Blocked for phishing

A couple clients recently have had bounces from different places indicating that their mails were caught by the recipients’ anti-virus filter. These are some of my better clients sending out daily newsletters. They’ve been mailing for years and I know that they are not phishing. They asked me to investigate the bounce messages.
The information I had to work with was minimal. One bounce said:

The AntiVirus server has detected the Phishing.Heuristics.Email.SpoofedDomain virus in an email sent to you, allegedly sent by bounces*@customer.example.com. This email address may, or may not, be the originating source, as some viruses can hijack address books and in turn, send email with any of those addresses. Please take note that this virus has been destroyed and this email is a notification of virus activity and is itself virus free.

The other bounce said:

The message senders were
bounce*@bounce.example.com
Today@example.com.com

and they have been notified that they have sent a potential virus.
The message title was Customer: Subject line from email. The message date was Tue, 23 Jun 2009 12:16:13 – The virus or unauthorized code identified in the email is >>> Possible MalWare ‘Exploit/Phishing-amazon-04ee’ found in ‘5832897_2X_PM2_EMQ_MH__message.htm’. Heuristics score: 202
The real clue came when I looked at the emails that triggered the bounce. In both cases, my clients were linking to Amazon.com with a re-director link. There are many filters out there that look at the visible text of a link and compare it with the link target. If the link points to one domain like a re-director but the visible text points to another, this may trigger some spam or virus filters to intercept the email.
My experience suggests this happens more often when the domain used in the visible text is one of those domains that are heavily phished: amazon.com, ebay.com, bank websites, etc. The solution is to not include a domain name in the visible text portion of a link. Instead of “Go buy the DVDs at <a href=”http://www.example.com/linkdomain/”>Amazon.com</a>,” change the link to “Go <a href=”http://www.example.com/linkdomain/”>buy the DVDs</a> at Amazon.com.”  Same content, same call to action, but no chance of the email getting caught in a phish filter.

12% of email recipients respond to spam
Yahoo fixed XBL problem

Related Posts

Link Roundup

Why email marketers are hated. A group of Ontario spammers finds Ken Magill’s email address and spams him. Repeatedly.
New docs in e360 v. Spamhaus. The judge threw out the after-the-fact affidavit from e360, but did not grant Spamhaus’ motion for summary judgment. Looks like this might end up at trial after all.
Oral arguments in Zango v. Kaspersky. I have been following this a little because SamSpade for Windows was classified as malware by one vendor a long time ago.
New books on email marketing.
Anything interesting people have seen that I missed?

Read More

Soft bounces and rate limiting

What is your policy for handling soft bounces? What do you consider a soft bounce? What is the right thing to do about soft bounces?
The first step in talking about soft bounces is to define them. When I talk about soft bounces, I mean mail that has been rejected with a 4xx response during the SMTP transaction. As described by RFC5321, when a recipient MTA responds with a 4xx it is telling the sending MTA “Wait! I can’t take this mail right now. Come back a little later and try again.” The sending MTA will then continue to attempt to deliver the message until either it is delivered or until it hits the max delivery time, usually 3 – 5 days.
In a well behaved and RFC compliant MTA, messages that have reached the maximum time without delivery due to 4xx rejections will be converted to permanent rejections (5xx). With a correct MTA, this means too many emails in a row timing out shoud result in an email address being removed from future mailings.
For a number of reasons some ISPs, notably Yahoo, are using 4xx responses to slow down mail from some senders. Many senders treat this as a inconvenience and a frustration and try to figure out how to get around the rate limiting. The UK DMA published an article on soft bounces with the following words of wisdom.

Read More

Links Post

Lifecycle Marketing on Bronto Blog. A good summary of issues in marketing to customers as they move through a relationship with recipients.
Blocked email: why me? on Cloudmark’s blog. A good introduction to blocking issues.
Tamara’s links for 4/16. She’s found a lot of good posts here, including multiple posts about unsubscribes and others on improving your email marketing program.
Speaking of unsubscribes, Loren McDonald discusses how the location of the unsubscribe link can affect reputation and email performance.

Read More