[arp242]

That hugely draconian.

Are you 100% sure you never just signed up for a newsletter and forgot about it?

Are you 100% sure your email didn't end up there in some other way?

I used to send out some newsletters for my website; just a programming blog thingy. It was just a form with a simple program on the server to collect email addresses. Wrote everything myself; no external service or whatnot involved.

I got some pretty aggressive replies about people who insisted that I was spamming them. Did they forget (I didn't send out the newsletter very often)? Did someone typo their email and end up at the wrong person? Did some bot maybe fill in the form and pass the little captcha I added? Who knows. All I know is that there was a legit POST /subscribe request.

And as someone who also worked with spam prevention: it's this kind of stuff that also makes legit spam detection harder than it needs to be. The "Report spam" button is not a "fuck you" button, but unfortunately many people seem to use it as such.

[Ekaros]

With email spam it has been long proven that best way to act is to treat all actors as malicious. As there is enough malicious actors around.

And it took me a minute to find phishing mail with unsubscribe link. Which entirely proves my original point. Sure those sending phishing mails won't stop the mails I probably ordered somewhere?

[arp242]

> And it took me a minute to find phishing mail with unsubscribe link. Which entirely proves my original point

You weren't talking about phishing before. You're shifting this to something radically different.

[Ekaros]

I originally replied to comment stating:

> Yeah no. Emails which include an unsubscribe link are legit enough to not do that. Actual spammers don't bother to include an unsubscribe link.

I found a phishing email with unsubscribe link. Thus I think we can generalize that emails containing unsubscribe in general are not legit nearly enough of times to trust that. Thus only correct and safe way is to mark them as spam and let the email provider eventually to handle them correctly for everyone.

[gpderetta]

You do not need to be 100% sure.

99% of the time you explicitly unsubscribed from all categories, but the sender just added a new one and helpfully opted you in. So, yes, "fuck you".

[arp242]

And that other 1%[1] is just collateral damage? "Sucks to be you!" Please note they were suggesting that a single email should "blacklist the domain".

You are pretty much suggesting the very thing Microsoft is doing here.

This is not a serious suggestion in any shape or form.

[1]: A number I have serious doubts about by the way, but we'll use it for now.

[gpderetta]

There is a very simple solution to the collateral damage: don't send anything that can be construed as spam.

[arp242]

Collateral damage is by definition damage to innocents – people who have done nothing wrong.

As I mentioned before, even with the best of intentions people can "construe your email as spam".

People mark emails as spam as "fuck you". Bad support? Spam! Argument with a friend? Spam! Yes, people really do this.

People can abuse your platforms in way you didn't foresee: either an outright security flaw or a "logic flaw" (e.g. one system I worked on the rate-limiter could be bypassed by using Cc, which was of course quickly solved, but people did unfortunately use it to send out spam).

If you have any sort of "sign-up", even if paid only, people will try to abuse it to send spam.

People's computers get hacked, and while botnet spam is less of an issue due to residential ISPs blocking SMTP traffic, abusing the hacked machine's Outlook or whatnot still happens.

There's tons of cases where regular well-intentioned people send out spam. Anyone who claims any different has never seriously worked on any kind of anti-spam system with real-world usage. If this was an easy problem it would be a solved problem, but it's not, because it's a hard problem.

[gpderetta]

To be more constructive, I agree that personal spam/nom-spam decisions should not be used to train a general model, at least not without a significant signal from multiple users. Possibly users should be matched to models according to their behaviour.

But the onus should be on the model builders not on the final user.

[justinclift]

> Are you 100% sure you never just signed up for a newsletter and forgot about it?

For me, I can be pretty sure as I have extensive email archives.

Before claiming I've not signed up for stuff I check them first. :)