The good, the typical and the ugly

In the theme of the ongoing discussions about ESPs and their role in the email ecosystem, I thought I’d present some examples of how different ESPs work.
The good ESPs are those that set and enforce higher standards than the ISPs. They invest money and time in both proactive and reactive policy enforcement. On Monday I’ll talk about these standards, and the benefits of implementing these policies.
The typical ESPs are those that have standards equivalent to those of the ISPs. They suspend or disconnect customers when the customers generate problems at the ISPs. They have some proactive policy enforcement, but most of their enforcement is reactive. On Tuesday I’ll talk about these standards and how they’re perceived by the ISPs and spam filtering companies.
The ugly ESPs are those that have low standards and few enforcement policies. They let customers send mail without permission. Some of the ugly ESPs even abuse other ESPs to send some of their mail, thus sharing their bad reputations across the industry. On Wednesday I’ll look at some of their practices and discuss how they affect other players in the industry.

Related Posts

TWSD: Privacy protection for commercial domains

One of my major pet peeves is supposedly legitimate companies hiding behind privacy protection in their whois records. There is absolutely no reason for a legitimate company to do this. There are lots of reasons a non-legitimate company might want to hide behind privacy services, but I have never heard a good reason for legitimate companies to hide.
Look, a company sending any commercial email is required by law to provide a physical postal address in every email they send. What point is there, then, to hiding addresses in whois records? The only thing it does is make a sender look like a spammer. If a sender is a business, then they need to have a real business address anyway, and that address should be available in their domain registration.
It may seem like a trivial point, it may seem minor, but spammers use domain privacy services to hide the various tendrils of their businesses. They don’t want anyone to be able to tell that domain A is related to domain B is related to domain C. Proxy services let them trivially hide their identities. This is the major business use of privacy protection. Real companies don’t need to hide behind privacy services.
Using domain privacy services make senders look like spammers. One trivial thing that ISPs can do is stop providing FBLs or whitelistings to domains behind privacy services. This will weed out spammers without doing harm to real senders. Certification services can refuse to certify companies that hide their identity. My small contribution to the cause is to refuse to represent any company to an ISP if their domain is behind a privacy service.
Just to be clear, I have no problem with personal, non-business domains using privacy services. There are valid reasons individuals may want to hide their physical location. But businesses? Step up and quit hiding.
On the subject of privacy services, Mickey recently reviewed a court ruling that commented on the legality of using privacy services. The court says:

Read More

I don't have a "this is spam" button

Here at Word to the Wise we have some unique requirements for mail. For instance, I need to be able to receive examples of emails that are being blocked elsewhere in order to do my job. This means not only do we not outsource mail to someone else, we also run limited spam filtering on the server side. It does mean I have to wade through a bit more spam than others do, but that’s generally not a problem. My client side filters do a decent job at keeping most of the crud out of my mailboxes.
My work account gets very little spam in the folder I use as my inbox. I’m not even sure exactly why this is, but it’s true. One of the exceptions is a psychic (no, really) who has a copy of one of my work email addresses and she regularly spams me offering her spiritual guidance and the opportunity to buy her stuff in order to make peace within my world.  I’ve received these before, usually I just delete them and move on.
Occasionally, though, I long for the ease of a “this is spam” button. Just to be able to hit a single button, no work, no effort and know that I have registered my frustration with a spammer. Today was one of those days. I really don’t want this psychic spam in my mailbox. It seems reasonably professionally done, though, so I check the headers to see if it’s being send from any ESP I know and if it’s worth my time to send in a “hey, didn’t sign up for this, and no, I didn’t forget, either” email.
I visited the website belonging to the domain sending the mail.

Read More

A series of warnings

Over the last month there have been a number of people sounding warnings about coming changes that ESPs are going to have to deal with. There has been mixed reaction from various people, many people who hear these predictions start arguing with the speaker. Some argue that our predictions are wrong, others argue that if our predictions are right then the senders will just start acting more like spammers.
I have put together a collection of links from recent blog posts looking towards the future and how things may be changing.

Read More