Overzealous Spam Filters
Two recent news items about important messages being lost in the recipients’ spam filters. Some months ago, the Banking Ombudsman sent out a warning about investment scams to various financial institutions, but the ANZ never saw theirs <https://www.nzherald.co.nz/nz/anz-misses-investment-scam-warning-from-banking-ombudsman-after-email-caught-in-banks-spam-filter/D52VAOH22BACDB75KLYYNP4YIQ/>. One scam victim believes that her case might have been caught sooner if the bank had taken suitable notice of such a warning. And a US-based team wanted to join Formula 1, but it seems they never got the invitation to meet in person to discuss their application, because it got classed as spam <https://arstechnica.com/cars/2024/02/a-spam-folder-may-have-foiled-andretti-cadillacs-f1-entry/>. And so their application was rejected. But then, in this case you’d think more than one attempt would have been made to get in touch. In both cases, the sender address would have been something unusual, not the kind of thing you or I might see in our in-box (in one case, the Banking Ombudsman, in the other case, the Formula 1 rights body). If we got such a message, it would be wise to score it as being more likely to be some sort of scam. But for organizations that work in those areas that are more likely to engage in such communications, it would make sense to customize their spam filters in the opposite direction, don’t you think?
In a similar vein it is worrying that so much other important information (e.g. invoices) is also delivered via email. These days it I think it is possible for it to be encrypted end-to-end, but who knows if that is implemented for all hops, and I guess it remains inspectable while in the mail queue on any intermediate hosts. I understand that having ubiquitous email identity verification and transport security is a difficult problem to solve. Not in the least part because those outside of tech don't seem to care, but we can hope. On 6/02/24 20:21, Lawrence D'Oliveiro wrote:
Two recent news items about important messages being lost in the recipients’ spam filters.
Some months ago, the Banking Ombudsman sent out a warning about investment scams to various financial institutions, but the ANZ never saw theirs <https://www.nzherald.co.nz/nz/anz-misses-investment-scam-warning-from-banking-ombudsman-after-email-caught-in-banks-spam-filter/D52VAOH22BACDB75KLYYNP4YIQ/>. One scam victim believes that her case might have been caught sooner if the bank had taken suitable notice of such a warning.
And a US-based team wanted to join Formula 1, but it seems they never got the invitation to meet in person to discuss their application, because it got classed as spam <https://arstechnica.com/cars/2024/02/a-spam-folder-may-have-foiled-andretti-cadillacs-f1-entry/>. And so their application was rejected. But then, in this case you’d think more than one attempt would have been made to get in touch.
In both cases, the sender address would have been something unusual, not the kind of thing you or I might see in our in-box (in one case, the Banking Ombudsman, in the other case, the Formula 1 rights body). If we got such a message, it would be wise to score it as being more likely to be some sort of scam. But for organizations that work in those areas that are more likely to engage in such communications, it would make sense to customize their spam filters in the opposite direction, don’t you think? _______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
On Wed, 7 Feb 2024 11:28:58 +1300, Glenn Ramsey wrote:
I understand that having ubiquitous email identity verification and transport security is a difficult problem to solve.
The difficulties don’t seem to be technical, they seem to be mainly human-factors ones. <https://www.usenix.org/conference/8th-usenix-security-symposium/why-johnny-cant-encrypt-usability-evaluation-pgp-50>
participants (2)
-
Glenn Ramsey -
Lawrence D'Oliveiro