Gmail sticks with their philosophy and filters mail from a PBL listed host.

Related Posts

Spam lawsuits: new and old

There’s been a bit of court activity related to spam that others have written about and I feel need a mention. I’ve not yet read the papers fully, but hope to get a chance to fully digest them over the weekend.
First is e360 v. Spamhaus. This is the case that actually prompted me to start this blog and my first blog post analyzed the 7th circuit court ruling sending the case back the lower court to determine actual damages. The lower court ruled this week, lowering the judgment to $27,002 against Spamhaus. The judge ruled that there was actual tortuous interference on the part of Spamhaus. In my naive reading of the law, this strikes me as not only an incorrect ruling, but one that ignores previous court decisions affirming that blocklists are protected under Section 230. Venkat seems to agree with me.

Read More

Blocking of ESPs

There’s been quite a bit of discussion on my post about upcoming changes that ESPs will be facing in the future. One thing some people read into the post is the idea that ISPs will be blocking ESPs wholesale without any regard for the quality of the mail from that company.
The idea that ESPs are at risk for blocking simply because they are ESPs has been floating around the industry based on comments by an employee at a spam filter vendor at a recent industry conference.
I talked to the company to get some clarification on what that spam filtering company is doing and hopefully to calm some of the concerns that people have.
First off, and probably most important, is that the spam filtering company in question primarily targets their service to enterprises. Filtering is an important part of this service, but it also handles email archiving, URL filtering and employee monitoring. The target market for the company is very different than the ISP market.
The ISPs are not talking about blocking indiscriminately, they are talking about blocking based on bad behavior.
Secondly, this option was driven by customer request. The customers of the spam filtering appliance were complaining about “legitimate” mail from various ESPs. Despite being reasonable targeted the mail was unrequested by the recipient. While ESPs use FBLs and other sources of complaints to clean complainers off rented or epended lists at ISPs, the option is not available for mail sent to corporations. Enterprises don’t, nor should they have to, create and support FBLs. Nor should employees be expected to unsubscribe from mail they never requested.
This option is the direct result of ESPs allowing customers to send spam.
Thirdly, this option is offered to those customers who ask for it. It is not done automatically for everyone. The option is also configurable down to the end user.
While I haven’t seen the options, nor which ESPs are affected, I expect that the ones on the list are the ones that the filtering vendor receives complaints about. If you are not allowing your customers to send spam, and are stopping them from buying lists or epending, then you probably have not come to the attention of the filtering company and are not on the list of ESPs to block.

Read More

Spamtraps

There is a lot of mythology surrounding spamtraps, what they are, what they mean, how they’re used and how they get on lists.
Spamtraps are very simply unused addresses that receive spam. They come from a number of places, but the most common spamtraps can be classified in a few ways.

Read More