When the Plumbing Fights Back: A Spam Bot Tragedy in Three Acts
Published on

When the Plumbing Fights Back: A Spam Bot Tragedy in Three Acts

Authors

Act I: The Irony

Here's the thing about writing newsletters about digital infrastructure while your own infrastructure is on fire: the universe has a sense of humor, and it's dark.

I spend my days thinking about AI agents that can read your entire codebase, communication protocols, and the emergence of digital consciousness. I write about building the future—clean abstractions, elegant systems, machines that understand context better than humans...

Earlier this week, I couldn't send an email.

Not "chose not to." Not "was too busy." Literally could not get a newsletter past Gmail's spam filter despite having every technical checkbox marked with a pristine green checkmark. SPF? Perfect. DKIM? Aligned. DMARC? Passing with flying colors. Google Postmaster showing full compliance across every single metric.

And yet: 32 opens out of hundreds of readers. A 95% spam rate for legitimate content sent to people who explicitly signed up to receive it.

The kicker? I was writing about building better communication infrastructure while Gmail was actively preventing me from... communicating.

📧 Update: You can now read the newsletter that didn't reach you: The Algorithm's Theatre & The Substrate's Patience - featuring thoughts on MCP, digital consciousness, and why we're all performing for algorithms we didn't audition for.

Act II: The Attack Vector

Between July 7 and August 13, my little newsletter signup form—sitting there innocently with its single email field and cheerful "Join the conversation" button—became a playground for bots. Hundreds of them. Not your garden-variety, randomly-generated-email bots either. These were sophisticated enough to use real email addresses. Real people's actual inboxes.

You can see where this is going, can't you? The beautiful cascade failure waiting to happen...

When I sent my legitimate newsletter on August 13th—a thoughtful piece about AI agents and conscious computation—it landed in hundreds of unexpected inboxes. People who had never heard of me suddenly receiving my musings about digital consciousness at 3am.

Their response was swift and predictable: spam spam spam spam spam.

Each click trained Gmail's algorithm. Each report added weight to the classification. My sender reputation didn't just decline; it cratered. Years of carefully cultivated subscriber relationships, destroyed in 72 hours by bots I never invited to the party.

The support response was a masterpiece of algorithmic poetry: "Similar emails were identified as spam."

Yes. Similar to... my own emails. That Gmail had decided were spam. Because people who never signed up said they were spam. Beautiful recursive hell.

Act III: The Sisyphean Response

So began the ritual of digital infrastructure repair. First, the honeypot field—invisible to humans, irresistible to bots. Then reCAPTCHA, because apparently we need to prove we're human to send messages to other humans now. Rate limiting, IP tracking, email verification loops...

Each defense spawning new attack vectors. The honeypot catches some bots but not others. ReCAPTCHA annoys real users while sophisticated bots solve it better than my tired subscribers at 2am. Rate limiting just means they spread the attack over longer periods.

Meanwhile, I'm writing about building autonomous AI agents that can navigate complex codebases, and I can't even build a form that knows the difference between a human and a script kiddie with a bot farm.

The real twist? My "once in a blue moon" newsletter schedule—that thoughtful, intentional pace I maintained to avoid adding to the noise—became my biggest vulnerability. No consistent sending means no domain warm-up. No domain warm-up means fragile reputation. Fragile reputation means one attack can destroy everything.

The platforms that spam daily? They're fine. Their domains are "warm." Their reputation is "established." The system rewards volume over value, frequency over thoughtfulness.

The Rusty Pipes Below

Here's what kills me: we're building AI agents, distributed systems, and elaborate protocols for machine consciousness on top of email infrastructure that was designed in 1971. We're constructing digital cathedrals on foundations made of rusty pipes full of lead.

Email—our primary protocol for human-to-human async communication—is so broken by spam that legitimate communication requires:

  • Three authentication protocols (SPF, DKIM, DMARC)
  • Reputation systems that no one fully understands
  • Warming up IP addresses like they're old diesel engines
  • Sacrificing goats to the Gmail algorithm
  • Asking your real subscribers to manually mark you as "not spam" like it's 2003

And we just... accept this? We build around it? We treat it as a cost of doing business on the internet?

I'm implementing OAuth flows for AI agents to securely access tools, designing context windows for large language models, architecting systems for machines to understand human intent... and I'm defeated by a contact form. Not because I can't build a better form—I can. But because the underlying infrastructure is so thoroughly poisoned that no amount of engineering can guarantee an email reaches its intended recipient.

The Commons We Destroyed

This is a tragedy of the commons, playing out in slow motion across every communication channel we've built. Email? Poisoned by spam. Phone calls? Drowned in robocalls. Social media? Bots all the way down. Comments sections? Abandoned wastelands.

We built these beautiful protocols for human connection, and we let them rot. Now we're building new ones—federated, decentralized, blockchain-verified, AI-mediated—on top of the same poisoned ground.

The bots that attacked my newsletter aren't evil geniuses. They're just scripts, following incentives, exploiting openings. The real tragedy isn't that they exist; it's that our infrastructure is so fragile that a few hundred fake signups can destroy years of legitimate relationship building.

The Absurdist's Response

So what do you do when the plumbing fights back? When the infrastructure you're building on is actively hostile to your existence?

You laugh at the absurdity. You implement the honeypot. You add the reCAPTCHA. You email your subscribers manually, one by one if necessary, asking them to check their spam folders like it's 1999. You rebuild your sender reputation from scratch, knowing it could be destroyed again tomorrow.

And you keep building anyway.

Because what's the alternative? Give up? Let the bots win? Accept that human communication is forever broken?

No.

We build better systems. We route around damage. We create new protocols, new platforms, new possibilities. We do it knowing the foundations are rotten, knowing we're one bot attack away from irrelevance, knowing that Gmail might decide tomorrow that all newsletters about consciousness are spam.

We build anyway.

Because somewhere between the rusty pipes and the quantum computers, between the spam filters and the artificial general intelligence, between the broken infrastructure and the promised digital transcendence... there's still something worth fighting for.

Even if we have to fight through Gmail's spam filter to get there.

P.S. If you're reading this in your spam folder, please mark it as "not spam." Not for the algorithm—though that would be nice—but as a small act of rebellion against the machines that think they know better than us what we want to read.

P.P.S. To the bots who started this whole mess: congratulations, you won this round. See you in the honeypot.

Share this post

xlinkedinthreadsredditHN

Comment on the shared post

Join the discussion where this post is shared on these platforms

xlinkedin