A disgruntled Verizon customer has filed a class action lawsuit against their internet service provider (‘ISP’), seeking compensation for losses incurred as a result of their aggressive mail filtering policy.

Since 22 December, Verizon’s mail servers have been configured to automatically reject connections from Europe and other parts of the world, including China and New Zealand. Says one frustrated customer:

I have been affected by this nonsense Verizon policy. Even British government email accounts were blocked and my contacts there were unable to correspond with me… At no stage was I informed of this email block and thus (sic) was not given the chance to communicate with members of the British government by other means.

Verizon claims that their filtering strategies represent industry ‘best practice’ and are necessary to contain the deluge of unsolicited bulk commercial emails (‘spam’), which they claim comprise up to 90% of all data received by their mailservers. If the case makes it to trial, this action could spell bad news for ISPs and web hosts everywhere; Courts have proved very reluctant to support automated filtering processes. Worringly, such decisions have frequently rested on technologically inaccurate legal bases. In Germany, for example, intentional mail filtering has been outlawed on the basis of confidentiality laws.

As a commercial website hosting provider, I am only too aware of the difficulties associated with spam filtering. Set thresholds for mail filtering too high and customers complain of getting spammed; set them too low and they, well, file a class action lawsuit. Finding a balance between the two can be difficult — but is it really a cause for legal action?

Verizon’s policy may be a trifle ludicrous (filtering out entire TLDs never helped anyone, after all) and its manner of implementation (and lack of disclosure to its customers) verges on the ridiculous, but it is — at least in principle — a good idea. Most users agree that some measure of server-side protection is necessary. Unfortunately, this lawsuit — if successful — may give a cause of action to anyone wrongfully denied access to their incoming e-mail, the practical effect of which would be to prevent any mail filtering taking place at all. This would strike a major blow to the collective efforts of Spam Assassin, SPEWS, Spamhaus, et al, and comprise an enormous victory for spammers.

My solution, as a web services provider, is two-fold: first, give the client access to enable or disable spam filtering as they see fit. Upon activating the filtering service, they should be prompted to set their own threshold and tweak settings to their liking; a prominent warning should be displayed, warning them that as filtration processes are automated, some false-positives are inevitable. Second, retain all suspect messages in a special mailbox on the server that the client can access within 30 days of receipt. Not only does this model legally protect the ISP, it also ensures that — regardless of whether one person’s spam is another’s ticket to financial success and sexual posterity — the end user is in control of their own mail preferences.