Appropriating reputation

One of the thing savvy spammers are doing these days is appropriating the reputation of someone else. Reputation appropriate takes many forms. Some spammers hijack windows machines, turn them into bots and send spam through major ISP smarthosts. “Legitimate email marketers” buy service from mainstream ESPs to send their permission-challenged email that they cannot get delivered through their own IP space.
There are different strategies for companies to prevent bad groups from appropriating their  reputation. For the ESP, the prime defense against reputation appropriation is screening new customers and new lists.
When screening potential customers, there are three broad categories that customers fall into. One is the legit prospect that is exactly whom they represent to you, these are the easy guys. Another is the naive mailer, who really does not have any clue about email but wants to move into the digital age. This mailer is often extremely small, but knows nothing about email. The final category is the subversive prospect. This is the company who knows exactly what they are doing, and who is actively working to hide their practices from the ESP. They are attempting to subvert the process.
Over the coming weeks I will be talking more about screening new customers and how to distinguish the naive customer from the subversive one.

MAAWG
Links to check out

Related Posts

DKIM "i=" vs "d=" and Reputation

This really should be part seven of a twelve part series or some such as it deals with an aspect of DKIM that’s really important, but is way down in the details of implementation. (dkim.org is a reasonable place to start for a general overview of DKIM).
There’s an apparently endless thread on the DKIM-SSP spec development mailing list at the moment about the differences between two fields in a DKIM signature that could be used to tie a senders reputation to. Several ESP delivery folks asked me to explain what everyone was talking about, and this post is a first cut at that.
“i=” vs “d=”
There are two possible fields in a DKIM signature that could be used to identify the sender of a message, and so to tie a sender history and reputation record to. They are the so-called “i=” and “d=” field, from the syntax used to include them in the signature.

Read More

Disposable or Temporary Addresses

Mark Brownlow has a really good post up today about disposable and temporary addresses and how they affect marketers trying to build an opt-in list.
I use tagged addresses for all my signups, and have for more than 10 years now. It lets me track who I gave an address to and if this mail is contrary to what I signed up for or the address has leaked, I can shut down mail to that address entirely.
Tagged addresses also have another function. One of our local brew pubs has a rewards program, spend money there, get points. As part of the signup process, they requested an email address. All the email I have received from them has been clearly branded, well designed, they are an example of how to use email right. That is until last week. Last week I received an email to the tagged address from some survey company. The survey company provided no branding, nothing.

Read More

Botnets

Terry Zink has been posting articles about botnets as traced by Hotmail. I do not often talk about botnets as they are outside my area of expertise. They are not something I deal with, as no one who uses botnets is welcome as a client here.
My clients and I, however, do have to deal with the fallout from botnets.  Because of botnets, receiver ISPs are extremely suspicious of mail from any IP address that they have not seen mail from previously. Mail from new IPs is, more often than not, a newly infected Windows machine. This results in mail from new IPs not starting with a reputation of zero but starting with a negative reputation.
Botnets are another example of spammers making it more difficult for mailers with permission to use email.

Read More