views:

225

answers:

5

I'm building an email newsletter service.

Obviously we are doing regular opt-out links and everything like that, but I'm wondering...when a user in Gmail does the "report spam" button (or equivalent in any email client) how can we receive these reports?

Have people developed good systems to programatically parse these reports, like an API or common format of the report emails that we can parse?

Thanks!

More Info Based On Answers:

Sorry it might have been misleading how I worded it. I realize Gmail doesn't notify the mail server for each click of the "report spam" button and this is largely used for client side filtering. But newsletter companies DO get reports like this even if it's not directly hooked up to the "report spam" button:

See mailchimp.com's discussion here: http://www.mailchimp.com/articles/how_legitimate_marketers_can_prevent_spam_complaints/

And Aweber's here: http://www.aweber.com/faq/questions/390/What+Is+An+Acceptable+Complaint+Rate%3F

It sounds like if they start getting enough reports, then they'll fire off a message to the sending mail server, I assume by using the "return path" header of the email and perhaps a service like abuse.net? Maybe someone has more info on this?

It sounds like the reports do not allow you to identify the recipient, but they allow you to identify the message (and sender) which is useful in flagging or deleting someone's account on your newsletter service. This is what I want to use it for, another way to watch out for people using the newsletter service maliciously.

As @scope mentioned below, AOL has a feedback loop service for this. That's the kind of thing I'm interested in, best practices for making sure you get these reports from various email services and how to process them programatically if possible.

Also, I'm running my own mail server so the IP is mine, I can setup a script to read emails to "[email protected]", or whatever else is needed. Thanks!

A: 

I believe that the email address is never notified that it is marked as spam, considering that is a client level filtering. If someone marks you as spam, most likely you will never know.

This is mainly for privacy purposes.

Also, unlike Gmail, desktop applications can't store these on servers.

Chacha102
I mean, think about it. Would you want everyone in the world knowing what you thought was spam? If you marked a company email newsletter as spam, it could cause problems.
Chacha102
Another consideration is that when sending a 'I consider this spam' notification to the reply-to address, in most real SPAM cases (i.e. botnet sent) this address will be random address. And sending a message a like this, might even trigger a similar response, causing a potential huge flow of messages.
pb
@Chacha102 - Newsletter companies do get complaints. Aweber shows you a "% complaints" they got for each message sent out. Also mailchimp.com discusses how they get abuse complaints here: http://www.mailchimp.com/articles/how_legitimate_marketers_can_prevent_spam_complaints/It may not identify the recipient, but if you can identify the sender this is still valuable to flag/ban their account, etc.@pb - "from" addresses are frequently faked but you can still look at the "return path" header which identifies the mail server. This is how SPF works.
Brian Armstrong
Yes, but I highly doubt if I click 'Report Spam' in gmail, or 'Junk' in Thunderbird that the send gets a notification that I reported spam. Which is what I said. [email protected] doesn't count as a 'Report Spam' button.
Chacha102
Those buttons don't get sent directly to the ISPs, like the link you provided describes. Client Side Mail Applications that have Report buttons like Outlook and Thunderbird, unless modified, don't provide anyone with notification that.
Chacha102
Gmail on the other hand, because it is a web based service, might report things to ISPs.
Chacha102
A: 

The 'Spam' feature, of all email apps I know, is a client side setting, largely as it has no requirement to be otherwise, it is a totally personal setting.

Google, however, may supply an API to give some idea of 'trends' around email addresses, but I am not aware of such an API, and I have done some coding against google apis.

I would not worry too much about people who mark you as spam client-side, it should have no effect on your distribution. Even if webmail providers are more likely to mark you as spam based on users trend, as it should not affect your distribution greatly if you are a legitimate newsletter and have either an opt-in model or, as you say you have, a decent and simple opt-out model.

johnc
Agreed it's largely client side. But if they receive enough reports they email the sending mail server. Mailchimp.com discusses it here: http://www.mailchimp.com/articles/how_legitimate_marketers_can_prevent_spam_complaints/ You can't identify the recipient, but you can identify the sender. To block/ban their account, etc. This is what I'm worried about...not the normal good guy user who is using it honestly, it's the bad guy who is trying to use the account to spam. Just to get all possible checks in place for that. Thanks!
Brian Armstrong
+2  A: 

Gmail recently announced support for the List-Unsubscribe header, so just make sure your mailing list uses it. Gmail and some other services will offer to send an unsubscribe message to you when a user marks one of your messages as spam. It's no guarantee.

AOL has a way to get copies of spam reports, but it's done by the sender's IP address, so it's only useful if you don't share your server with anyone. And you aren't given the recipient's id, so you can't use it to unsubscribe them unless you do something trickly like encoding the recipient's id in the message-id or the sender's address. (Alas, new users can only post one link, so I can't tell you where to find it. Search for "aol spam feedback loop".)

scope
Good info. Yeah hopefully more people will adopt Gmail's unsubscribe header, and I plan on using it.In the short term, I'm hoping there is way to do it with more conventional means like the AOL feedback loop and possibly others. I am running my own mail server. I'll look into it. Thanks!
Brian Armstrong
A: 

I'm adding a different answer for this.

Basically what I think you should do is have the person forward the offending email to [email protected]. You can then read the forwarded message (maybe automatically?) and figure out which account has the offending newsletter. Once that is figured out, send an email to the account holder saying that X number of people has reported your service as abused.

Other things you could do is put a custom ID somewhere in the message body (the footer next to the abuse@mydomain link?), where the ID is defined enough the you could just look for the pattern in the email, forwarded or not, and as long as that ID is in an email sent to [email protected], it would be able to notify the person.

Yet another way to do it is to have the user send it to an [email protected] where the number is the newsletter ID, and programmaticly check that address, process, and send the number of reports to the account holder.

And ANOTHER way is to have a link where the person can report abuse, with the same idea as the above idea. The link contains an ID number in the $_GET, which then goes into a hidden form. The form gives the person a place to comment anything extra they want to add, maybe a captcha, and then submit, which places their entry in a complaint database, which can be sent to the account holder at the end of the day.

Chacha102
Thats about all I can type right now. There are probably a dozen more ways to do it.
Chacha102
A: 

Apparently "feedback loops" are the service to look for here.

There are even companies which compile feedback loop reports from all the ISP's for you and can give them to you in CSV format or something like that.

For example: http://www.isipp.com/services/fbl-reports/

Haven't talked to them to see if they offer a web service for this, but even if they didn't you could write a service to parse their daily csv's sent via email.

Brian Armstrong