When spam is not spam

Permalink| Discussion:

Posted in E-Commerce on March 24, 2008 at 9:39 am

We used to employ a system of automatically rejecting blacklisted incoming email senders. To do this we relied on services such as xBL. The problem we found was that from time to time genuine companies would, for one reason or another, find themselves on these blacklist sites and, even worse, they were not always aware of it. We found this out the hard way because we didn’t process (or deliver) several orders that were contained upon these incoming emails (Managing Incoming Email)- a hard lesson by any standard.

Of course in the ‘old days’ customer orders used to come in physically on paper but these days many are coming in solely via e-mail. I used to advise against this delivery mechanism for something as important as orders using the point that e-mail is not a guaranteed (or reliable) delivery mechanism. As time progressed though, customer requirements demanded that we accept these communications and it’s hard to argue against it when customer orders are at stake. One thing I have found more of recently is that genuine customer orders on incoming e-mail are starting to show up as potential spam. Again, we typically used to reject spam senders but it now looks as if we have to manually trawl through these - and as we get hit with thousands of these e-mails per day the task is rapidly becoming quite time consuming (Guess What … SPAM is on the increase).

We did try white listing certain supplier domains in the early days and configure our systems not to stop these communications in the hope that we might get a good stab at dealing with these problems but it didn’t take long for interesting post-cards, executables and screen savers to start getting picked up on other internal systems. Informing customers that we really don’t appreciate these things being sent to our staff is not a great way of maintaining a supplier/customer relationship and so we are regularly looking for other ways of dealing with these problems. It still surprises me that some large corporations seemingly allow their staff to have these sort of things on their computers and even more that they allow their staff to send them to trading partners using e-mail.

It seems we want to have the cake AND eat it. We want protection against spam but we also don’t want to miss genuine e-mails that may get flagged as spam. We don’t want e-mails from blacklisted senders but we don’t want to reject genuine orders either. We get ten times more spam than we did last year and no doubt next year the current figures will look like small fry in comparison.

What is the best way of dealing with incoming spam and blacklisted senders whilst also ensuring that valuable trading partner information doesn’t get rejected at the gateway?

Related Post: Sex, Drugs and the Spam Patrol

Next Post | Previous Post

Comments

As a normal user, I have the advantage of being able to dump an over-spammed account, a luxury not available to businesses.

The best way to deal with the majority of spam, is to try to detect the illegitimate path it takes - most spam comes direct from compromised dynamic address PCs without the aid of a legitimate mail server, but with some forged path entries to try to cover it, while most legitimate mail has a valid MX path. Of course, the spammers may find ways to get around MX tracing if it is stopping them.

The other prong of the war on spam is education, only when it gets zero response, will there be zero spam!
http://www.spamdontbuyit.org/ - as this site says, spam is insanely cheap to send, so it takes only the thinnest of responses to make it pay - if/when it doesn’t pay, they won’t do it. I’ve put that as my site as my own site is just my scratchings.

Comment by Matt - March 26, 2008 @ 4:02 pm

Thanks for the comment Matt. I am finding these days that more and more time is required to address spam in our company and educating users (both ours and trading partners) it definitely high on our list.

Jas.

Comment by Jason Slater - April 8, 2008 @ 4:35 pm

Make a comment