Feedback loop (email)

Last updated
A sender and a recipient connected by a mailbox provider (MP). The feedback provider and the feedback consumer are the two formal endpoints of the feedback loop (blue arrow). Senders need to subscribe, possibly using a web form similar to the one depicted on the upper left corner, in order to become feedback consumers. Recipients typically click a spam button on a web mail page to start the process. Feedback loop (email).png
A sender and a recipient connected by a mailbox provider (MP). The feedback provider and the feedback consumer are the two formal endpoints of the feedback loop (blue arrow). Senders need to subscribe, possibly using a web form similar to the one depicted on the upper left corner, in order to become feedback consumers. Recipients typically click a spam button on a web mail page to start the process.

A feedback loop (FBL), sometimes called a complaint feedback loop, is an inter-organizational form of feedback by which a mailbox provider (MP) forwards the complaints originating from their users to the sender's organizations. MPs can receive users' complaints by placing report spam buttons on their webmail pages, or in their email client, or via help desks. The message sender's organization, often an email service provider, has to come to an agreement with each MP from which they want to collect users' complaints. [1]

Contents

Feedback loops are one of the ways for reporting spam. Whether and how to provide an FBL is a choice of the MP. End users should report abuse at their mailbox provider's reporting hub, so as to also help filtering. [2] As an alternative, competent users may send abuse complaints directly, acting as mailbox providers themselves.

Rationale

Marketers striving for their mail to be delivered have a twofold advantage: they can remove subscribers that don't want to receive that kind of advertising (listwashing), and they can analyze the complaint rate and hence how their advertising meets market expectations. By unsubscribing users who complain, marketers reduce their overall complaint rate per IP or domain, ensuring that targeted mail is much more likely to reach subscribers who actually want to receive it. [3]

ESPs, when playing the sender's role, are very sensitive to how sending mail on behalf of their customers may affect their reputation. Monitoring the complaint rate is one of the ways they can control what their users are sending. [4]

Dear

At present, after checking, it is confirmed that there is no problem of sending spam. Please help us remove the blacklist after confirming it.

60.249.97.101 mail.kbrass.com.tw


Thanks!

ANDY

Reporting process

  1. Spencer sends a message to Alice.
  2. Alice complains to Isaac (her ISP or MP) about the message, e.g. by hitting the report spam button.
  3. Isaac encapsulates the message as either an Abuse Reporting Format MIME part, or (less commonly) a standalone message/rfc822 MIME part, and sends it to Spencer if Spencer has signed up to receive that feedback. [5]

As sketched above, the process implies that Spencer, besides being the author (or sender) of the message, is connected to the postmaster responsible for his mail domain. Subscribing to an FBL usually involves the postmaster's authorization. An FBL subscriber may or may not forward abuse reports to the relevant authors. If no subscribers exist for a given mail domain, Isaac can omit sending an abuse report at all. In fact, subscriptions have to be done one by one, a laborious task that mail domains not engaged in mass mailing may want to skip. RFC   6650 addresses the latter shortcoming by proposing auto-subscribe just-in-time FBLs, which can be started by sending an unsolicited abuse report with further directives (at a minimum, a way to unsubscribe). [6]

Ipsos noted that a majority of respondents to a survey on spam reporting marked messages as spam based solely on the subject and sender data.

For years, end users have been told not to trust email unsubscribe links, so many users hit the spam button as an alternative to unsubscribing. [7] Consequently, report spam may act as unsubscribe in some cases. [8] One of the reasons not to hit unsubscribe links is to avoid confirming that the message had been received and opened. [9]

Reporting formats

The Abuse Reporting Format (ARF) is the standard format for FBL reports. Much like bounce messages, whose design is inherited by ARF, an abuse report consists of a human readable part, followed by a machine readable part, and the original message. The report is characterized by a Feedback-Type field whose values may indicate one of abuse, fraud, virus, or other (more types are registered at IANA).

Microsoft, who use the name Junk Mail Reporting (JMR), also use their own format. [10]

Google's Gmail is beta testing a non-traditional FBL with select ESPs. [11] Gmail uses their own format—an aggregate report that reveals spam rate per notable sender. SendGrid reports that the Gmail FBL, developed and launched by Julian Tempelsman and Sri Somanchi, is effective at identifying spam that other anti-spam systems miss. [12]

Criticism

See also

Related Research Articles

Email Mail sent using electronic means

Electronic mail is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic (digital) version of, or counterpart to, mail, at a time when "mail" meant only physical mail. Email later became a ubiquitous communication medium, to the point that in current use, an e-mail address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries. Email is the medium, and each message sent therewith is called an email.

Within the Internet email system, a message transfer agent (MTA), or mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using SMTP. The terms mail server, mail exchanger, and MX host are also used in some contexts.

The Simple Mail Transfer Protocol (SMTP) is an internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineering Task Force (IETF) in the 1980s, and updated by RFC 5322 and 6854. The term email address in this article refers to addr-spec in RFC 5322, not to address or mailbox; i.e., a raw address without a display-name.

Various anti-spam techniques are used to prevent email spam.

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails, a technique often used in phishing and email spam.

The Anti-Spam Research Group (ASRG) was a research group started within the Internet Research Task Force (IRTF), where its charter concluded on 18 March 2013. It is still a reference and a melting pot for anti-spam research and theorization. In particular, the wiki lives on.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email marketing is the act of sending a commercial message, typically to a group of people, using email. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. It involves using email to send advertisements, request business, or solicit sales or donations. Email marketing strategies commonly seek to achieve one or more of three primary objectives, to build loyalty, trust, or brand awareness. The term usually refers to sending email messages with the purpose of enhancing a merchant's relationship with current or previous customers, encouraging customer loyalty and repeat business, acquiring new customers or convincing current customers to purchase something immediately, and sharing third-party ads.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

For a RFC 5321 mail transfer agent (MTA), the Sender Rewriting Scheme (SRS) is a scheme for rewriting the envelope sender address of an email message, in view of remailing it. In this context, remailing is a kind of email forwarding. SRS was devised in order to forward email without breaking the Sender Policy Framework (SPF), in 2003.

HTML email is the use of a subset of HTML to provide formatting and semantic markup capabilities in email that are not available with plain text: Text can be linked without displaying a URL, or breaking long URLs into multiple pieces. Text is wrapped to fit the width of the viewing window, rather than uniformly breaking each line at 78 characters. It allows in-line inclusion of images, tables, as well as diagrams or mathematical formulae as images, which are otherwise difficult to convey.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam.

DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

An email service provider (ESP) is a company that offers email marketing or bulk email services.

The Abuse Reporting Format (ARF) also known as the Messaging Abuse Reporting Format (MARF) is a standard format for reporting spam via email.

Spam reporting, more properly called fake reporting, is the activity of pinning abusive messages and report them to some kind of authority so that they can be dealt with. Reported messages can be email messages, blog comments, or any kind of spam.

People tend to be much less bothered by spam slipping through filters into their mail box, than having desired e-mail ("ham") blocked. Trying to balance false negatives vs false positives is critical for a successful anti-spam system. As servers are not able to block all spam there are some tools for individual users to help control over this balance.

A mailbox provider, mail service provider or, somewhat improperly, email service provider is a provider of email hosting. It implements email servers to send, receive, accept, and store email for other organizations or end users, on their behalf.

Murray S. Kucherawy is a computer scientist, mostly known for his work on email standardization and open source software.

References

  1. J.D. Falk, ed. (November 2011). Complaint Feedback Loop Operational Recommendations. IETF. doi: 10.17487/RFC6449 . RFC 6449 . Retrieved 30 November 2011.
  2. John R. Levine (9 December 2009). "Adding a spam button to MUAs". mail. ASRG . Retrieved 22 April 2011.
  3. "What are feedback loops (fbl's) and how can they help my deliverability?". Email Manual. 2009-07-15. Archived from the original on 6 March 2012. Retrieved 15 July 2009.{{cite web}}: CS1 maint: unfit URL (link)
  4. "Your Reputation Holds the Key to Deliverability" (PDF). ReturnPath. 2008-08-18. Archived from the original (PDF) on 11 May 2013. Retrieved 16 November 2008.
  5. J.D. Falk (2008-11-11). "FeedBack loops". ASRG mailing list. IRTF . Retrieved 18 November 2008.
  6. Murray Kucherawy, ed. (June 2012). Creation and Use of Email Feedback Reports: An Applicability Statement for the Abuse Reporting Format (ARF). IETF. doi: 10.17487/RFC6650 . RFC 6650 . Retrieved 28 June 2012. Feedback Providers MUST provide a way for report recipients to request that no further reports be sent.
  7. Derek Harding (2006-09-07). "Getting in the Feedback Loop". ClikZ. Retrieved 16 November 2008.
  8. John Levine (2008-11-13). "FeedBack loops". ASRG mailing list. IRTF . Retrieved 18 November 2008.
  9. "Spam Unsubscribe Services". The Spamhaus Project. 2007-01-19. Archived from the original on 2009-03-09. Retrieved 16 November 2008.
  10. "Services for Senders and ISPs". Microsoft . Retrieved 11 November 2011.
  11. "Best Practices for Senders: A Gmail Perspective (slides 47, 48)". MAAWG. 2014-02-20.
  12. "Gmail's Spam Feedback Loop: SendGrid's First-hand Experience". SendGrid. 2014-03-28.
  13. Rich Kulawiec (2008-11-13). "FeedBack loops". ASRG mailing list. IRTF . Retrieved 16 November 2008.
  14. Chris Lewis (2008-11-12). "FeedBack loops". ASRG mailing list. IRTF . Retrieved 18 November 2008.
  15. Barry Shein (2008-11-13). "FeedBack loops". ASRG mailing list. IRTF . Retrieved 18 November 2008.
  16. Barry Shein (2008-11-13). "FeedBack loops". ASRG mailing list. IRTF . Retrieved 18 November 2008.
  17. Deborah Platt Majoras; et al. (September 2004). "A CAN-SPAM Informant Reward System" (PDF). US Federal Trade Commission . Retrieved 8 November 2011.