Learn about Centmin Mod LEMP Stack today
Register Now

IP.Board Flagged as spam from within, email spam

Discussion in 'Forum software usage' started by Colin, Mar 12, 2021.

  1. Colin

    Colin Premium Member Premium Member

    162
    44
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +122
    Local Time:
    10:56 AM
    1.19.#
    MariaDB 10.1.#
    Hi all,
    Not a centmin question as such, more of one for my peers.
    We run SES for emails out of our community. We just had to warn a member for abuse towards our staff, this triggered a 14day ban. He then set about marking as many past notification emails as possible as spam.

    Yep, my 0.05% alarm triggered and soon after we flew past the 0.1% limit amazon has and as it's quite quiet of late and he had a lot of mails, we hit .98% soon after.

    One of the questions amazon is posing is:
    How will these changes prevent similar issues from occurring in the future?

    The changes we're making is when a warning /ban is issued, unsubscribe them from all notifications. This member had a lot so was getting a fresh supply, for a while...
    So far as I can tell, though, there is nothing stopping this member, or another just going back through previous mails and marking more and more as spam. These mails were sent in good faith as the user choose to receive them/subscribe to topics etc.

    So I'm making this post, to see what options there might be, or how you might protect against this form of attack from within.


    Cheers,
     
    Last edited: Mar 12, 2021
  2. eva2000

    eva2000 Administrator Staff Member

    46,825
    10,620
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,482
    Local Time:
    7:56 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Sounds like a permanent ban is needed :)
    hmm how would one member manage that - you'd have to have a very small user base/mail out numbers for that to happen ~10-20 emails for that 1 user to push you past the threshold.
    • AWS senders' bounce rates to should remain below 5%. Senders with a bounce rate exceeding 10% risk suspension. Learn more
    • AWS senders' complaint rates to should remain below 0.1%. Senders with a complaint rate exceeding 0.5% risk suspension. Learn more.
    AWS has Cloudwatch dashboard you setup to monitor bounce/complaint rates and Cloudwatch alarms. But all those are reactive rather that proactive methods.

    aws-cloudwatch-dashboard-ses-bounce-complaint-rates-01.png

    But for Xenforo at least, when you ban someone, they stop getting email notifications.

    But I guess you need to work with AWS support for this. The question they pose is an interesting one. Probably a question you'd ask them is how far back does mail complaint rates are meant to go to count towards the complaint rate. So if a user starts marking last months emails as spam out of spite etc.

    It might just be acceptable for AWS that banned users have email notifications stopped. As there's no system in the world that can prevent emails sent prior to the ban from stopping previously legit marked emails from being sent.

    old response from AWS SES support at https://forums.aws.amazon.com/thread.jspa?threadID=160242

     
    Last edited: Mar 13, 2021
  3. Colin

    Colin Premium Member Premium Member

    162
    44
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +122
    Local Time:
    10:56 AM
    1.19.#
    MariaDB 10.1.#
    Hi,

    I had/have the alarms setup at 0.05%. Problem is, I didn’t have my phone on my while cooking supper.

    He clocked up 90 odd flag it as spam, before I got to cut his supply off. Yes he’s banned now too. :)

    Aws did accept it was a bad actor.

    worrying but did make it through the review rounds.

    I couldn’t think of anyway of preventing it from reoccurring.

    Shame we can’t flag an email as self delete after n days. A bit like the ProtonMail expire mail after n days.

    the aws experience was a bit cold, maybe automated as the first rebuffed response didn’t seem to take into account the info given. Bit of a canned reply, which only led to more concern.

    have lowered my alarm, might get false positives with the odd swipe left... indeed after being unpaused a member flagged a password reset mail as spam... :facepalm:
     
  4. eva2000

    eva2000 Administrator Staff Member

    46,825
    10,620
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,482
    Local Time:
    7:56 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Good to know AWS acknowledged the one bad actor! But indeed shame there isn't a way to lessen this type of abuse i.e. maybe weight the spam complaints by day/age so newer spam complaints are weighted heavier than days old spam complaints?.

    Yeah could also be a UX issue as in Gmail, the report spam button is in between archive and delete buttons. I've hit the wrong one a few times too heh.