The coming changes

Yesterday I talked about how I’m hearing warnings of a coming paradigm shift in the email industry. While these changes will affect all sender, ESPs in particular are going to need to change how they interact with both ISPs and their customers.
Currently, ESPs are able to act as “routine conveyers.” The traffic going across their network is generated by their customers and the ESP only handles technical issues. Responsible ESPs do enforce standards on their customers and expect mailings to meet certain targets. They monitor complaints and unknown users, they monitor blocks and reputation. If customers get out of line, then the ESP steps in and forces their customer to improve their practices. If the customer refuses, then the ESP disconnects them.
Currently standards for email are mostly dictated by the ISPs. Many ESPs take the stance that if any mail that is not blocked by the ISPs then it is acceptable. But just because a certain customer isn’t blocked doesn’t mean they’re sending mail that is wanted by the recipients.
It seems this reactive approach to customer policing may no longer be enough. In fact, one of the large spam filter providers has recently offered their customers the ability to block mail from all ESPs with a single click. This may become a more common response if the ESPs don’t start proactively policing their networks.
Why is this happening? ISPs and filtering companies are seeing increasing percentages of spam coming out of ESP netspace. Current processes for policing customers are extremely reactive and there are many ESPs that are allowing their customers to send measurable percentages of spam. This situation is untenable for the filtering companies or the ISPs and they’re sending out warnings that the ESPs need to stop letting so much spam leave their networks.
Unsurprisingly, there are many members of the ESP community that don’t like this and think the ISPs are overreacting and being overly mean. They do not think the ISPs or filtering companies should be blocking all an ESPs customers just because some of the customers are sending unwanted mail. Paraphrased, some of the things I’ve heard include:

  • But we segregate out customers onto separate IPs, why can’t they just block the spammers?
  • But we’re doing everything we can to police our customers, why can’t they just understand that?
  • What more do they expect us to do?
  • How can we stop our customers from spamming? We don’t send the mail.

The ISPs don’t really care about any of that. They’re seeing spam coming from an ESP and they expect the ESP to make it stop. This is it, ESPs, you’ve now been accepted as full members of the email ecosystem and are now expected to police the traffic coming off your IP space. It is no longer sufficient to segregate customers onto their own IPs and let the ISPs block unwanted mail. ESPs are now expected to do their own policing and their own monitoring.
This isn’t anything new. The ISPs went through this with regards to the email their customers were sending 8 years ago or so. There were ISPs that didn’t effectively police their user base. Infections, bots, spammers signing up… some ISPs would take spammer money and expect other ISPs to sort out wanted from unwanted (spam from non-spam) traffic. Finally, the non-spammer supporting ISPs got tired of it and started blocking the spammer supporting ISPs.
The widespread blocking caused a large shift in the industry. There was also a lot of Sturm und Drang about how wrong it all was and how legitimate customers were collateral damage. Despite this the message to ISPs was clear: police your networks. Policing networks proactively cost a lot of companies a lot of money as they work out how to identify bad traffic before it left their networks. They had to develop or purchase software to identify the traffic and block or mitigate it.
Now, it’s the ESPs turn. Much like happened to the ISPs years ago, the ESPs aren’t sure how to react or what they can monitor. Many ESPs do have proactive monitoring in place, but these strategies are failing. Spam is coming off some networks, and the whole network is at risk for blocking, not just the bad customers.
The truth is, though, that ESPs have as much control over their own IP space as ISPs do – and those ISPs are expected to control the amount of spam leaking out their systems. ISPs are starting to expect ESPs, who are now participants in MAAWG and IETF and such, to step up and control the amount of spam leaking out of their systems, too. This is why we’re starting to see wider blocking by ISPs and spam filters of ESPs and their customers.
There is a clear opportunity here for smart ESPs to stand out from their peers and competitors. ESPs are being told that things are changing, and how those things are going to change. How is your business going to adapt? What are you going to do to stop your customers from sending spam?

Related Posts

The delivery communication gap

There seems to be a general uptick in the number of specific questions that ESPs and commercial senders are asking recently. I’m getting them from clients, and I’m hearing similar stories from my various contacts over on the ISP side. The questions cover a wide range of areas in email delivery, but the underlying issue is really that there are no real fixed rules about email delivery anymore. The only rule is “send mail users want to receive” and there are no specific guidelines to how to do that.
This is frustrating for a lot of people. They want to know exactly how many complaints they need to stay under. They want to know what “engagement” means and how exactly the ISPs are measuring it. They want to know all of the metrics they need to meet in order to get mail to the inbox.
There is a lot of frustration among senders because they’re not getting the answers they think they need and they feel like the ISPs aren’t listening to them.
Likewise there is a lot of frustration among ISPs because they’re giving answers but they feel like they’re not being heard.
Some of the problem is truly a language difference. A lot of delivery people on the ESP side are marketers first and technologists second. They don’t have operational experience. They don’t have that any feel for the technology behind email and can’t map different failure modes onto their causes. Some of them don’t have any idea how email works under the covers. Likewise, a lot of postmaster people are technologists. They deeply understand their customers and their email servers and don’t speak marketing.
The other issue is the necessary secrecy. Postmasters have been burned in the past and so they have to be vague about what variables they are measuring and how they are weighting them.
All of this leads to a very adversarial environment.
I’ve been talking with a lot of people about this and none of us have any real answers to the solution. Senders say the ISPs should spend more time explaining to the senders what they need to do. ISPs say the senders should stop sending spam.
Am I quite off base here? Is there no communication gap? Am I just cynical and missing some obvious solution? Anyone have any suggestions on how to solve the issue?

Read More

Controlling delivery

How much control over delivery do senders have? I have repeatedly said that senders control their delivery. This is mostly true. Senders control their side of the delivery chain, but there is a point where the recipient takes over and controls things.
As a recipient I can

Read More

Problems at Cox: Resolved

People mailing to Cox in the wee hours of this morning may have received a rejection message citing the Invaluement DNSBL.
554 IMP a.b.c.d blocked.  IPBL100 – Refer to Error Codes section at http://postmaster.cox.net for more information.
I spoke with one of the folks at Cox and they said there was an error in the implementation causing non-listed IPs to be rejected erroneously between about 4am to 8am (Eastern) this morning.  The problem has been resolved as of 8am, and all traffic is flowing  normally.  The also stated that attempts to resend any blocked messages will succeed. They do apologize for any problems this may have caused.
For those of you with aggressive bounce handling, removing addresses after a single 550 bounce, you will also want to re-enable any cox.net subscribers that bounced off during this configuration problem.

Read More