Acciones

Diferencia entre revisiones de «Spam mail»

De wiki

 
(Sin diferencias)

Revisión actual del 16:19 20 ago 2019


More than half of internet mail traffic is "spam." Spam consists of unsolicited/undesired messages, usually advertisement and marketing sent in large amounts (even massive) that harm the recipient in some or several ways. The action of sending such messages is called "spamming".

But spam can be subjective in the extent that it is related to what we want and not and how we consent to it.

In our process as a transfeminist infrastructure initiative, we constantly ask ourselves how we make decisions as a community instead of making decisions vertically from 'above'. How can we know what email you want to receive or not? And if there were some common parameters, how do I do it in a way that is not invasive or paternalistic?

Spam is managed both at the level of the mail servers and at the side of the inhabitants/"users".

We can talk, on the one hand, of the desired mail that reaches our mailbox or "spam" folder; and, on the other, the mail that we send to others and that is marked as unwanted.

In general, there are a number of standards and requirements that should be met by mail providers for the mail they receive and send in terms of filtering non-legitimate and unwanted mail. These measures are a series of configurations and implementations that automate a process, although they are designed and managed by human beings with ideologies and interests. There are some minimums to cover, in this sense, and others that already depend on what strategy you take and this part is already more "subjective".

For now, we will not go into detail with this, but we want to give you some examples of implementations:

  • Demonstrate "where an email really comes from": through email authentication ("email authentication"). When email was "invented" (the SMTP protocol: simple mail transfer protocol) 30 years ago, there was no way to verify who sent mail, exposing these communicative labyrinths to manipulation. Therefore, "SPAM" is born, practically, by the hand of the mail and since then it has been trying to implement techniques to address it.
  • How many times does an email attempt to arrive? A lot of spam just trys to reach your mailbox once vs. legitimate mail that tries several times; Like when you wait if they knock on your door again.
  • Although anti-spam techniques generally filter more by IP address than by spam email address, some more basic methods are set at the address of the spam sender. "g76927@offers.com" would be an example of "suspicious sender".


The hegemonic dynamics of mail

As we said before, there is a point where the ideologies, interests and motivations of each mail provider comes into play. Technology is not neutral. Large mail providers such as Gmail, Yahoo and Hotmail are "black boxes" that do not give clear, accessible and sufficient information to other alternative mail providers, especially when they are small projects (if we believe in a more diverse and decentralized internet, we are interconnected seeds and not "big projects"). Sometimes we are even automatically marked by them as "unwanted" (that is, it is not the user-recipient who is marking the mail as "unwanted" but is the provider that is deciding for them). In fact, in some cases like Google’s Postmasters tool, you are forced to create an account with them to use their tool.

From Kéfir, we point out the abuse of power of these providers and, although we cannot "prove it", we suspect that they even deliberately mark the mail of alternative providers of small mails to "delegitimize" their work and that people believe that the only ones who "work well" are them. They hide under "objective and supposedly neutral arguments", but if you compare a gmail account by sending mail to a gmail account (or between large providers like outlook «» gmail, etc.) to a Kéfir account by sending mail to an account gmail, the same behavior, the same mail, the same conditions, is treated differently. That is to say, they not only "favor" their own accounts but also penalize people without reason. We do not want to be in their monopoly.

Other scenarios

It may also be that the person to whom you are sending an email or from which you are going to receive an email is with a mail provider that has improperly configured your mail server or with harsh "supposedly security" measures (common in the case of banks, for example). It is something we have observed in some cases.

What can we do?

Based on all the described above, in this path that we walk together, seeking to inhabit an infrastructure that invites and cultivates other ways of interacting and sharing, based on care, respect and consciously agreed and fair power dynamics, we dedicate our time and energy to tell you this from a closer language, to cooperate and continue seeding our freedom on the internet. For us it is important to build a relationship of greater trust with the inhabitants, based on communication and understanding on both sides.

What does Kefir do

Kefir implements considerations, techniques and measures for both the mail it receives and the mail it sends. We talked a bit about the mail authentication protocols. In addition to configurations, we use software to filter inbound spam such as rspamd.

We also try to test through the Google Postmasters tool. However, Google requires that you send hundreds of emails per day, which small providers like us do not produce. So, we can almost never get reports this way. Some bustling days on Kefir Island, the inhabitants have sent many emails together and we have managed to obtain statistics that indicate that there is no indication of why we should "fall into unwanted".

  • From time to time, we try to send mails from test accounts that we created in Kefir to a gmail account that we have created for testing purposes and see if it is marked as "spam".
  • We use the tool 'https://email-tester.com' and verify that, according to the criteria of "good practices of mail providers", we comply with all the conditions, meaning there should be no reason to be automatically marked by a mail provider as "unwanted" or "spam".
  • We check if the domains hosted in Kefir and the IPS of our servers are blacklisted with tools like MX ToolBox and Ultratools.

What can inhabitants do

For incoming mail

Prevention =

  • Do not publish your email address. Use contact forms and/or share the address embedded in an image instead of plain text.
  • Include a parameter in your contact form that implies that the person has to solve a task. We do not need to work for Google for free using its proprietary captchas: in Wordpress we can include a mathematical sum through the Ninja Forms plugin instead.
Sharing your mail address

"Appending" is a spam technique that obtains email addresses through massively searching for them on the Internet or buying databases from third parties.

Therefore, try not to share your mail publicly on the Internet. If you are going to do it, try one of these options:

Dir-mail.png
  • Instead of using plain text, share it in an image: you can simply create a new file in a graphic editor and enter a text box with the mail or take a screenshot of a region of the screen where it appears.
  • Instead of directly sharing your email, share an intermediary email that redirects to your "real" email. If spam starts to get out of control, you can discard the intermediary mail without having to change your main mail. This can be especially useful if you include your email in advertisements or participate in public mailing lists.


Handling mail

Both webmail 'buzon.kefir.red' and email clients like Thunderbird and K9 can manage 'spam'. This consists of one or two steps depending on where you manage your email:

  • (optional) Mark email as unwanted: train the mail client software to understand what email you want and don't want.
  • Send the mail to the 'SPAM' folder: train Kéfir mail server to understand what email you want and don't want.

We explain how to do this in Thundebird here .

On the other hand, you can send us the source code of the SPAM emails you receive. To do this, in Thunderbird look for the option "View" in the top menu »" Source code "or through the shortcut 'ctrl + u'. You can copy and paste this code and include it in the mail forwarding.

Mail you send

Creating account

  • Certain domains have a worse "reputation" like the extension '.xyz'.
  • Use an alias that does not "look like spam". For example, avoid things like: "g76927@yourdomain.com"


Writing

There is some behavior associated with "SPAM". Basically, spam filters take Correo fraude (where they try to sell you something, etc.) and analyze common patterns. Therefore, it is advisory to avoid these patterns. We mention some:

  • Subject: do not leave it empty or put it all in capital letters. Also avoid issues that appear to be "promoting an offer."
  • Message body: that is not excessively short or full of links and/or images and without or with little text.
  • "Excessive" use of exclamation marks and special characters.
  • Use plain text instead of HTML.

Receiving

If possible, ask the recipent:

  • If this is the first time you write to this person, ask them if they want to receive your mail.
  • Take it easy. First send an email, ask the person to respond to you. This "interaction" (called "engagement" in the marketing world) is one of the main ways that providers "understand" that this mail is legitimate. If you send lots of mails to start off with and the recipent, because of lack of time or true interest, does not interact with them, you will start to be considered as "spam".
  • Verify, through another communication channel, with the recipent if you're mail was sent to spam. Ask them to mark your mail as "wanted mail" and put you in inbox. If they read your mail in the spam folder and never indicate it is not spam, your provider will think you don't want this mail even if you have read it.
  • You can also ask them to mark you as a "safe contact" ("whitelist"). Search online how to do this for your provider. An example of a tutorial for Gmail (we cannot ensure that they are updated steps): https://www.lifewire.com/how-to-whitelist-a-sender-or-domain-in-gmail-1172106
  • Check if that account still exists or not. Generally, if it does not exist, you will receive an email back. If you find out that the account does not exist, stop sending email and find out their updated email. Mail bounces penalize.
  • Use an alternative account: if it is very important that the mail reaches its recipient and they have no way of communicating with the recipent, we recommend using an email account from the same mail provider. With the use of a mail clients such as Thunderbird, you can manage different accounts at the same time from the same place, making this strategy much easier. You can also investigate how to redirect this email account to your account hosted in Kefir. Some providers offer this option, so that when the counterpart answers you, it will reach your account hosted in Kefir.

Mailing lists

If you are sending the same content to a number of people, instead of writing an email with many recipients or many individual emails, we recommend that you ask us to create a mailing list. And, in case you want to direct a content to different groups of people/different profiles, for example, a campaign they you are leading: group 1) civil society organizations; group 2) state and government workers; group 3) media, etc., we recommend creating several mailing lists.

Mailing lists can potentially be marked automatically as spam too as it can be a mean of fraudulent or invasive mail. Therefore, we make the following specific recommendations:

  • Offer the option for the person to subscribe instead of you subscribing them: once we have created the list for you, we will send you an information page of your mailing list that you can send to potential suscribers. They will be able to sign up to the list on this page.
  • Give a visible option to unsubscribe: we can configure for you so that the mailing list always places the option to leave the list at the end of the mail.
  • The mailing list software manages mail bounces (mail coming back because the account doesn't exist or is suspended). After a certain amount of bounces, the mailing list software automatically unsubscribes this account from the list. It is common that large mailing lists end up having many "ghost accounts" and this generate a high "spam reputation" due to a lack of real engagement. Fortunately, the tools we use to manage mailing lists are configurable to minimize this.

If it persists

If you have followed all these steps and, after a month or more, the problem still persists, contact us. In order to support you better, we ask you to document (taking screenshots and describing what happened) the process and share it with us.

In case of spam that arrives to your mailbox, also send us the source code of the email. To do this, in Thunderbird look for the option "View" in the top menu »" Source code "or through the shortcut ctrl + u. You can copy and paste this code and include it in the mail forwarding.


You can also use 'https://www.mail-tester.com/' and see what ranking you get.