Many years back I was told the story of a software company V.P. who discovered that IT had misconfigured the company Exchange server to drop random items of her email on the floor, and how she marched into the IT Director’s office to “rip him a new one”. It was told from a “Ha Ha, those arrogant bastards in IT got what’s coming to them” perspective, but there was an undertone of fear to the story. Such a thing could happen to any of us.
Well, it just happened to me—for the second time this year—and it’s largely my own damn fault. I’d been just a bit too clever with how I was using my ISP’s spam filtering. Their filtering—a mix of SpamAssassin and something Bayesian—seemed highly reliable at first, but over time that reliability has gone down as spammers have gotten cleverer. A chance event set off an “uh oh” alert, which turned into an “oh, crap” when I investigated and found a scattering of false positives going back at least as far as June. Oh, crap. The extra painful part is that there have been a few hints along the way that something was awry, but I’ve been too damn busy, and blew the hints off.
So, on top of being insanely busy right now, I get to plow through a four+ month pile of spam looking for legitimate emails that I need to respond to, if only to give apologies. Oh, crap. Well, at least nothing got lost this time.
It does little good to wail and moan at the spammers who’ve made email filtering necessary, but there are still some lessons out of this. The first is to not quarantine email in multiple places, especially when one of those places is inconvenient to check. The second lesson is to make sweeps of the quarantined email part of a standard daily (or weekly) workflow, so that false positives don’t go unnoticed.
I’m taking both lessons to heart by moving the rest of the email traffic that I depend on to gmail.