Spam Filter Developers and Administrators: Dumber Than The Dumbest Person On The Internet

Posted: Sun, 4 May 2008 | permalink | No comments

For the past couple of days, one of my e-mail addresses has been some spammer's choice for forged From: lines in their spew. So, as invalid addresses aren't high on a spammer's list of priorities, I get all the bounces. The fact that MTAs, in this day and age, don't have SMTP session recipient validation is unpleasant. However, with ISPs requiring all outgoing e-mail to go through their own servers, I can kinda see where that can break down. I still don't like it, but I'll live with it.

In amongst all the bounces, though, there's a lot of other, really obnoxious, crap. So far, I've had five "please click this link / reply to this e-mail so it'll go through" (AKA "please filter my spam for me")[1]. I've also had a large number of e-mails saying that my e-mail was blocked or unwanted or whatever, from spam filtering programs themselves.

What I haven't got any of, as far as I can determine, is any e-mail from enraged recipients saying "stop sending me this crap!" or anything of that nature.

The only conclusion I can reasonably draw from this data is that users know that source addresses are forged and there's no point replying to them, but the people whose job it is to write, maintain, and run spam software don't. That's downright embarrassing. Not a single user was dumb enough to assume that I really sent the e-mail, but IT "professionals" who deal with spam for a living are.

If you are in any way involved in the production, sale, or use of an anti-spam product that hasn't realised that the from addresses of spams are universally forged, please shoot yourself in the head. Really. I'm sick to death of people who should know better doing the most stunningly stupid things regardless.

If you don't know that your software is spamming the rest of the world, then you're still on the hook. What other dumb shit is your system doing that you know nothing about? On the other hand, if you do know that your spam filter is contributing to the noise, you're even worse -- no spam has a real source address. If your software or system spews crap because some clueless manager told you to do it, then you need to grow some courage and ponder on the words of Napoleon:

A commander-in-chief cannot take as an excuse for his mistakes in warfare an order given by his sovereign or his minister, when the person giving the order is absent from the field of operations and is imperfectly aware or wholly unaware of the latest state of affairs. It follows that any commander-in-chief who undertakes to carry out a plan which he considers defective is at fault; he must put forward his reasons, insist on the plan being changed, and finally tender his resignation rather than be the instrument of his army's downfall.

In other words, if you did it and you know you shouldn't have, it's still your fault, regardless of why you did it. Take some responsibility for your actions, for fucks sake.

[1. Every single one of which I was more than happy to confirm -- if you want other people to do a job for you, you have to deal with the fact that some of them might not do it in quite the way you expect. I encourage anyone else who thinks that an anti-spam system that requires the rest of the world to filter your inbox is stupid (even disregarding the likely problems of infinite loops if everyone had a challenge-response inbox) to do the same.

Post a comment

All comments are held for moderation; markdown formatting accepted.

This is a honeypot form. Do not use this form unless you want to get your IP address blacklisted. Use the second form below for comments.
Name: (required)
E-mail: (required, not published)
Website: (optional)
Name: (required)
E-mail: (required, not published)
Website: (optional)