Avaaz in "grave danger" due to GMail spam filters

Moon Jones mjones at pencil.allmail.net
Wed Aug 21 04:04:45 PDT 2013 

On 21.08.2013 11:36, staticsafe wrote:
> On Tue, Aug 20, 2013 at 10:15:31PM +0200, Moon Jones wrote:
>> On 20.08.2013 14:43, staticsafe wrote:
>>> On Tue, Aug 20, 2013 at 02:15:31PM +0200, Moon Jones wrote:
>>>> On 19.08.2013 18:44, staticsafe wrote:
>>>>> The biggest problem being spam. We need to educate typical e-mail users
>>>>> about e-mail hygiene and spam fighting.
>>>>
>>>> What do you mean by «e-mail hygiene» and «spam fighting»?
>>>
>>> E-mail hygiene:
>>> - Using aliases for every company you deal with, or using recipient
>>>    delimiters like "+" so it is easier to find out which company sold you
>>>    out.
>>> - Exercise more caution when handing out your "primary" address
>>> - Avoid services that like to spam your addressbook (see: LinkedIn etc.)
>>>
>>> Spam fighting:
>>> - Using DNSBLs to cut down on the crap
>>> - Training spamassassin's DB with ham and spam.
>>> - Enact rate limiting policies so that a compromised account can only do
>>>    limited amount of damage.
>>
>> Oops. My bad.
>>
>> Than what do you mean by «typical e-mail user»?
>>
>
> Someone who primarily uses webmail and big e-mail service providers.
> Probably doesn't even /care/ about e-mail, e-mail isn't cool after all.
> ;)


Yea, but aren't they impossible for that type of typical email user?

Aliases for every company? Most providers don't offer aliases. Or they 
do it Yahoo style with one or two options. + addressing it's also badly 
supported. Thus the primary address is the only one. Having a whole 
subdomain is not available from the major services, not if it's an @work 
address. And it's not foolproof as I started noticing spam for generated 
addresses (say RandomString at user.domain.com)

How could one find out the spammy services other than by experience. 
This is precisely how I found out about linked in. And that's just 
because there's no other way to reach that data. And bugmenot was 
crippled before taking off.

DNSBL? I don't have a plugin for that in Thunderbird. And I can control 
what the provider does. Sure, most go for spamassassin as it leads to 
less false positives than a bayesian filter, but there's nothing the 
user can do.

In the end, what one can do to teach people of «e-mail hygiene» and 
«spam fighting»?

More information about the cypherpunks mailing list