Tuesday, May 5, 2009

What if "This is spam" really isn't?

Most ISPs and email providers will let you declare any piece of email spam, using a "This is spam." or "Junk Mail" button. Sometimes, this will delete the message; sometimes it will just flag or mark it. But what happens behind the scenes?

Spam is the bane of all email providers' existence, so most of them use a variety of methods to block mail. If that's the case, your spam report is probably processed to improve the accuracy of all those methods.

For content filters, your message is processed for:
  • URLs and email addresses - these can't change, or they won't work. They're very popular to filter on.
  • Checksums - the whole message is processed down into a short string. This works because many pieces of spam are identical, and are sent millions of times.
  • words and phrases - one of the more unreliable methods, but still used.
Most other methods look at the computer that sent the email to the ISP. They assume it's sending spam because:
  • it's infected with a virus.
  • it hasn't been properly secured, and someone is taking advantage of it.
  • it's owned by a spammer.
However, sometimes people click the "This is spam." button for things that aren't really spam. Like:
  • A mailing list they subscribed to, but don't want to be on anymore.
  • A message from a friend that they didn't want to receive.
  • As an alternative to the Delete button. (At least, that's the only thing I can assume, seeing some of the messages that people have submitted as spam. Maybe they're just from people they really hate.)
However, your ISP doesn't care why you clicked the Spam button. They always assume the worst. So, what do they do?

If the message was sent by a legitimate email provider, they'll let you know that an anonymous someone reported a message as spam, and show you the message so that you can take action to prevent these messages from being sent in the future.

If you don't prevent it from being sent in the future, or they don't know who you are, they treat you like a spammer. This means they treat all the mail coming from that computer like it's probably spam.

I know the conventional wisdom is, "Never try to unsubscribe from spam." That is true. However, it is not only OK, but you should try to unsubscribe from lists from legitimate companies and/or providers that you've subscribed to in the past, but don't want to receive anymore. Companies like the Gap, American Airlines, Expedia, etc., are more than happy to remove you from their email lists -- they don't want their messages treated like spam, so they want to make sure that only people who want to receive them do!

When your friend is CCing you on mail you don't want to receive anymore, just tell them, "I'm really trying to get my email under control. Would you mind leaving me off your joke of the hour messages from now on?" And if they won't? Well, delete is always available, too (unless you think your friend really has crossed over into the realm of spamming.) If you are a Pobox Plus or Mailstore user, you can use email filters to automatically send messages matching "Joke of the Hour" to the Spam section. And most email programs will also let you set up filters that will automatically move messages from your Inbox to another folder, or the trash.

What should you do if you accidentally report a legitimate message as spam? Most ISPs are looking for multiple reports, so don't worry too much about any one message. But, if you accidentally selected 20 messages in your mailbox, and instead of clicking Move to store them in your "all-time greatest messages" folder, you accidentally hit "This is spam." instead, well... you might want to shoot an email off to your ISP's customer support, to let them know that your friends aren't really spammers.


The New York Times suggests a list of 10 questions we should all ask our mothers this Mother's Day. Let me suggest one more: "Mom, is there anything I can help you out with for your computer or cell phone?"


  1. Sorry, but the conventional wisdom still fully applies... until the major mail sources stop playing lip service with "unsubscribe".

    Just this past month, I went through my mother's e-mail box with her, and did the unsubscribe dance on all the major retailers she'd started receiving mail from. They started either because of past purchases where the "Subscribe me!" checkbox is turned on by default at checkout, or for reasons we could not determine (for some retailers, she'd never even browsed the respective sites).

    I went through this cycle once per retailer, per week, for one month. Lo and behold, one of the three major companies mentioned in this original post continues to send mail weeks later, even after being told to unsubscribe the address four times.

    So I still wholeheartedly tell folks that "report spam" is the best way to stop that mail from coming in. The whole point of this advice is specifically to make Bayesian filters learn which companies don't pay attention to unsubscribe requests. Unfortunately, in my experience, there are still far more bad apples than good ones out there.

    Also, this article missed one important tidbit: most "learning" anti-spam systems have a converse to the "report spam" function. In Gmail, for instance, there is a "Move to Inbox" in the Spam folder, and it does indeed promote positive scoring on the respective messages. So anyone using a spam-reporting tool should become familiar with how to undo the operation, or mark false positives as such, properly.

  2. Todd:

    If an unsubscribe request from a legitimate business doesn't get you removed from a list, it's absolutely appropriate to start reporting their messages as spam. But we've seen many cases here of people getting "spammed" by legitimate companies that we were able to "fix" for them by clicking the unsubscribe link that had been included in every email. When asked why they had not done so before, we are frequently told, "I thought you were NEVER supposed to click an unsubscribe link!" So, I just wanted to let people know about the cases where it is ok to try to unsubscribe.

  3. Problem is, this still is giving the benefit of the doubt to mailers -- when a demonstrably large number of them use the "unsubscribe" link as a method of address *confirmation*, not for honest unsubscription. That's where the original recommendation of "don't click unsubscribe links" comes from, and why Bayesian-like systems have become progressively smarter over time.

    The spam world is founded on dis-honesty, and it's only much more recently that some mailers have been visibly keeping their promises. Sure, there have been white-hat operations all along, but they were (and still are) firmly in the minority.

  4. I've had it with "Guideposts" I've unsubscribed which redirects you to a Promotional Unsubscribe page that states you are unsubscribed. I have a half dozen of these pages archived over the past several months. I've sent email to all of their url nicely requesting to unsubscribed. I'm going viral now.