Mail Filters Are Apolitical
Recently Digg linked to an article titled ‘Comcast Caught Filtering Political E-Mails‘.
The short version is that an online special interest group noticed that they were having issues with mail not being delivered when sent to Comcast addresses. They then worked their way though the Comcast abuse department to finally find that Symantec’s Brightmail was filtering on their domain name and identifying all their messages as spam. The cause for the block? 46,000 complaints filed against messages that contained the domain name of the special interest group. Symantec, once contacted was quick to remove the domain from its filters.
There’s a few lessons to be learned here about filtering and deliverability, first let’s look at some quotes from the article:
Disturbingly, Comcast did not notify us of this block.
Lesson One: There are no humans involved in the filtering process at an ISP. The filtering systems do not bring a message to an operator’s attention for a decision on whether or not a message is spam. Systems look at messages that users flag as spam and look for commonality, such as a domain name or key words and phrases. Odds are good your domain name was flagged by an automated system that never informed a human being about the addition to the database, especially not at Comcast. Comcast licenses the Brightmail technology and the last thing they want is a steady stream of new keywords and domains that are being blocked since they would not have the manpower to monitor it and wouldn’t know what to do with the data even if they did.
During the day on Friday we escalated our threats to flood Comcast’s executives with phone calls and cancellations, and we gave them deadlines. … Symantec was working for Comcast, and Comcast could insist that they shape up, or drop them. But Comcast wasn’t interested in doing that.
Lesson Two: ISPs don’t care about senders, they care about their customers. Their executives care even less about senders than their abuse department. Even if they had someone watching a stream of blocked domains and keywords, they are not worried thet a given sender is having trouble getting a message through until it’s a problem for their customers (and more specifically, a large percentage of their customers). ISPs know that their customers are more likely to complain about spam getting in than newsletters staying out.
Could we see two or three, or even one, of those 46,000 complaints? No, and Comcast claimed that Symantec wouldn’t share them with Comcast either.
Lesson Three: There are a certain number of ISPs that do share complaint information through Feedback Loops (FBLs). Generally FBLs are provided by webmail providers in the form of notification emails that let you know one of their customers has marked your message as spam. A reputable sender should be subscribed to every FBL service they can get their hands on, so they know when their mail is being complained against and so they can remove those who complain from all future mailings. Without being subscribed to FBLs you cannot get access to complaint data.
The other thing to keep in mind is that the complaints may not have come from Comcast users, since they are not a webmail provider, and Symantec would not have the permission of the ISPs from which they collect complaint data to share that complaint data externally.
By the time Comcast had passed the buck to the company that it was paying to filter its customers Emails, Brad Blog had posted an article about the situation and urged people to complain to Comcast.
http://www.bradblog.com/archives/00001602.htmBrad quickly added Symantec phone numbers to the story on his website, and we called Symantec’s communications department, which fixed the problem in a matter of minutes.
Lesson Four: Use proper channels to resolve issues. The ISPs and filtering providers will not respond to threats or campaigns and they certainly have effective means at their disposal to ignore mass attempts to sway them. Instead, follow the procedures and channels in place for complaint resolution, stay friendly and you should see results.
Comcast effectively censors discussion of particular political topics, and impedes the ability of people to associate with each other, with absolutely no compulsion to explain itself. There is no due process. A phrase or web address is tried and convicted in absentia and without the knowledge of those involved.
Lesson Five: Mail filtering is apolitical, and it is not performed in a court of law. Filtering is performed in a computer system by automated scripts without bias. If you trip the filters you message ends up in a bulk folder or not delivered, it’s as simple as that. The goal is to impede the flow of spam arriving in the inboxes of the customers of the ISP, not to limit communication from non-spammers.
Well, we have no evidence to suggest that these 46,000 complaints actually exist, but we can be fairly certain that if they do, they were generated by someone politically opposed to our agenda. There’s simply no possible way that we’ve accidentally annoyed 46,000 random people with stray Emails and mistyped addresses.
Lesson Six: The spam complaints are not limited to typo addresses, they also come from people who did not bother to click your unsubscribe link (you have an unsubscribe link, right?) and found it easier to just make your mail as spam to ensure they did not have to see it again.
Lesson Seven: Use double opt-in. When visiting the site of the special interest group, I was able to sign myself up for their newsletter without clicking on a link in a confirmation email. This means that a malicious individual could easily script a system to submit thousands of addresses into their site without the consent of those being subscribed. When the first mailing goes out, a good percentage of those unsuspecting subscribers would make the message as spam, and would do so again and again as the group send out fresh campaigns. Any sender not using double opt-in confirmation emails is setting themselves up for attacks on their email reputation by malicious individuals.
Above all, though, this is a First Amendment issue, as is well laid out in this excerpt of a statement released today by People-Link.org, the organization hosting the www.afterdowningstreet.org site:
“This goes far beyond the normal anti-spam measures taken by major providers and represents an effective blocking of constitutionally protected expression and the fundamental right to organize and act politically on issues of concern.
“Most spam blocking measures focus on the email address or the IP address of the suspected spammer. While there are anti-spam measures directed at the body of the email, these usually target attachments that could contain virus programs.
“Targeting the inclusion of a website url can only have one outcome: that communications about that website and the issue it is presenting will be blocked from large numbers of people and that the communications from that site’s administrators and the campaign’s organizers will not reach their full constituency.
“Whether Comcast’s intention or not, this is effectively political and unconstitutional.
Lesson Eight: Filtering occurs on a number of levels. It includes the IP address of the sending MTA, the email address of the sender, the content of the subject line, attachments and it most certainly includes the body of the message. A virus scanner may pay specific attention to attachments, but a spam filter could not do its job without going over the body of the message in detail.
Yes, filtering on a domain name will keep people from hearing about that web site and its message, but we need to remember that the same rule applies to a political special interest group’s site as it does to buyviagra.com (yet nobody seems to get in an uproar about filtering of mail regarding the latter).
In the end, this is not political, it’s the same filtering that happens every day. It’s also not unconstitutional since this is a private service being provided to Comcast’s customers. Finally, remember that computers are inherently stupid and thus Hanlon’s Razor comes into play:
Never attribute to malice that which can be adequately explained by stupidity.
May 8th, 2008 at 11:25 am
>>Never attribute to malice that which can be adequately explained by stupidity.
:)))))))
May 14th, 2008 at 1:13 pm
Today Comcast started blocking all emails we were sending that contained our domain name, lindorm.com, as either sender or recipient. After several hours of monitoring we called Comcast and by a strange coincidence the “error” “disappeared” miraculously within a miunute of explaining the problem. Funny how coincidences work, isn’t it?
My point, though, is that this INDEED IS A FIRST AMENDMENT ISSUE, as it affects the internet, which is a public space. What Comcast is doing is equivalent to blocking the voices of certain persons speaking in a town hall, but letting others be heard. It is not for them to decide which email I think is spam, that I have my own code for.
May 14th, 2008 at 1:19 pm
Let’s take a look at the first amendment:
“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”
Are you implying that the US Congress has written a law preventing you from sending your email? The first amendment is there to keep the government from silencing its citizens. Comcast is not the government, it is a private corporation. This is not about the internet as a whole, it is about Comcast’s email server. They exist to serve their customers, not those who want to send email to those customers and they will act in whatever way they see fit to serve those customers.