BLOG

Responding to complaints

I sent in a complaint to an ESP earlier today. This was mail from a major UK retailer to an address that is not used to sign up for mail. It’s part of an ongoing stream of spam related to UK services and products. I believe most of this is because one of the data selling companies has that address associated with someone who is not me.

I did explain I believed this was a purchased address but I’m wondering if I will get a response. The address isn’t one of those I regularly use so there isn’t a connection between “Laura, deliverability person” and “Laura, spam victim.” There are some industry folks who go out of their way to respond to my complaints. That’s always rewarding.

On a more theoretical level, I can make good arguments for responding and good arguments for not responding.

Why not respond?

  • It takes too much time. Back when I was managing the abuse desk for a large network provider, I had 3 people working under me. Between the 4 of us, we could handle a little over 2000 complaints per month. We tried to respond to all complaints, but it did slow down the amount of time it took to process issues. We were also stuck reading and responding to complaints that came in after we’d fixed the problem. This led to an important design point for Abacus: it should be easy to respond to all complaints about an issue and there should be an automatic response to people reporting closed issues.
  • Blowback. Not every from address is valid and the abuse desk may end up spamming. This happens when people don’t trust the abuse desk to correctly handle the complaint. Or when they think the address might be simply list washed. An abuse desk should not send mail automatically to forged email addresses.
  • Complainants want to argue. This particularly happens when a complainant wants one action to happen, but the abuse desk doesn’t do that. There is also a segment of the population who will argue word choices – like using double opt-in vs. single opt-in. The reporter is angry and wants to take it out on someone and, hey, the abuse desk answered so that is who they are going to argue with.
  • Publicity. Bad PR is never fun and “poor” responses can go public. Back when I was abuse, I remember one situation where someone I knew and thought was trustworthy sent in a complaint. I handled the complaint and actually sent him back a response explaining what we did and what we were unable to do. Next thing I know, the email I wrote is published to USENET and boss is calling me on the carpet. What I failed to notice is that buried in the 5th paragraph of the email, after the 4 pages of whois and trace route data, the complainant said they might make any response public. I didn’t read that far, because I saw the headers, knew the issue, handled it and didn’t need all the details. That was one of the last times I responded to anyone, even if I “knew” them.  

Why respond?

  • Politeness. This is really specific to manual complaints. The complainant has taken the time to compose an email alerting you to a problem. It’s just polite to respond.
  • Publicity. Handling abuse issues can be good publicity for a company. There are still some old timers who fondly remember the emails from Afterburner and his crew of minions. Those emails were great publicity and gave the ISP a good reputation in the anti-abuse community.
  • Transparency. Transparency in abuse handling lets the wider community know that issues are taken seriously. Without responses, the reporters are left wondering if their report was received or read.

Often the only response people get from a complaint is that the mail stops. That’s not bad, I mean, that’s usually what they wanted. But there are a small number of people who are not reporting spam to make their own mail stop, but instead are reporting spam to help the overall email ecosystem. I don’t know how to separate A from B but it would be nice if there were a way to do so.

4 comments

  1. Fazal Majid says

    The burden is different for an ESP than an ISP.

    If you are an ISP, you are just as much a victim as the spammee, and help desk triage is legitimate.

    If you are an ESP, you are the one who wasted the spammee’s time and got them irate enough to file an abuse report. If you are unwilling to bear the cost and responsibility of your (or your client’s) actions, you can’t complain if you get on a blocklist.

  2. Al Iverson says

    I would add to the “Why not” column – Some complainants are really confused and misguided. There’s a whole bunch of people out there reading email on their iPads and somebody told them to forward all their spam to us, even though it has nothing to do with our platform. And if you try to debate that with them, flames erupt from them. We can’t be the only one in this scenario. I think it sometimes happens because we kindly responded to some prior spam complaint from them, and now they think we’re their place to report everything.

  3. Huey says

    I know you’ve written about this in the past, but I think the value proposition of responding to complaints is even less given the value proposition of sending them.

    Ever since AOL started Scomp, I dunno, fifteen-odd years ago, it has made less and less sense to even bother sending individual complaints. Feedback loops force providers to deal with the biggest problems first (as they should) leaving the individual complaints effectively lost in the noise and meaningless.

    So these days, I don’t bother sending individual complaints unless I have a personal relationship with someone at the abuse desk, and I know they’re going to treat a complaint from me with more weight than some random “yuor haking my port 25” goober. And even then, I don’t expect a response, although it’s always nice to get one.

    1. laura says

      I’m not necessarily going to disagree, but there are cases where the individual complaints are more important than the numbers game. This goes back to the post I wrote a few weeks ago about abuse of the internet vs. abuse on the internet. Even ESPs can’t just rely on the numbers of complaints to tell them where things are broken. Look at subscription bombing, or online harassment. ESPs (and ISPs) need to be able to handle the low-level complaints, because sometimes they are a bigger problem than what’s coming in the FBL.

Comment:

Your email address will not be published. Required fields are marked *



  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


Archives