Spam Filters: Stop Silently Rejecting Emails

This is probably more rambling than opinion, but seriously, can automatic email spam filters stop pretending to be clever and just stop rejecting emails?

By that, I do not mean disabling spam filters entirely. What I mean is to remove one of their most extreme anti-spam measures: rejecting the email outright. Instead, I think the only acceptable strategies are: either placing them in the Junk folder, or saving them in some sort of quarantine area1.

I of course am aware the prevalence of email spam and condemn anyone who runs stupid email campaigns or outright scams. They deserve whatever consequences they get -- being rejected or getting their IP blacklisted. The problem comes when the spam filter "thinks" a email is almost certain to be spam, but it is in fact not -- i.e. false positives with a high certainty.

This might be rare to a lot of people, but I have run into this more often than I am willing to put up with. I think one of the issues is that many open-source spam filters are only designed / trained for Romance languages, or worse, just English. For example, in the default Rspamd configuration of Mailcow, there is a rule that assigns a high spam score for any email where all letters are upper case. However, this rule is fatally flawed if the email is not even written in the Latin alphabet -- it is pretty common for emails written in Japanese to spell English words only in upper case letters because they fit with Kanji and Kana better aesthetically. This has caused important emails I need to see to be rejected multiple times.

And I can assert that this has not been an isolated incidence. In my experience with using Rspamd, it has become increasingly clear that non-English emails tend to receive a higher spam score, and thus be rejected way more often. On the other hand, I am fully aware that sometimes it is simply hard to design and/or pre-train traditional email filters on all languages possible, especially for open-source ones. There are just so many languages and the spam patters are so different.

But there is one simple solution here, one that is not perfect but at least alleviates the problem -- simply do not reject any email! A silent rejection is the worst a spam filter can do, because there is no remedy once done -- since you don't receive the email anywhere, you can't even tell the spam filter the fact that it is not supposed to be spam. In many cases, if you move an email from Junk to Inbox, this will inform the spam filter that it has made a mistake and should readjust itself. This is simply not possible if the email does not even appear inside of Junk.

This problem does not seem to be limited to just Rspamd or non-English emails. I have seen cases where Gmail and Outlook silently reject emails as well, especially from lesser-known or self-hosted mailboxes. Recently, there has also been a wave of people who fail to receive emails from IRCC2 to which they must reply3 to have their newly-approved permanent residency processed. Although it is entirely possible that this is an issue of the internal mail server of IRCC itself, I also would not be surprised if many of these cases are due to Gmail or Outlook etc. rejecting them silently, and in fact they already seem to have a tendency of putting them in spam for those who are able to receive these emails.

Personally, I honestly do not even see the problem if all supposedly spam emails just go into the Junk folder. Most email clients won't download the Junk folder proactively, and it gives you a way to retrain the spam filter to fit your specific needs. If one really insists on not seeing any spam mail whatsoever, then a quarantine1 mechanism like that of Mailcow can be implemented -- an almost-silent rejection that can be reversed by request if the user logs into a separate web page. On the other hand, if one has to constantly check this separate system, I feel that it is not different from just using the Junk folder after all.

As of me, I have already increased the threshold for rejection on my mail server to 5000, effectively disabling the silent rejection strategy. I would simply not trust a piece of algorithm to make the decision that I just do not need to see some piece of email at all, and I do not want to even have the slightest chance of losing an important email due to a false positive. Self-hosting my mail server gives me this level of control, but for those who use Gmail or Outlook, I could only wish that Google or Microsoft eventually stop using the silent reject strategy as well.

  1. A junk folder-like area but it may be invisible in email clients, and get cleared after a certain duration of time. 

  2. Immigration, Refugees and Citizenship Canada 

  3. Confirming your permanent residence online 

You'll only receive email when they publish something new.

More from Peter Cai
All posts