You'd think there was a crisis or something.

[emt-hawk.livejournal.com]

I work for a big company. A really big company. We have a pretty good IT department, and they're good at keeping my users from getting junk mail. Good, but not perfect.

I have about 100 users. In the past two days 3/4 of them have been in my office bitching about getting TWO emails that weren't caught by the filters.

You'd think they were being torn apart by bulls.

--Hawk

Comments

[lunatic59.livejournal.com]

You'd think they were being torn apart by bulls

I'd pay money to see that.


We have exactly the opposite problem. Our users are constantly complaining that our spam filters are too agressive and they don't get half of thier important emails. I monitor the logs ... they aren't important, unless you think "recipe of the week" from the food network, or golf news feeds are mission critical. If you want that kind of crap in your inbox, let me know so i can whitelist it, after running the request by your supervisor.

[thudthwacker.livejournal.com]

For the purpose of comparison, you should get IT to turn off filtering for the complaining users, so they can see how good a job the filters are doing. If your place looks anything like our place, your spam/virus system is throwing away over 90% of the total volume of incoming mail because it's crap or infected.

[drquuxum.livejournal.com]

That happened recently at our place. Most of the University got one or two e-mails that were obviously spam. Problem is, the headers added by the filter declared to be "obvious spam" but let it through anyway.

[japester.livejournal.com]

I did that once while talking with the mail admin at the ISP i was working at a little while ago. In a fit of evil, he turned on the bounce redirect to my address for 5 minutes. 5,000 spams later ... we turned it off again.

yah, the internet's working still.

[toxico.livejournal.com]

I used to work for a security company directly supporting their spam-filtering appliances and software. It took getting the "Why did this email get through?" question from countless admins but I've managed to find a pretty good way to explain in basic terms that filtering spam is always a give-and-take affair that will never be 100% to everyone's liking.

Sadly, my request to hold a User Re-Education Camp was denied. Might have something to do with my shaved head and large boots in conjunction with the name.

[thewrabbit.livejournal.com]

Oh yes. You need to break the spam filtering every six months for a couple of hours to make them appreciate it.

[compwizrd.livejournal.com]

i offer to do that to anyone who complains about spam.. and if they're really complaining i offer to do that and turn off greylisting for 10 minutes.

haven't had anyone taking me up on it yet. :)

[naggy.livejournal.com]

Just shut off their email completely. No spam ever.

[trixtah.livejournal.com]

IAWTC.

Also, I have a nasty habit of sending FULL Postfix logs of the messages that attempted delivery within a minute of the spam message coming through, and highlighting the ONE message out of a couple of hundred that wasn't rejected outright and saying "I'm SO SORRY". (Luckily the email sarcasm detector is generally broken.) And then pointing them at the pretty graphs that show we reject 70% of all email traffic even before it hits the content checker. They generally go away.

[trixtah.livejournal.com]

I hope your email administrator isn't backscattering "bouncing" the rejected messages, but actually rejecting them before they get to the DATA stage.

I once escalated a users spam request to the spam team...

[unsupportedgeek.livejournal.com]

...here is their fantastic response (details changed to protect the innocent, and guilty):

User,

I understand your frustration and empathize with the impact spam has upon you. Unfortunately, there is no way to completely stop spam, only methods to reduce it. Fighting spam is a never ending battle since fighting spam is reactionary and spammers are very clever at constantly devising new approaches to get around the various antispam filters. FWIW, I did a quick check to see how many spam emails were being actually being sent to you. A random check of the antispam logs for several days in November indicates there is another 50-60 messages per day (average) that are blocked as outright spam that never reaches your mailbox nor the quarantine (i.e. "suspect") email mechanism. This is a fairly high number for the average corporate user and is generally indicative that your email address is probably "well distributed" amongst the spamming community.

(Edited paragraph for length, but this contained the reasons why not to change the users email address. The spam engineer does use the term automagically in a sentence)

One of the more common way addresses "get out" to other Internet users is that a corporate user "provides it" to the Internet community, usually w/o realizing it. If user responds to a newsgroup article, joins a mailing list or discussion group, enters information on certain web pages, etc. their email address can/will be picked up by the various Internet email spam/address scanning engines. A simple web search found your "xxxxxx@xxx.com" address publicly posted at numerous places where it can be readily found by such scanning engines (e.g. at http://xxxx you included your email address in your signature). Also, forwarding/receiving email, pictures, or other "articles of interest" to/from business associates/friends/family is another common source of addresses to spammers, since many of these senders are "unaware" of how email works. They will send/forward the email as "To" or "Cc" instead of "Bcc" which exposes the senders/recipients addresses to others, especially when these people in turn forward to someone else. The best way to prevent users from getting on spam mailing lists and receiving unwanted email is "up front " education on how to keep stay off sources for the mailing list in the first place. There was a recent presentation to the enterprise Antis Spam Focus Group that proves an overview of some of the methods used to obtain and/or validate email addresses. Please see: http://helpfulinternalwebsite and review the presentation "But I never gave them my address, did I", as well as the presentation "How does some spam get past the filters"....(edited for length, talks about using caution with email)